TY - GEN
T1 - Formal Verification of the Authentication and Voice Communication Protocol Security on Device X Using Scyther Tool
AU - Fikri, Muhamad al
AU - Ramli, Kalamullah
AU - Sudiana, Dodi
PY - 2021/2/1
Y1 - 2021/2/1
N2 - In the current era, the ownership of strategic information and the ability to effectively manage it has become a significant advantage. Reflecting on the experience of attacks on strategic communications in Indonesia, including the tapping of the former President Susilo Bambang Yudhoyono's conversation through the cellular network and President Jokowi's official residence, Indonesia has begun paying more attention to security in this sector. Device X is one of the secret strategic communication tools used in Indonesia. The XYZ Agency initiated the use of this device. As of 2020, there have been 1,284 units of Device X widely used by the army, police officers, and other strategic agencies in Indonesia. In its 5 years of operation, the XYZ Agency has researched the algorithm security used in Device X. However, there has never been a study of thwe security regarding the authentication and communication protocols of this device. This research aims to make a security analysis of voice communication and authentication protocols of Device X. The research was implemented using Scyther Tool as a formal verification approach. The analysis focuses on guaranteeing the confidentiality of information and authentication with four criteria, namely, secrecy, aliveness, synchronization, and agreement. The experimental results demonstrate that the authentication and voice communication protocol of Device X satisfy the secrecy criteria for transmitted confidential information but does not satisfy the criteria of aliveness, synchronization, and agreement on several entities involved in the protocol. Thus, it can be claimed that the authentication and voice communication protocol of Device X is provably secure based on the confidentiality aspect of information but is not secure in terms of authentication.
AB - In the current era, the ownership of strategic information and the ability to effectively manage it has become a significant advantage. Reflecting on the experience of attacks on strategic communications in Indonesia, including the tapping of the former President Susilo Bambang Yudhoyono's conversation through the cellular network and President Jokowi's official residence, Indonesia has begun paying more attention to security in this sector. Device X is one of the secret strategic communication tools used in Indonesia. The XYZ Agency initiated the use of this device. As of 2020, there have been 1,284 units of Device X widely used by the army, police officers, and other strategic agencies in Indonesia. In its 5 years of operation, the XYZ Agency has researched the algorithm security used in Device X. However, there has never been a study of thwe security regarding the authentication and communication protocols of this device. This research aims to make a security analysis of voice communication and authentication protocols of Device X. The research was implemented using Scyther Tool as a formal verification approach. The analysis focuses on guaranteeing the confidentiality of information and authentication with four criteria, namely, secrecy, aliveness, synchronization, and agreement. The experimental results demonstrate that the authentication and voice communication protocol of Device X satisfy the secrecy criteria for transmitted confidential information but does not satisfy the criteria of aliveness, synchronization, and agreement on several entities involved in the protocol. Thus, it can be claimed that the authentication and voice communication protocol of Device X is provably secure based on the confidentiality aspect of information but is not secure in terms of authentication.
UR - https://iopscience.iop.org/article/10.1088/1757-899X/1077/1/012057
U2 - 10.1088/1757-899X/1077/1/012057
DO - 10.1088/1757-899X/1077/1/012057
M3 - Conference contribution
VL - 1077
SP - 012057
BT - The 5th International Conference on Information Technology and Digital Applications (ICITDA 2020)
ER -