Towards formal verification of IoT protocols: A Review

“…Due to the rapid development and evolving nature of technologies and their associated communication protocols, a large number of security protocols have been developed and deployed in order to provide secure communication [ 8 ]. The analysis of security protocols is becoming increasingly difficult for manual and analytical techniques like ’Gong–Needham–Yahalom’ (also called the GNY) logic and ’Burrows-Abadi-Needham’ (also called the BAN) logic [ 18 ]. Therefore, the formal analysis of the security protocol relies more on an automated falsification or verification of such protocols using state-of-the-art tools such as the ProVerif or AVISPA [ 34 ] tools, which have been shown to be effective at finding attacks on protocols (AVISPA) or establishing the correctness of protocols (ProVerif).…”

“…Therefore, the formal analysis of the security protocol relies more on an automated falsification or verification of such protocols using state-of-the-art tools such as the ProVerif or AVISPA [ 34 ] tools, which have been shown to be effective at finding attacks on protocols (AVISPA) or establishing the correctness of protocols (ProVerif). One of the improved and automated security claim verification tools used in the literature is Scyther [ 18 , 19 , 35 , 36 ], which is based on a pattern refinement algorithm, which can provide concise representations of (infinite) sets of attack traces. In this experiment, Scyther is used to perform the security analysis of the GOOSE communication protocol.…”

“…The GOOSE protocol description was written in the Security Protocol Description Language (SPDL) [ 18 ] semantics to interpret the communication flow of the protocol in a Scyther understandable format. As illustrated in Figure 6 , the GOOSE communication flow starts from OP5600 by sending three user-defined parameters below, named the Protocol Data Unit (PDU), to the publisher.…”

“…A rigorous verification is made of the GOOSE protocol using both automatic and manual security analysis using Scyther. There are various automated security claim verification tools whose detailed reviews can be found in [ 18 , 19 ]. Scyther [ 18 , 20 ] has a number of advantages including its effectiveness for different attack cases, support for multiple protocols, its operational semantics of security protocols, etc.…”

“…There are various automated security claim verification tools whose detailed reviews can be found in [ 18 , 19 ]. Scyther [ 18 , 20 ] has a number of advantages including its effectiveness for different attack cases, support for multiple protocols, its operational semantics of security protocols, etc. Although other security verification techniques can also be used, in this article, the Scyther tool is utilized where a rigorous security verification of the GOOSE protocol is found using both automatic and manual security analysis.…”

Vulnerability and Impact Analysis of the IEC 61850 GOOSE Protocol in the Smart Grid

“…Due to the rapid development and evolving nature of technologies and their associated communication protocols, a large number of security protocols have been developed and deployed in order to provide secure communication [ 8 ]. The analysis of security protocols is becoming increasingly difficult for manual and analytical techniques like ’Gong–Needham–Yahalom’ (also called the GNY) logic and ’Burrows-Abadi-Needham’ (also called the BAN) logic [ 18 ]. Therefore, the formal analysis of the security protocol relies more on an automated falsification or verification of such protocols using state-of-the-art tools such as the ProVerif or AVISPA [ 34 ] tools, which have been shown to be effective at finding attacks on protocols (AVISPA) or establishing the correctness of protocols (ProVerif).…”

“…Therefore, the formal analysis of the security protocol relies more on an automated falsification or verification of such protocols using state-of-the-art tools such as the ProVerif or AVISPA [ 34 ] tools, which have been shown to be effective at finding attacks on protocols (AVISPA) or establishing the correctness of protocols (ProVerif). One of the improved and automated security claim verification tools used in the literature is Scyther [ 18 , 19 , 35 , 36 ], which is based on a pattern refinement algorithm, which can provide concise representations of (infinite) sets of attack traces. In this experiment, Scyther is used to perform the security analysis of the GOOSE communication protocol.…”

“…The GOOSE protocol description was written in the Security Protocol Description Language (SPDL) [ 18 ] semantics to interpret the communication flow of the protocol in a Scyther understandable format. As illustrated in Figure 6 , the GOOSE communication flow starts from OP5600 by sending three user-defined parameters below, named the Protocol Data Unit (PDU), to the publisher.…”

“…A rigorous verification is made of the GOOSE protocol using both automatic and manual security analysis using Scyther. There are various automated security claim verification tools whose detailed reviews can be found in [ 18 , 19 ]. Scyther [ 18 , 20 ] has a number of advantages including its effectiveness for different attack cases, support for multiple protocols, its operational semantics of security protocols, etc.…”

“…There are various automated security claim verification tools whose detailed reviews can be found in [ 18 , 19 ]. Scyther [ 18 , 20 ] has a number of advantages including its effectiveness for different attack cases, support for multiple protocols, its operational semantics of security protocols, etc. Although other security verification techniques can also be used, in this article, the Scyther tool is utilized where a rigorous security verification of the GOOSE protocol is found using both automatic and manual security analysis.…”

Vulnerability and Impact Analysis of the IEC 61850 GOOSE Protocol in the Smart Grid

Formal Modeling: A Step Forward to Cyber Secure Connected Car Systems

Formal Specification and Verification of Timing Behavior in Safety-Critical IoT Systems