Event-B based invariant checking of secrecy in group key protocols

Abstract

The correctness of group key protocols in communication systems remains a great challenge because of dynamic characteristics of group key construction as we deal with an open number of group members. In this paper, we propose a solution to model group key protocols and to verify their required properties, in particular secrecy property, using the event-B method. Event-B deals with tools allowing invariant checking, and can be used to verify group key secrecy property. We define a well-formed formal link between the group protocol model and the event-B counterpart model. Our approach is applied on a tree-based group Diffie-Hellman protocol that dynamically outputs group keys using the logical structure of a balanced binary tree.