Predicting New Attacks: A Case Study in Security Analysis of Cryptographic Protocols

2016 ◽  
pp. 263-270 ◽  
Author(s):  
Da Bao ◽  
Kazunori Wagatsuma ◽  
Hongbiao Gao ◽  
Jingde Cheng
Keyword(s):  
Security Analysis ◽  
Cryptographic Protocols

Security Analysis of Wireless Authentication Protocols

2019 ◽  
Vol 9 (2) ◽  
pp. 247-252 ◽  
Author(s):  
Ashish Joshi ◽  
Amar Kumar Mohapatra
Keyword(s):  
Execution Time ◽  
Communication Systems ◽  
Security Analysis ◽  
Cryptographic Protocols ◽  
Command Line ◽  
Time Analysis ◽  
Authentication Protocols ◽  
Replay Attack ◽  
Peer Communication ◽  
Digital Communication Systems

Background & Objective: Cryptographic protocols had been evident method for ensuring con dentiality, Integrity and authentication in various digital communication systems. However the validation and analysis of such cryptographic protocols was limited to usage of formal mathematical models until few years back. Methods: In this paper, various popular cryptographic protocols have been studied. Some of these protocols (PAP, CHAP, and EAP) achieve security goals in peer to peer communication while others (RADIUS, DIAMETER and Kerberos) can work in multiparty environment. These protocols were validated and analysed over two popular security validation and analysis tools AVISPA and Scyther. The protocols were written according to their documentation using the HLPSL and SPDL for analysis over AVISPA and Scyther respectively. The results of these tools were analysed to nd the possible attack an each protocol. Afterwards The execution time analysis of the protocols were done by repeating the experiment for multiple iterations over the command line versions of these tools.As the literature review suggested, this research also validates that using password based protocols (PAP) is faster in terms of execution time as compared to other methods, Usage of nonces tackles the replay attack and DIAMETER is secure than RADIUS. Results and Conclusion: The results also showed us that DIAMETER is faster than RADIUS. Though Kerberos protocol was found to safe, the results tell us that it is compromisable under particular circumstances.

scholarly journals SAVTA: A Hybrid Vehicular Threat Model: Overview and Case Study

Information ◽  
2020 ◽  
Vol 11 (5) ◽  
pp. 273 ◽  
Author(s):  
Mohammad Hamad ◽  
Vassilis Prevelakis
Keyword(s):  
Development Process ◽  
Security Analysis ◽  
Security Threats ◽  
Threat Modeling ◽  
Threat Model ◽  
Modeling Approaches ◽  
Surrounding Environment ◽  
Vehicle Systems ◽  
Attack Trees

In recent years, significant developments were introduced within the vehicular domain, evolving the vehicles to become a network of many embedded systems which depend on a set of sensors to interact with each other and with the surrounding environment. While these improvements have increased the safety and incontestability of the automotive system, they have opened the door for new potential security threats which need to be defined, assessed, and mitigated. The SAE J3061 standard has defined threat modeling as a critical step toward the secure development process for vehicle systems, but it did not determine which method could be used to achieve this process. Therefore, many threat modeling approaches were adopted. However, using one individual approach will not identify all the threats which could target the system, and may lead to insufficient mitigation mechanisms. Thus, having complete security requires the usage of a comprehensive threat model which identifies all the potential threats and vulnerabilities. In this work, we tried to revise the existing threat modeling efforts in the vehicular domain. Also, we proposed using a hybrid method called the Software, Asset, Vulnerability, Threat, and Attacker (SAVTA)-centric method to support security analysis for vehicular systems. SAVTA combines different existing threat modeling approaches to create a comprehensive and hybridized threat model. The model is used as an aid to construct general attack trees which illustrate attack vectors that threaten a particular vehicle asset and classify these attacks under different sub-trees.

Application of Verification Techniques to Security

2014 ◽  
pp. 61-70
Author(s):  
Florian Kammüller ◽  
Christian W. Probst ◽  
Franco Raimondi
Keyword(s):  
Model Checking ◽  
System Modeling ◽  
Security Analysis ◽  
Social Engineering ◽  
Current Case ◽  
Secure Systems ◽  
Insider Attack ◽  
Mechanized Verification ◽  
Verification Techniques

In this chapter, the authors give a short overview of the state of the art of formal verification techniques to the engineering of safe and secure systems. The main focus is on the support of security of real-world systems with mechanized verification techniques, in particular model checking. Based on prior experience with safety analysis—in particular the TWIN elevator (ThyssenKrupp) case study—the current case study ventures into the rising field of social engineering attacks on security. This main focus and original contribution of this chapter considers the security analysis of an insider attack illustrating the benefits of model checking with belief logics and actor system modeling.

Sign in / Sign up

Export Citation Format

Share Document