Yuelei XIAO,Zhixiang ZHU,Yong ZHANG

DOI: https://doi.org/10.13682/j.issn.2095-6533.2015.05.003

2015-01-01

Abstract:By analyzing the process of security protocols,the definition of driving module (DM) is introduced,and then regular and penetrator DMs are formed according to the Strand Space Model (SSM).Based on this,a DM-based model checking method is proposed.Theoretical analysis indicates that this method is prefect in terms of searching breadth and depth,and can avoid the state space explosion problem.Therefore,this method can be used not only to get the attack scenarios of a flawed security protocol,but also to prove that an unflawed security protocol is secure.Moreover,the Otway-Rees protocol and the TLS protocol are analyzed based on this method.As a result,various attack scenarios of the Otway-Rees protocol are discovered and two secure improved Otway-Rees protocols are put forward,and therefore the TLS protocol is proved to be secure.

QIAN Yong,ZHANG Yong,BAI Yingcai

DOI: https://doi.org/10.3969/j.issn.1000-3428.2001.03.008

2001-01-01

Abstract:An approach which made use of running modes of two-party cryptographic protocols to analyze protocols was put forwarded in [1]. Through some counter-examples, we found flaws in the approach. In this paper, an efficient method is developed, which matchs faked messages with received set of attacks,messages in other run of protocol. Using the method, we found holes of some cryptographic protocols successly.

ZHANG Yu-qing,WANG Lei,XIAO Guo-zhen,WU Jian-ping

2000-01-01

Journal of Software

Abstract:It is an important and hard problem in the area of computer network security to analyze cryptographic protocols. A methodology is presented using a model checke r of formal methods, SMV (symbolic model verifier), to analyze the well known Ne edham-Schroeder Public-Key Protocol. The SMV is used to discover an attack upo n the protocol, which has never been discovered by BAN logic. Finally, the proto col is adapted, and then the SMV is used to show that the new protocol is secure .

Yan Xiong,Cheng Su,Wenchao Huang,Fuyou Miao,Wansen Wang,Hengyi Ouyang

DOI: https://doi.org/10.48550/arxiv.1807.00669

2018-01-01

Abstract:Current formal approaches have been successfully used to find design flaws in many security protocols. However, it is still challenging to automatically analyze protocols due to their large or infinite state spaces. In this paper, we propose a novel framework that can automatically verifying security protocols without any human intervention. Experimental results show that SmartVerif automatically verifies security protocols that cannot be automatically verified by existing approaches. The case study also validates the effectiveness of our dynamic strategy.

Liu Dongxi,Li Xiaoyong,Bai Yingcai

DOI: https://doi.org/10.1007/bf02943285

IF: 1.871

2002-01-01

Journal of Computer Science and Technology

Abstract:This paper proposes an, automatic attack construction algorithm in order to find potential attacks on security protocols. It is based on a dynamic strand space model, which enhances the original strand space model by introducing active nodes on strands so as to characterize the dynamic procedure of protocol execution. With exact causal dependency relations between messages considered in the model, this algorithm can avoid state space explosion caused by asynchronous composition. In order to get a finite state space, a new method called strand-added on demand is exploited, which extends a bundle in an incremental manner without requiring explicit configuration of protocol execution parameters. A finer granularity model of term structure is also introduced, in which subterms are divided into check subterms and data subterms. Moreover, data subterms can be further classified based on the compatible data subterm relation to obtain automatically the finite set of valid acceptable terms for an honest principal. In this algorithm, terms core is designed to represent the intruder’s knowledge compactly, and forward search technology is used to simulate attack patterns easily. Using this algorithm, a new attack on the Dolve-Yao protocol can be found, which is even more harmful because the secret is revealed before the session terminates.

Qin Li,Fan Yang,Huibiao Zhu,Longfei Zhu

DOI: https://doi.org/10.1109/csie.2009.64

2009-01-01

Abstract:Kerberos protocol is one of the popular security protocols used to authenticate the identities of the communication participants. The key distribution mechanism in this protocol is suitable for other secure applications. We formalize the protocol using CSP methods. Based on the formal model, the mechanism of the protocol is exposed to us clearly. Principles and tools support the verification of the formal model. In that way, we can prove that the system protected by the protocol is indeed secure as it declared. The reasons for security can be fixed out formally as a reference to analyzing other protocols.

Qianli Zhang,Xing Li

1999-01-01

Abstract:In order to present large-scale malicious attacks on an ISP network to maintain network services, we have designed a method to record key packets classified by sessions. Session is the service provided above the IP layer. We define a TCP connection a session, a UDP packet exchange a session, or echo and echo response of ICMP to be a session. The research of network attack/intrusion/information collection has shown that most of the illegal action performed would have something special ongoing in such sessions. For example, winnuke will send OOB packets to the 139 port of a host; most of the platform detection will use strange packets too. Not only the strange packets itself, but the sequence of such packets going through the network indicate the attack. For example, teardrop will transmit packets that have abnormal fragment offset in the second packet, then cause some platform to crash. Some patterns of sessions will be created by flood based attack/information collection. For example, the SYN flood will create a pile SYN-SYN ACK-RST packets in the network, and most of scan tools will create several kind of patterns in the network, all of these patterns indicate the failure of the connection, these include SYN-SYN ACK-RST and SYN-RST and SYNICMP Unreachable message. Based on this thought, we have designed the session-state transition analysis. We will define some packets as the indication of the session state. The happening of such packets causes the change of the session state. When comparing with the predefined rules, we will detect most of the DOS attacks. Another approach is to store these session states transition patterns into a database; thus we can calculate the happening rates of some specific patterns. Compared with the average level, abnormal high happening rates often indicate the possible attack or information collection. For example, we can collect a site’s all sessions' SYN-SYN ACK-RST pattern to decide whether a normal scan had happened. The implementation includes four parts. The first is the data collection part, which collects and unwraps packets passing through the network; the second part is the signature matching part, which will match the packet signature, to filter only the specified packets; the third part will cluster such pa ckets into sessions, and store the session specific signature chain and check whether a rule based match is satisfied; the fourth part will flush the session data into a database, and check whether a statistical based anomaly has happened. Using such kind of techniques has several basic advantages. The first is not to violate privacy, since we are interested in only packet header to know whether a state has changed, to inspect header only also make this implementation efficient and fit for a large scale network. The other advantage is to avoid the headache to set the threshold of a statistical approach. Most scan detection tools (For example, gabriel) will calculate the burst of connections. New scan technique has appeared to avoid burst of connections, for example, slow scan and stealthy scan. Set a proper threshold is much more difficult for a large-scale network. For rule based analysis, since we use the state transition to detect intrusion, we could predict the happening of some attacks in a premature stage. The future approach includes the content analysis based IDS, especially the remote buffer overflow detection. This part of research is underway.

Michele Boreale,Maria Grazia Buscemi

DOI: https://doi.org/10.1016/j.tcs.2005.03.044

IF: 1.002

2005-06-01

Theoretical Computer Science

Abstract:In security protocols, message exchange between the intruder and honest participants induces a form of state explosion which makes protocol models infinite. We propose a general method for automatic analysis of security protocols based on the notion of frame, essentially a rewrite system plus a set of distinguished terms called messages. Frames are intended to model generic crypto-systems. Based on frames, we introduce a process language akin to Abadi and Fournet's applied pi. For this language, we define a symbolic operational semantics that relies on unification and provides finite and effective protocol models. Next, we give a method to carry out trace analysis directly on the symbolic model. We spell out a regularity condition on the underlying frame, which guarantees completeness of our method for the considered class of properties, including secrecy and various forms of authentication. We show how to instantiate our method to some of the most common crypto-systems, including shared- and public-key encryption, hashing and Diffie–Hellman key exchange.

computer science, theory & methods

Xiaohong Qu,Zhijie Liu,Xiaoyao Xie

DOI: https://doi.org/10.1109/ICASID.2009.5276963

2009-01-01

Abstract:Intrusion detection system is a new safeguard technology for system security after traditional technologies, such as firewall, message encryption and so on. To intrusion detection system, it makes improving efficiency of intrusion detection by choosing better method of intrusion detection, traditional intrusion detection system because of large amount of calculation, the high rate of omissions and misstatem tmts has not already adapted to the needs of the current network system protocol analysis is a kind of key technology for network intrusion detection. The paper which based on that idea will presents a distributed intrusion detection system model based on protocol analysis, it makes processing work very simple using protocol analysis technology in detection module. Compared with other model, the model has obvious advantage by analysing, and it can decrease the rate of FN and enhance the capability of system.

Yonggen Gu,Yuxi Fu,Yang Li,Xiaoju Dong

DOI: https://doi.org/10.1109/CIT.2005.12

2005-01-01

Abstract:Formal methods have proved useful in the analysis of security protocols. In this paper, we propose a generic model for symbolic analyzing security protocols (GSPM for short) that supports message passing semantics and constructs for modelling the behavior of protocol participants. GSPM is simple, but it is expressive enough to express security protocols and properties in a precise and faithful manner. In order to address that the execution of a protocol generates infinitely many paths, we use symbolic method. Based on GSPM, it is shown how security properties such as confidentiality, authentication, non-repudiation, fairness and anonymity can be described.

Yonggen Gu,Yuxi Fu,Farong Zhong,Han Zhu

DOI: https://doi.org/10.1007/11560326_9

2005-01-01

Abstract:Formal methods have proved useful in the analysis of security protocols. The paper proposes a generic model for the analysis of the security protocols (GSPM for short) that supports message passing semantics and constructs for modelling the behavior of agents. GSPM is simple, but it is expressive enough to express security protocols and properties in a precise and faithful manner. Using GSPM it is shown how security properties such as confidentiality, authentication, non-repudiation, fairness, and anonymity can be described. Finally an example of formal verification is illustrated.

Yahui Yang,Yunfei Chen,Min Xia,Juan Ma

DOI: https://doi.org/10.1109/IAS.2009.224

2009-01-01

Abstract:Aiming at automated security test on communication protocols, this paper proposes an automated manipulation mechanism of testing procedure based on FSM (Finite State Machine), and designs an automated packet generation mechanism based on a protocol template library. The practical experiments and applications show that the automated security testing platform of communication protocols based on this mechanism can implement the correct evaluations, be convenient to construct the testing procedure, generate automatically test packet sequence and have smaller packet control granularity. It can be used for the systematic and efficient infiltrative security test.

Xin Wang,Neng Gao,Lingchen Zhang,Zongbin Liu,Lei Wang

DOI: https://doi.org/10.1007/978-3-319-50011-9_35

2016-01-01

Abstract:Software-Defined Networking (SDN) is a new paradigm that offers services and applications great power to manage network. Based on the consideration that the entire network visibility is the foundation of SDN, many attacks emerge in poisoning the network visibility, which lead to severe damage. Meanwhile, many defense approaches are proposed to patch the controller. It is noticed that powerful adversaries can bypass existing approaches to poison topology information and attack security protocols. In this paper, we present a method that the adversary can attack security protocols under existing approaches (e.g. TopoGuard, SPHINX). We also investigate a number of security protocols that may be compromised by our MITM attacks and propose an approach to detect the existence of the adversary. Our evaluation shows that the defense solution can effectively detect the fake link in normal environment. We hope our research can attract more attention on SDN security.

Dongxi Liu,Xiaoyong Li,Yingcai Bai

DOI: https://doi.org/10.1007/3-540-45600-7_2

2001-01-01

Abstract:An intelligent intruder model is proposed in this paper. Except for the algebraic abilities to process messages like the Dolev-Yao intruder, it can decide when to generate what terms and whether or not to launch a new session, which principal to choose, and what roles the principal will play based on some strand-added rules. By this heuristic method, we can get a finite state space without the explicit configuration needed by most model checking tools.

Ren Chunyang,Wang Hongyuan,Zhang Zijian,Liao Lejian

DOI: https://doi.org/10.1007/978-3-642-26007-0_3

2010-01-01

Abstract:Canetti and Herzog have already proposed universally composable symbolic analysis (UCSA) for mutual authentication and key exchange protocols automatically without sacrificing the soundness of the cryptography. We want to extend their work to analyze group key exchange protocols. This paper takes the case of BD protocol with arbitrary participants against passive adversary (BD-Passive), and proves that BD-Passive is a secure group key exchange protocol. More specially, we (1) define the ideal functionality of BD-Passive; (2) prove the security property of BD-Passive in UC security framework by UCSA. Obviously, our work plays a new approach to prove group key exchange protocols automatically without sacrificing the soundness of the cryptography.

Gang He,Xiaochen Liu,Xiaochun Wu,Decheng Yu

DOI: https://doi.org/10.1109/ihmsc.2014.111

2014-01-01

Abstract:In recent years, with the rapid development of the Internet on a global scale and the prompt popularization of various App applications, the Internet is increasingly becoming an integral part of people's lives. Meanwhile various network problems caused by abnormal network behavior have become more prominent than any time before. Furthermore we also have a lot of personal information on the Internet, which will bring us significant losses if are gave away. For that, to find an effective method to detect the abnormal network behavior is becoming more and more important. This paper first introduces a new detection method based on compound session, and then shows the effectiveness of the proposed method. A further objective of this method is to identify the infected host.

XIE Bai-Lin,YU Shun-Zheng

DOI: https://doi.org/10.3724/sp.j.1016.2011.00452

2011-01-01

Abstract:Proactive defense is a prevalent topic in current research field of network security.Existing proactive defense techniques mainly detect attacks from network layer and transport layer.Since most new attacks are based on application layer protocols and don't present significant difference in network traffic,it is difficult for existing proactive defense techniques to effectively detect such application layer attacks without special techniques.Therefore,the research on proactive defense of application layer becomes very important.This paper presents a risk real-time evaluation method for application layer based on hidden semi-Markov model.This method evaluates the application layer risk by analyzing network traffic.Based on this risk evaluation method and application layer protocol analysis,this paper presents a real-time proactive defense system for application layer.When user's behavior is at risk,the system queues the user's packets according to the risk indicator.By this means,the proposed system can automatically restrict each user's anomalous behavior,and achieve the application layer proactive defense.The final experiment results validate the performance of the system.

Qianying Zhang,Shijun Zhao

DOI: https://doi.org/10.1016/j.comnet.2020.107369

IF: 5.493

2020-10-01

Computer Networks

Abstract:<p>The Trusted Platform Module (TPM) version 2.0 provides a two-phase key exchange primitive which can be used to implement three widely-standardized authenticated key exchange protocols: the Full Unified Model, the Full MQV, and the SM2 key exchange protocols. However, vulnerabilities have been found in all of these protocols. Fortunately, it seems that the protections offered by TPM chips can mitigate these vulnerabilities. In this paper, we present a security model which captures TPM's protections on keys and protocols' computation environments and in which multiple protocols can be analyzed in a unified way. Based on the unified security model, we give the first formal security analysis of the key exchange primitive of TPM 2.0, and the analysis results show that, with the help of hardware protections of TPM chips, the key exchange primitive indeed satisfies the well-defined security property of our security model, but unfortunately under some impractical limiting conditions, which would prevent the application of the key exchange primitive in real-world networks. To make TPM 2.0 applicable to real-world networks, we present a revision of the key exchange primitive of TPM 2.0, which can be secure without the limiting conditions. We give a rigorous analysis of our revision, and the results show that our revision achieves not only the basic security property of modern AKE security models but also some further security properties.</p>

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Chen ZHANG,Xiao-liang GAO

DOI: https://doi.org/10.3969/j.issn.1001-506X.2015.10.16

2015-01-01

Abstract:Kerberos authentication is one of the information security technologies for the cloud computing security.The formal verification of the Kerberos protocol helps to discover and avoid the protocol design flaws and attacks.An automatic tool named SPEAR Ⅱ for modeling and analyzing security protocols is used to ana-lyze the security of the Kerberos protocol.Firstly,three attack scenarios such as eavesdropping,replay and tampering are designed and characteristics of communication partners in each scenario are researched.Then, several hypothesizes are proposed,which are used as the input of a Prolog based analyzer in SPEAR Ⅱ to reason the working of the Kerberos protocol.The results show that the Kerberos protocol can keep the key safety be-tween legal communication partners in the eavesdropping and replay attack scenarios,but the attacker can use a fake key to communicate with a legal user in the tampering attack scenario.

Gaofeng Da,Maochao Xu,Shouhuai Xu

DOI: https://doi.org/10.1145/2600176.2600184

2016-01-01

Abstract:Modeling and analyzing security of networked systems is an important problem in the emerging Science of Security and has been under active investigation. In this paper, we propose a new approach towards tackling the problem. Our approach is inspired by the shock model and random environment techniques in the Theory of Reliability, while accommodating security ingredients. To the best of our knowledge, our model is the first that can accommodate a certain degree of adaptiveness of attacks , which substantially weakens the often-made independence and exponential attack inter-arrival time assumptions. The approach leads to a stochastic process model with two security metrics, and we attain some analytic results in terms of the security metrics.