Non-collaborative Attackers and How and Where to Defend Flawed Security Protocols (Extended Version)

Security protocols are often found to be flawed after their deployment. We present an approach that aims at the neutralization or mitigation of the attacks to flawed protocols: it avoids the complete dismissal of the interested protocol and allows honest agents to continue to use it until a correcte...

Full description

Saved in:
Bibliographic Details
Published in:arXiv.org 2014-05
Main Authors: Peroli, Michele, Viganò, Luca, Zavatteri, Matteo
Format: Article
Language:English
Subjects:
Collaboration
Knowledge management
Network topologies
Protocol
Protocol (computers)
Security
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites
container_end_page
container_issue
container_start_page
container_title arXiv.org
container_volume
creator Peroli, Michele
Viganò, Luca
Zavatteri, Matteo
description Security protocols are often found to be flawed after their deployment. We present an approach that aims at the neutralization or mitigation of the attacks to flawed protocols: it avoids the complete dismissal of the interested protocol and allows honest agents to continue to use it until a corrected version is released. Our approach is based on the knowledge of the network topology, which we model as a graph, and on the consequent possibility of creating an interference to an ongoing attack of a Dolev-Yao attacker, by means of non-collaboration actuated by ad-hoc benign attackers that play the role of network guardians. Such guardians, positioned in strategical points of the network, have the task of monitoring the messages in transit and discovering at runtime, through particular types of inference, whether an attack is ongoing, interrupting the run of the protocol in the positive case. We study not only how but also where we can attempt to defend flawed security protocols: we investigate the different network topologies that make security protocol defense feasible and illustrate our approach by means of concrete examples.
format article
fullrecord <record><control><sourceid>proquest</sourceid><recordid>TN_cdi_proquest_journals_2084123054</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2084123054</sourcerecordid><originalsourceid>FETCH-proquest_journals_20841230543</originalsourceid><addsrcrecordid>eNqNjNEKgjAYRkcQJOU7DLqpC2FtWt5GKV5FUNSlLP0lTfbXNrPevhE9QFeHj3P4BsTjQiyCOOR8RHxjGsYYX654FAmPlDtUQYFtKy-opa2fQNfWyuIG2lCpSpph_-X5ChqoRbqFCtxOW9lDSQ9QdLq2b7rXaNEdGTpLXtYVTp7cSY1qPiHDSrYG_B_HZJomx00W3DU-OjA2b7DTyqmcszhccMGiUPxXfQDAiEWU</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2084123054</pqid></control><display><type>article</type><title>Non-collaborative Attackers and How and Where to Defend Flawed Security Protocols (Extended Version)</title><source>Publicly Available Content Database</source><creator>Peroli, Michele ; Viganò, Luca ; Zavatteri, Matteo</creator><creatorcontrib>Peroli, Michele ; Viganò, Luca ; Zavatteri, Matteo</creatorcontrib><description>Security protocols are often found to be flawed after their deployment. We present an approach that aims at the neutralization or mitigation of the attacks to flawed protocols: it avoids the complete dismissal of the interested protocol and allows honest agents to continue to use it until a corrected version is released. Our approach is based on the knowledge of the network topology, which we model as a graph, and on the consequent possibility of creating an interference to an ongoing attack of a Dolev-Yao attacker, by means of non-collaboration actuated by ad-hoc benign attackers that play the role of network guardians. Such guardians, positioned in strategical points of the network, have the task of monitoring the messages in transit and discovering at runtime, through particular types of inference, whether an attack is ongoing, interrupting the run of the protocol in the positive case. We study not only how but also where we can attempt to defend flawed security protocols: we investigate the different network topologies that make security protocol defense feasible and illustrate our approach by means of concrete examples.</description><identifier>EISSN: 2331-8422</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Collaboration ; Knowledge management ; Network topologies ; Protocol ; Protocol (computers) ; Security</subject><ispartof>arXiv.org, 2014-05</ispartof><rights>2014. This work is published under http://creativecommons.org/licenses/by/3.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://www.proquest.com/docview/2084123054?pq-origsite=primo$$EHTML$$P50$$Gproquest$$Hfree_for_read</linktohtml><link.rule.ids>777,781,25734,36993,44571</link.rule.ids></links><search><creatorcontrib>Peroli, Michele</creatorcontrib><creatorcontrib>Viganò, Luca</creatorcontrib><creatorcontrib>Zavatteri, Matteo</creatorcontrib><title>Non-collaborative Attackers and How and Where to Defend Flawed Security Protocols (Extended Version)</title><title>arXiv.org</title><description>Security protocols are often found to be flawed after their deployment. We present an approach that aims at the neutralization or mitigation of the attacks to flawed protocols: it avoids the complete dismissal of the interested protocol and allows honest agents to continue to use it until a corrected version is released. Our approach is based on the knowledge of the network topology, which we model as a graph, and on the consequent possibility of creating an interference to an ongoing attack of a Dolev-Yao attacker, by means of non-collaboration actuated by ad-hoc benign attackers that play the role of network guardians. Such guardians, positioned in strategical points of the network, have the task of monitoring the messages in transit and discovering at runtime, through particular types of inference, whether an attack is ongoing, interrupting the run of the protocol in the positive case. We study not only how but also where we can attempt to defend flawed security protocols: we investigate the different network topologies that make security protocol defense feasible and illustrate our approach by means of concrete examples.</description><subject>Collaboration</subject><subject>Knowledge management</subject><subject>Network topologies</subject><subject>Protocol</subject><subject>Protocol (computers)</subject><subject>Security</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2014</creationdate><recordtype>article</recordtype><sourceid>PIMPY</sourceid><recordid>eNqNjNEKgjAYRkcQJOU7DLqpC2FtWt5GKV5FUNSlLP0lTfbXNrPevhE9QFeHj3P4BsTjQiyCOOR8RHxjGsYYX654FAmPlDtUQYFtKy-opa2fQNfWyuIG2lCpSpph_-X5ChqoRbqFCtxOW9lDSQ9QdLq2b7rXaNEdGTpLXtYVTp7cSY1qPiHDSrYG_B_HZJomx00W3DU-OjA2b7DTyqmcszhccMGiUPxXfQDAiEWU</recordid><startdate>20140527</startdate><enddate>20140527</enddate><creator>Peroli, Michele</creator><creator>Viganò, Luca</creator><creator>Zavatteri, Matteo</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope></search><sort><creationdate>20140527</creationdate><title>Non-collaborative Attackers and How and Where to Defend Flawed Security Protocols (Extended Version)</title><author>Peroli, Michele ; Viganò, Luca ; Zavatteri, Matteo</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-proquest_journals_20841230543</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2014</creationdate><topic>Collaboration</topic><topic>Knowledge management</topic><topic>Network topologies</topic><topic>Protocol</topic><topic>Protocol (computers)</topic><topic>Security</topic><toplevel>online_resources</toplevel><creatorcontrib>Peroli, Michele</creatorcontrib><creatorcontrib>Viganò, Luca</creatorcontrib><creatorcontrib>Zavatteri, Matteo</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science &amp; Engineering Collection</collection><collection>ProQuest Central (Alumni)</collection><collection>ProQuest Central</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Peroli, Michele</au><au>Viganò, Luca</au><au>Zavatteri, Matteo</au><format>book</format><genre>document</genre><ristype>GEN</ristype><atitle>Non-collaborative Attackers and How and Where to Defend Flawed Security Protocols (Extended Version)</atitle><jtitle>arXiv.org</jtitle><date>2014-05-27</date><risdate>2014</risdate><eissn>2331-8422</eissn><abstract>Security protocols are often found to be flawed after their deployment. We present an approach that aims at the neutralization or mitigation of the attacks to flawed protocols: it avoids the complete dismissal of the interested protocol and allows honest agents to continue to use it until a corrected version is released. Our approach is based on the knowledge of the network topology, which we model as a graph, and on the consequent possibility of creating an interference to an ongoing attack of a Dolev-Yao attacker, by means of non-collaboration actuated by ad-hoc benign attackers that play the role of network guardians. Such guardians, positioned in strategical points of the network, have the task of monitoring the messages in transit and discovering at runtime, through particular types of inference, whether an attack is ongoing, interrupting the run of the protocol in the positive case. We study not only how but also where we can attempt to defend flawed security protocols: we investigate the different network topologies that make security protocol defense feasible and illustrate our approach by means of concrete examples.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier EISSN: 2331-8422
ispartof arXiv.org, 2014-05
issn 2331-8422
language eng
recordid cdi_proquest_journals_2084123054
source Publicly Available Content Database
subjects Collaboration
Knowledge management
Network topologies
Protocol
Protocol (computers)
Security
title Non-collaborative Attackers and How and Where to Defend Flawed Security Protocols (Extended Version)
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-18T22%3A56%3A49IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=document&rft.atitle=Non-collaborative%20Attackers%20and%20How%20and%20Where%20to%20Defend%20Flawed%20Security%20Protocols%20(Extended%20Version)&rft.jtitle=arXiv.org&rft.au=Peroli,%20Michele&rft.date=2014-05-27&rft.eissn=2331-8422&rft_id=info:doi/&rft_dat=%3Cproquest%3E2084123054%3C/proquest%3E%3Cgrp_id%3Ecdi_FETCH-proquest_journals_20841230543%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2084123054&rft_id=info:pmid/&rfr_iscdi=true