Formal security analysis of registration protocols for interactive systems: a methodology and a case of study

In this work we present and formally analyze CHAT-SRP (CHAos based Tickets-Secure Registration Protocol), a protocol to provide interactive and collaborative platforms with a cryptographically robust solution to classical security issues. Namely, we focus on the secrecy and authenticity properties while keeping a high usability. In this sense, users are forced to blindly trust the system administrators and developers. Moreover, as far as we know, the use of formal methodologies for the verification of security properties of communication protocols isn’t yet a common practice. We propose here a methodology to fill this gap, i.e., to analyse both the security of the proposed protocol and the pertinence of the underlying premises. In this concern, we propose the definition and formal evaluation of a protocol for the distribution of digital identities. Once distributed, these identities can be used to verify integrity and source of information. We base our security analysis on tools for automatic verification of security protocols widely accepted by the scientific community, and on the principles they are based upon. In addition, it is assumed perfect cryptographic primitives in order to focus the analysis on the exchange of protocol messages. The main property of our protocol is the incorporation of tickets, created using digests of chaos based nonces (numbers used only once) and users’ personal data. Combined with a multichannel authentication scheme with some previous knowledge, these tickets provide security during the whole protocol by univocally linking each registering user with a single request. [..]

💡 Research Summary

The paper addresses the longstanding problem of securely registering users in interactive and collaborative platforms, where traditional registration mechanisms often rely on blind trust in system administrators and suffer from usability drawbacks. To overcome these issues, the authors propose a novel protocol called CHAT‑SRP (Chaos‑based Tickets‑Secure Registration Protocol) and present a comprehensive formal security analysis that validates its secrecy and authentication properties.

The core of CHAT‑SRP is the introduction of a “ticket” that binds a user’s personal data with a chaos‑generated nonce through a cryptographic hash. This ticket is single‑use and uniquely links each registration request to a specific user, preventing replay attacks. The protocol also incorporates a multichannel authentication step, typically combining something the user knows (e.g., a password) with something the user possesses (e.g., an SMS‑delivered OTP or a hardware token). By requiring simultaneous verification across multiple channels, the design raises the bar for adversaries attempting phishing or man‑in‑the‑middle attacks.

The authors adopt a rigorous methodology that begins with a clear threat model based on the Dolev‑Yao adversary, assumes perfect cryptographic primitives, and focuses solely on the message flow. They model the protocol in the applied pi‑calculus and use two widely accepted automatic verification tools—ProVerif and AVISPA—to check two primary security goals: (1) secrecy of the session key and ticket contents, and (2) authentication that only a legitimate user can successfully complete the registration and obtain a digital identity. The verification scripts encode the generation of the chaos nonce, the construction of the ticket, and the multichannel challenge‑response exchange.

Both tools confirm that under the stated assumptions no attacker can derive the secret values or impersonate a user. The analysis also demonstrates that the ticket cannot be reused or altered without detection, because any modification would break the hash binding to the original nonce and user data. The multichannel step further guarantees that an attacker lacking at least one of the required out‑of‑band channels cannot satisfy the protocol, effectively mitigating social engineering attacks.

The paper discusses several strengths of the approach. First, the ticket mechanism provides a clean, provable link between a request and a user, eliminating a common source of replay vulnerabilities. Second, the use of chaos‑based nonces introduces high entropy and unpredictability, strengthening the secrecy of the exchanged values. Third, multichannel authentication adds a practical layer of defense that aligns with modern security best practices.

Limitations are also acknowledged. The analysis relies on the perfect‑cryptography assumption; in real deployments, the quality of the random number generator and key management practices become critical. The requirement for multiple communication channels may be infeasible in environments with limited infrastructure, potentially restricting the protocol’s applicability. Finally, the performance evaluation is limited to symbolic verification; concrete measurements of latency, computational overhead, and scalability in large‑scale systems are not provided.

In conclusion, the authors present a well‑structured methodology that integrates protocol design, formal modeling, and automatic verification, delivering a registration protocol that simultaneously addresses security, usability, and provable correctness. The paper’s contribution lies not only in the specific design of CHAT‑SRP but also in demonstrating how formal methods can be systematically applied to the development of practical security solutions. Future work is suggested in the areas of real‑world implementation, performance benchmarking, hardware‑based chaos generators, and extending the ticket concept to support single‑sign‑on across multiple services.