Formal Verification of a Security Protocol in Vehicular Communication

Abstract

A Master of Science thesis in Computer Engineering by Mohamed Adel Almaazmi entitled, “Formal Verification of a Security Protocol in Vehicular Communication”, submitted in April 2025. Thesis advisor is Dr. Dana Dghaym. Soft copy is available (Thesis, Completion Certificate, Approval Signatures, and AUS Archives Consent Form).Vehicular communication systems enable vehicles to exchange critical information with other traffic participants, infrastructure, and networks, offering significant benefits for road safety and transportation efficiency. However, designing secure Vehicle-to-Everything (V2X) protocols presents unique challenges as they must simultaneously ensure message authenticity, protect user privacy, prevent attacks, and maintain low computational overhead for time-sensitive applications. Formal verification of these protocols is essential but traditionally complex, as it requires reasoning about both cryptographic mechanisms and system-level properties. This thesis presents a novel complementary verification approach that combines two formal verification tools, Tamarin Prover for cryptographic analysis with Event-B for system refinement to comprehensively verify V2X security protocols. Using the Anonymous and Efficient (AEE) protocol as a case study, we develop a systematic methodology for translating between formal models, leveraging Tamarin's strength in adversarial reasoning and Event-B's structured refinement capabilities. Our refinement-based approach moves from abstract communication to concrete protocol mechanisms, with Tamarin serving as a cryptographic extension of the most concrete Event-B level. Through this methodology, we verify the AEE protocol's anonymity, traceability, event linkability, and unlinkability properties, while identifying critical requirements not explicit in the original protocol specification, including token-event binding constraints and authority separation mechanisms. The dual-method verification reveals structural insights that would be difficult to obtain using either method alone, providing implementation guidance for secure V2X deployments and establishing a generalized approach for verifying security protocols with complex system interactions. Our results demonstrate that complementary formal methods can provide stronger verification assurance than single-method approaches for safety-critical V2X security protocols.College of EngineeringDepartment of Computer Science and EngineeringMaster of Science in Computer Engineering (MSCoE