A Model Checking-Based Security Analysis Framework for IoT Systems

Social engineering attacks are becoming serious threats to cloud service. Social engineering attackers could get Cloud service custom privacy information or attack virtual machine images directly. Existing security analysis instruments are difficult to quantify the social engineering attack risk, resulting in invalid defense guidance for social engineering attacks. In this article, a risk analysis framework for social engineering attack is proposed based on user profiling. The framework provides a pathway to quantitatively calculate the possibility of being compromised by social engineering attack and potential loss, so as to effectively complement current security assessment instruments. The frequency of related operations is used to profile and group users for respective risk calculation, and other features such as security awareness and capability of protection mechanism are also considered. Finally, examples are given to illustrate how to use the framework in actual scenario and apply it to security assessment.

Download Full-text

Suggested Integral Analysis for Chaos-Based Image Cryptosystems

Entropy ◽

10.3390/e21080815 ◽

2019 ◽

Vol 21 (8) ◽

pp. 815 ◽

Cited By ~ 12

Author(s):

Miguel Angel Murillo-Escobar ◽

Manuel Omar Meranza-Castillón ◽

Rosa Martha López-Gutiérrez ◽

César Cruz-Hernández

Keyword(s):

Security Analysis ◽

Analysis Framework ◽

Integral Analysis ◽

Aes Algorithm ◽

Digital Chaos ◽

Important Challenge ◽

Encryption Algorithms ◽

And Performance ◽

First Time ◽

New Algorithms

Currently, chaos-based cryptosystems are being proposed in the literature to provide confidentiality for digital images, since the diffusion effect in the Advance Encryption Standard (AES) algorithm is weak. Security is the most important challenge to assess in cryptosystems according to the National Institute of Standard and Technology (NIST), then cost and performance, and finally algorithm and implementation. Recent chaos-based image encryption algorithms present basic security analysis, which could make them insecure for some applications. In this paper, we suggest an integral analysis framework related to comprehensive security analysis, cost and performance, and the algorithm and implementation for chaos-based image cryptosystems. The proposed guideline based on 20 analysis points can assist new cryptographic designers to present an integral analysis of new algorithms. Future comparisons of new schemes can be more consistent in terms of security and efficiency. In addition, we present aspects regarding digital chaos implementation, chaos validation, and key definition to improve the security of the overall cryptosystem. The suggested guideline does not guarantee security, and it does not intend to limit the liberty to implement new analysis. However, it provides for the first time in the literature a solid basis about integral analysis for chaos-based image cryptosystems as an effective approach to improve security.

Download Full-text

Security analysis of NFC relay attacks using probabilistic model checking

2014 International Wireless Communications and Mobile Computing Conference (IWCMC) ◽

10.1109/iwcmc.2014.6906411 ◽

2014 ◽

Cited By ~ 5

Author(s):

Nikolaos Alexiou ◽

Stylianos Basagiannis ◽

Sophia Petridou

Keyword(s):

Model Checking ◽

Probabilistic Model ◽

Security Analysis ◽

Probabilistic Model Checking

Download Full-text

An Automated Security Analysis Framework and Implementation for MTD Techniques on Cloud

Lecture Notes in Computer Science - Information Security and Cryptology – ICISC 2019 ◽

10.1007/978-3-030-40921-0_9 ◽

2020 ◽

pp. 150-164

Author(s):

Hooman Alavizadeh ◽

Hootan Alavizadeh ◽

Dong Seong Kim ◽

Julian Jang-Jaccard ◽

Masood Niazi Torshiz

Keyword(s):

Security Analysis ◽

Analysis Framework

Download Full-text

Application of Verification Techniques to Security

Advanced Research and Trends in New Technologies, Software, Human-Computer Interaction, and Communicability - Advances in Human and Social Aspects of Technology ◽

10.4018/978-1-4666-4490-8.ch006 ◽

2014 ◽

pp. 61-70

Author(s):

Florian Kammüller ◽

Christian W. Probst ◽

Franco Raimondi

Keyword(s):

Model Checking ◽

System Modeling ◽

Security Analysis ◽

Social Engineering ◽

Current Case ◽

Secure Systems ◽

Insider Attack ◽

Mechanized Verification ◽

Verification Techniques

In this chapter, the authors give a short overview of the state of the art of formal verification techniques to the engineering of safe and secure systems. The main focus is on the support of security of real-world systems with mechanized verification techniques, in particular model checking. Based on prior experience with safety analysis—in particular the TWIN elevator (ThyssenKrupp) case study—the current case study ventures into the rising field of social engineering attacks on security. This main focus and original contribution of this chapter considers the security analysis of an insider attack illustrating the benefits of model checking with belief logics and actor system modeling.

Download Full-text

A multi-layered and kill-chain based security analysis framework for cyber-physical systems

International Journal of Critical Infrastructure Protection ◽

10.1016/j.ijcip.2015.08.003 ◽

2015 ◽

Vol 11 ◽

pp. 39-50 ◽

Cited By ~ 28

Author(s):

Adam Hahn ◽

Roshan K. Thomas ◽

Ivan Lozano ◽

Alvaro Cardenas

Keyword(s):

Security Analysis ◽

Cyber Physical Systems ◽

Analysis Framework ◽

Physical Systems

Download Full-text

Security Analysis of the RFID Authentication Protocol Using Model Checking

Ubiquitous Computing ◽

10.5772/14825 ◽

2011 ◽

Author(s):

Hyun-Seok Kim ◽

Jin-Young Choi ◽

Sin-Jae Lee

Keyword(s):

Model Checking ◽

Security Analysis ◽

Authentication Protocol

Download Full-text

Formal verification of dynamic hybrid systems: a NuSMV-based model checking approach

ITM Web of Conferences ◽

10.1051/itmconf/20181703026 ◽

2018 ◽

Vol 17 ◽

pp. 03026 ◽

Cited By ~ 2

Author(s):

Zhi Xu ◽

Deming Zhong ◽

Weigang Li ◽

Hao Huang ◽

And Yigang Sun

Keyword(s):

Model Checking ◽

Security Analysis ◽

Symbolic Model Checking ◽

Software Systems ◽

Symbolic Model ◽

Counter Example ◽

Simplifying Assumptions ◽

Dynamic Hybrid ◽

The Individual ◽

Computational Part

Software security is an important and challenging research topic in developing dynamic hybrid embedded software systems. Ensuring the correct behavior of these systems is particularly difficult due to the interactions between the continuous subsystem and the discrete subsystem. Currently available security analysis methods for system risks have been limited, as they rely on manual inspections of the individual subsystems under simplifying assumptions. To improve this situation, a new approach is proposed that is based on the symbolic model checking tool NuSMV. A dual PID system is used as an example system, for which the logical part and the computational part of the system are modeled in a unified manner. Constraints are constructed on the controlled object, and a counter-example path is ultimately generated, indicating that the hybrid system can be analyzed by the model checking tool.

Download Full-text

Formal security analysis of near field communication using model checking

Computers & Security ◽

10.1016/j.cose.2016.03.002 ◽

2016 ◽

Vol 60 ◽

pp. 1-14 ◽

Cited By ~ 7

Author(s):

Nikolaos Alexiou ◽

Stylianos Basagiannis ◽

Sophia Petridou

Keyword(s):

Model Checking ◽

Near Field ◽

Security Analysis ◽

Near Field Communication

Download Full-text