CPDY: Extending the Dolev-Yao Attacker with Physical-Layer Interactions

• Published in: Formal Methods and Software Engineering Vol. 10009; pp. 175 - 192
• Main Authors: Rocchetto, Marco, Tippenhauer, Nils Ole
• Format: Book Chapter
• Language: English
• Published: Switzerland Springer International Publishing AG 2016; Springer International Publishing
• Series: Lecture Notes in Computer Science
• Subjects: Attack Model; Computer programming / software development; Encryption Scheme; Horn Clause; Programming & scripting languages: general; Security Analysis; Security Protocol; Software Engineering
• ISBN: 9783319478456; 3319478451
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-319-47846-3_12

We propose extensions to the Dolev-Yao attacker model to make it suitable for arguments about security of Cyber-Physical Systems. The Dolev-Yao attacker model uses a set of rules to define potential actions by an attacker with respect to messages (i.e. information) exchanged between parties during a protocol execution. As the traditional Dolev-Yao model considers only information (exchanged over a channel controlled by the attacker), the model cannot directly be used to argue about the security of cyber-physical systems where physical-layer interactions are possible. Our Dolev-Yao extension, called Cyber-Physical Dolev-Yao (CPDY), allows additional orthogonal interaction channels between the parties. In particular, such orthogonal channels can be used to model physical-layer mechanical, chemical, or electrical interactions between components. In addition, we discuss the inclusion of physical properties such as location or distance in the rule set. We present an example set of additional rules for the Dolev-Yao attacker, using those we are able to formally discover physical attacks that previously could only be found by empirical methods or detailed physical process models.