Security Analysis of Parlay/OSA Framework

R.J. Corin, G. Di Caprio, Sandro Etalle, S. Gnesi, Gabriele Lenzini, C. Moiso

    Research output: Book/ReportReportOther research output

    7 Downloads (Pure)

    Abstract

    This paper analyzes the security of the Trust and Security Management (TSM) protocol, an authentication protocol which is part of the Parlay/OSA Application Program Interfaces (APIs). Architectures based on Parlay/OSA APIs allow third party service providers to develop new services that can access, in a controlled and secure way, to those network capabilities offered by the network operator. Role of the TSM protocol, run by network gateways, is to authenticate the client applications trying to access and use the network capabilities features offered. For this reason potential security flaws in its authentication strategy can bring to unauthorized use of network with evident damages to the operator and to the quality of services. This paper shows how a rigorous formal analysis of TSM underlines serious weaknesses in the model describing its authentication procedure. The paper relates about the design activity of the formal model, the tool-aided verification performed and the security flaws discovered. This will allow us to discuss about how the security of the TSM protocol can be generally improved.
    Original languageUndefined
    Place of PublicationEnschede
    PublisherCentre for Telematics and Information Technology (CTIT)
    Number of pages13
    Publication statusPublished - Aug 2004

    Publication series

    NameCTIT technical report series
    PublisherUniversity of Twente, Centre for Telematics and Information Technology (CTIT)
    No.TR-CTIT-04-37

    Keywords

    • SCS-Cybersecurity
    • IR-56989
    • EWI-5769

    Cite this

    Corin, R. J., Di Caprio, G., Etalle, S., Gnesi, S., Lenzini, G., & Moiso, C. (2004). Security Analysis of Parlay/OSA Framework. (CTIT technical report series; No. TR-CTIT-04-37). Enschede: Centre for Telematics and Information Technology (CTIT).
    Corin, R.J. ; Di Caprio, G. ; Etalle, Sandro ; Gnesi, S. ; Lenzini, Gabriele ; Moiso, C. / Security Analysis of Parlay/OSA Framework. Enschede : Centre for Telematics and Information Technology (CTIT), 2004. 13 p. (CTIT technical report series; TR-CTIT-04-37).
    @book{851577a5fe7c418c89f97df5c1215bd9,
    title = "Security Analysis of Parlay/OSA Framework",
    abstract = "This paper analyzes the security of the Trust and Security Management (TSM) protocol, an authentication protocol which is part of the Parlay/OSA Application Program Interfaces (APIs). Architectures based on Parlay/OSA APIs allow third party service providers to develop new services that can access, in a controlled and secure way, to those network capabilities offered by the network operator. Role of the TSM protocol, run by network gateways, is to authenticate the client applications trying to access and use the network capabilities features offered. For this reason potential security flaws in its authentication strategy can bring to unauthorized use of network with evident damages to the operator and to the quality of services. This paper shows how a rigorous formal analysis of TSM underlines serious weaknesses in the model describing its authentication procedure. The paper relates about the design activity of the formal model, the tool-aided verification performed and the security flaws discovered. This will allow us to discuss about how the security of the TSM protocol can be generally improved.",
    keywords = "SCS-Cybersecurity, IR-56989, EWI-5769",
    author = "R.J. Corin and {Di Caprio}, G. and Sandro Etalle and S. Gnesi and Gabriele Lenzini and C. Moiso",
    note = "Imported from CTIT",
    year = "2004",
    month = "8",
    language = "Undefined",
    series = "CTIT technical report series",
    publisher = "Centre for Telematics and Information Technology (CTIT)",
    number = "TR-CTIT-04-37",
    address = "Netherlands",

    }

    Corin, RJ, Di Caprio, G, Etalle, S, Gnesi, S, Lenzini, G & Moiso, C 2004, Security Analysis of Parlay/OSA Framework. CTIT technical report series, no. TR-CTIT-04-37, Centre for Telematics and Information Technology (CTIT), Enschede.

    Security Analysis of Parlay/OSA Framework. / Corin, R.J.; Di Caprio, G.; Etalle, Sandro; Gnesi, S.; Lenzini, Gabriele; Moiso, C.

    Enschede : Centre for Telematics and Information Technology (CTIT), 2004. 13 p. (CTIT technical report series; No. TR-CTIT-04-37).

    Research output: Book/ReportReportOther research output

    TY - BOOK

    T1 - Security Analysis of Parlay/OSA Framework

    AU - Corin, R.J.

    AU - Di Caprio, G.

    AU - Etalle, Sandro

    AU - Gnesi, S.

    AU - Lenzini, Gabriele

    AU - Moiso, C.

    N1 - Imported from CTIT

    PY - 2004/8

    Y1 - 2004/8

    N2 - This paper analyzes the security of the Trust and Security Management (TSM) protocol, an authentication protocol which is part of the Parlay/OSA Application Program Interfaces (APIs). Architectures based on Parlay/OSA APIs allow third party service providers to develop new services that can access, in a controlled and secure way, to those network capabilities offered by the network operator. Role of the TSM protocol, run by network gateways, is to authenticate the client applications trying to access and use the network capabilities features offered. For this reason potential security flaws in its authentication strategy can bring to unauthorized use of network with evident damages to the operator and to the quality of services. This paper shows how a rigorous formal analysis of TSM underlines serious weaknesses in the model describing its authentication procedure. The paper relates about the design activity of the formal model, the tool-aided verification performed and the security flaws discovered. This will allow us to discuss about how the security of the TSM protocol can be generally improved.

    AB - This paper analyzes the security of the Trust and Security Management (TSM) protocol, an authentication protocol which is part of the Parlay/OSA Application Program Interfaces (APIs). Architectures based on Parlay/OSA APIs allow third party service providers to develop new services that can access, in a controlled and secure way, to those network capabilities offered by the network operator. Role of the TSM protocol, run by network gateways, is to authenticate the client applications trying to access and use the network capabilities features offered. For this reason potential security flaws in its authentication strategy can bring to unauthorized use of network with evident damages to the operator and to the quality of services. This paper shows how a rigorous formal analysis of TSM underlines serious weaknesses in the model describing its authentication procedure. The paper relates about the design activity of the formal model, the tool-aided verification performed and the security flaws discovered. This will allow us to discuss about how the security of the TSM protocol can be generally improved.

    KW - SCS-Cybersecurity

    KW - IR-56989

    KW - EWI-5769

    M3 - Report

    T3 - CTIT technical report series

    BT - Security Analysis of Parlay/OSA Framework

    PB - Centre for Telematics and Information Technology (CTIT)

    CY - Enschede

    ER -

    Corin RJ, Di Caprio G, Etalle S, Gnesi S, Lenzini G, Moiso C. Security Analysis of Parlay/OSA Framework. Enschede: Centre for Telematics and Information Technology (CTIT), 2004. 13 p. (CTIT technical report series; TR-CTIT-04-37).