Justifying a Dolev-Yao Model Under Active Attacks

2005 ◽  
pp. 1-41
Author(s):  
Michael Backes ◽  
Birgit Pfitzmann ◽  
Michael Waidner
Keyword(s):  
Active Attacks

scholarly journals SSID Oracle Attack on Undisclosed Wi-Fi Preferred Network Lists

2018 ◽  
Vol 2018 ◽  
pp. 1-15 ◽  
Author(s):  
Ante Dagelić ◽  
Toni Perković ◽  
Bojan Vujatović ◽  
Mario Čagalj
Keyword(s):  
Location Privacy ◽  
Real Life ◽  
User Mobility ◽  
Window Of Opportunity ◽  
Privacy Concerns ◽  
Private Location ◽  
Life Tests ◽  
Active Attacks ◽  
Recommender Algorithm ◽  
Dictionary Attacks

User’s location privacy concerns have been further raised by today’s Wi-Fi technology omnipresence. Preferred Network Lists (PNLs) are a particularly interesting source of private location information, as devices are storing a list of previously used hotspots. Privacy implications of a disclosed PNL have been covered by numerous papers, mostly focusing on passive monitoring attacks. Nowadays, however, more and more devices no longer transmit their PNL in clear, thus mitigating passive attacks. Hidden PNLs are still vulnerable against active attacks whereby an attacker mounts a fake SSID hotspot set to one likely contained within targeted PNL. If the targeted device has this SSID in the corresponding PNL, it will automatically initiate a connection with the fake hotspot thus disclosing this information to the attacker. By iterating through different SSIDs (from a predefined dictionary) the attacker can eventually reveal a big part of the hidden PNL. Considering user mobility, executing active attacks usually has to be done within a short opportunity window, while targeting nontrivial SSIDs from user’s PNL. The existing work on active attacks against hidden PNLs often neglects both of these challenges. In this paper we propose a simple mathematical model for analyzing active SSID dictionary attacks, allowing us to optimize the effectiveness of the attack under the above constraints (limited window of opportunity and targeting nontrivial SSIDs). Additionally, we showcase an example method for building an effective SSID dictionary using top-N recommender algorithm and validate our model through simulations and extensive real-life tests.

scholarly journals An Analysis of Active Attacks on Anonymity Systems

2016 ◽  
Vol 10 (4) ◽  
pp. 95-104
Author(s):  
Tianbo Lu ◽  
Pan Gao ◽  
Xiaofeng Du ◽  
Yang Li
Keyword(s):  
Active Attacks

Securing Public Key Encryption Against Adaptive Chosen Ciphertext Attacks

2018 ◽  
pp. 134-144
Author(s):  
Kannan Balasubramanian
Keyword(s):  
Partial Information ◽  
Hash Functions ◽  
Public Key ◽  
Public Key Encryption ◽  
Public Key Cryptosystems ◽  
Active Attacks ◽  
Chosen Ciphertext Attack ◽  
Decryption Oracle

To deal with active attacks in public key encryptions, the notion of security against an adaptive chosen ciphertext attack has been defined by Researchers. If an adversary can inject messages into a network, these messages may be ciphertexts, and the adversary may be able to extract partial information about the corresponding cleartexts through its interaction with parties in the network. The Security against chosen ciphertext attack is defined using an “decryption oracle.” Given an encryption of a message the “ciphertext” we want to guarantee that the adversary cannot obtain any partial information about the message. A method of securing Public Key Cryptosystems using hash functions is described in this chapter.

Vulnerabilities and Threats in Smart Grid Communication Networks

2021 ◽  
pp. 1508-1535
Author(s):  
Yona Lopes ◽  
Natalia Castro Fernandes ◽  
Tiago Bornia de Castro ◽  
Vitor dos Santos Farias ◽  
Julia Drummond Noce ◽  
...  
Keyword(s):  
Smart Grid ◽  
Communication Networks ◽  
Smart Grids ◽  
Electrical Network ◽  
Physical Security ◽  
Smart Meters ◽  
Interconnected System ◽  
Other Information ◽  
Data Volume ◽  
Active Attacks

Advances in smart grids and in communication networks allow the development of an interconnected system where information arising from different sources helps building a more reliable electrical network. Nevertheless, this interconnected system also brings new security threats. In the past, communication networks for electrical systems were restrained to closed and secure areas, which guaranteed network physical security. Due to the integration with smart meters, clouds, and other information sources, physical security to network access is no longer available, which may compromise the electrical system. Besides smart grids bring a huge growth in data volume, which must be managed. In order to achieve a successful smart grid deployment, robust network communication to provide automation among devices is necessary. Therefore, outages caused by passive or active attacks become a real threat. This chapter describes the main architecture flaws that make the system vulnerable to attacks for creating energy disruptions, stealing energy, and breaking privacy.

scholarly journals Application Level Security in a Public Library: A Case Study

2018 ◽  
Vol 37 (4) ◽  
pp. 107-118
Author(s):  
Richard Thomchick ◽  
Tonia San Nicolas-Rocca
Keyword(s):  
Secure Communication ◽  
Public Library ◽  
Transport Protocol ◽  
Sensitive Information ◽  
Privacy And Security ◽  
The Public ◽  
Security Challenges ◽  
Personally Identifiable Information ◽  
Active Attacks

Libraries have historically made great efforts to ensure the confidentiality of patron personally identifiable information (PII), but the rapid, widespread adoption of information technology and the internet have given rise to new privacy and security challenges. Hypertext Transport Protocol Secure (HTTPS) is a form of Hypertext Transport Protocol (HTTP) that enables secure communication over the public internet and provides a deterministic way to guarantee data confidentiality so that attackers cannot eavesdrop on communications. HTTPS has been used to protect sensitive information exchanges, but security exploits such as passive and active attacks have exposed the need to implement HTTPS in a more rigorous and pervasive manner. This report is intended to shed light on the state of HTTPS implementation in libraries, and to suggest ways in which libraries can evaluate and improve application security so that they can better protect the confidentiality of PII about library patrons.

scholarly journals A Static-loop-current Attack Against the Kirchhoff-Law-Johnson-Noise (KLJN) Secure Key Exchange System

2019 ◽  
Vol 9 (4) ◽  
pp. 666 ◽  
Author(s):  
Mutaz Melhem ◽  
Laszlo Kish
Keyword(s):  
Electromagnetic Interference ◽  
Distribution System ◽  
Low Frequency ◽  
Voltage Source ◽  
Loop Current ◽  
Johnson Noise ◽  
Current Voltage ◽  
Active Attacks ◽  
Wire Resistance ◽  
Ground Loop

In this study, a new attack against the Kirchhoff-Law-Johnson-Noise (KLJN) key distribution system is explored. The attack is based on utilizing a parasitic voltage-source in the loop. Relevant situations often exist in the low-frequency limit in practical systems, especially when the communication is over a distance, or between different units within an instrument, due to a ground loop and/or electromagnetic interference (EMI). Our present study investigates the DC ground loop situation when no AC or EMI effects are present. Surprisingly, the usual current/voltage comparison-based defense method that exposes active attacks or parasitic features (such as wire resistance allowing information leaks) does not function here. The attack is successfully demonstrated and proposed defense methods against the attack are shown.

Sign in / Sign up

Export Citation Format

Share Document