Nalazite se na CroRIS probnoj okolini. Ovdje evidentirani podaci neće biti pohranjeni u Informacijskom sustavu znanosti RH. Ako je ovo greška, CroRIS produkcijskoj okolini moguće je pristupi putem poveznice www.croris.hr
izvor podataka: crosbi

Statistical Model Checking of Guessing and Timing Attacks on Distance-bounding Protocols (CROSBI ID 662400)

Neobjavljeno sudjelovanje sa skupa | neobjavljeni prilog sa skupa | međunarodna recenzija

Alturki, M.A. ; Kanovich, Max ; Ban Kirigin, Tajana ; Nigam, Vivek ; Scedrov, Andre ; Talcott, Carolyn Statistical Model Checking of Guessing and Timing Attacks on Distance-bounding Protocols // Workshop on Foundations of Computer Security 2018 Oxford, Ujedinjeno Kraljevstvo, 08.07.2018-08.07.2018

Podaci o odgovornosti

Alturki, M.A. ; Kanovich, Max ; Ban Kirigin, Tajana ; Nigam, Vivek ; Scedrov, Andre ; Talcott, Carolyn

engleski

Statistical Model Checking of Guessing and Timing Attacks on Distance-bounding Protocols

Distance-bounding (DB) protocols were proposed to thwart relay attacks on proximity-based access control systems. In a DB protocol, the verifier computes an upper bound on the distance to the prover by measuring the time needed for a signal to travel to the prover and back. DB protocols are, however, vulnerable to distance fraud, in which a dishonest prover is able to manipulate the distance bound computed by an honest verifier. Despite their conceptual simplicity, devising a formal characterization of DB protocols and distance fraud attacks that is amenable to automated formal analysis is non-trivial, primarily because of their real- time and probabilistic nature. In this work, we present a framework, based on rewriting logic, for formally analyzing different forms of distance-fraud, including recently identified timing attacks. We introduce a generic, real- time and probabilistic model of DB protocols and use it to (mechanically) verify false- acceptance and false-rejection probabilities under various settings and attacker models through statistical model checking with MAUDE and PVeStA. Using this framework, we first accurately confirm known results and then define and quantitatively evaluate new guessing-ahead attack strategies that would otherwise be difficult to analyze manually.

Distance-bounding protocols ; Distance fraud ; Probabilistic rewriting ; Statistical model checking ; MAUDE

nije evidentirano

nije evidentirano

nije evidentirano

nije evidentirano

nije evidentirano

nije evidentirano

Podaci o prilogu

nije evidentirano

nije evidentirano

Podaci o skupu

Workshop on Foundations of Computer Security 2018

predavanje

08.07.2018-08.07.2018

Oxford, Ujedinjeno Kraljevstvo

Povezanost rada

Matematika, Računarstvo