Security Analysis of the Universal Physical Access Control System (UPACS)  
Author Clyde Carryl


Co-Author(s) Bassem Alhalabi; Taghi Khoshgoftaar


Abstract The Universal Access Control System (UPACS) is a communication protocol designed to provide secure access to remote physical devices over an untrusted communication network, where it could be subjected to eavesdropping, unauthorized modification of its messages, and other forms of tampering by attackers. We modeled the protocol in the Typed Pi Calculus language and used the formal protocol verification tool Proverif to examine the protocol’s response to several known forms of security attack. We found that the protocol is resilient to Attacks on User Privacy and Anonymity, Session Key Security Attacks, De-Synchronization Attacks, Replay Attacks, Eavesdropping Attacks, Denial-of-Service Attacks, and User and Server Masquerade Attacks. In addition, the design of the protocol precluded exposure to other forms of security attack, included Password Guessing Attacks, Stolen Verifier Attacks and Stolen Password Attacks.


Keywords Communication Protocol Security Analysis, Physical Access Control Protocol, UPACS Formal Verification, Asset Security, Remote Access
    Article #:  21156
Proceedings of the 21st ISSAT International Conference on Reliability and Quality in Design
August 6-8, 2015 - Philadelphia, Pennsylvia, U.S.A.