On Preventing Replay Attacks on Security Protocols

Malladi, Sreekanth; Alves-Foss, Jim; Heckendorn, Robert B.

doi:10.21236/ada462295

Cited by 58 publications

(30 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…How ever, we also consider the threat posed by RsM, as one of our design goals is to ensure the pseudonymity of User. The aim of our security analysis was to address common attacks on authentication protocols [20,14,32,11,6]. These attacks in clude replay, collusion,reflection, denial-of-service, and typ ing.…”

Section: Security Analysismentioning

confidence: 99%

Enforcing spatial constraints for mobile RBAC systems

Kirkpatrick

Bertino

2010

Proceedings of the 15th ACM Symposium on Access Control Models and Technologies

View full text Add to dashboard Cite

Proposed models for spatially-aware extensions of role-based access control (RBAC) combine the administrative and secu rity advantages of RBAC with the dynamic nature of mobile and pervasive computing systems. However, implementing systems that enforce these models poses a number of chal lenges. As a solution, we propose an architecture for design ing such a system. The architecture is based on an enhanced RBAC model that supports location-based access control policies by incorporating spatial constraints.Enforcing spatially-aware RBAC policies in a mobile en vironment requires addressing several challenges. First, one must guarantee the integrity of a user's location during an access request. We adopt a proximity-based solution using Near-Field Communication (NFC) technology. The next challenge is to verify the user's position continuously satis fies the location constraints. To capture these policy restric tions, we incorporate elements of the UCONABC usage con trol model in our architecture.In this work, we also propose a number of protocols, describe our prototype implementa tion, report the performance of our prototype, and evaluate the security guarantees.

show abstract

Section: Security Analysismentioning

confidence: 99%

Enforcing spatial constraints for mobile RBAC systems

Kirkpatrick

Bertino

2010

Proceedings of the 15th ACM Symposium on Access Control Models and Technologies

View full text Add to dashboard Cite

show abstract

“…Services can use location verification (see section 5) to aid in the prevention of replay and spoofing attacks. Other methods of preventing replay attacks are summarized in [30].…”

Section: Attacks and Defenses In Camsn Servicesmentioning

confidence: 99%

Applications and Security of Next-Generation, User-Centric Wireless Systems

2010

View full text Add to dashboard Cite

Pervasive wireless systems have significantly improved end-users' quality of life. As manufacturing costs decrease, communications bandwidth increases, and contextual information is made more readily available, the role of next generation wireless systems in facilitating users' daily activities will grow. Unique security and privacy issues exist in these wireless, context-aware, often decentralized systems. For example, the pervasive nature of such systems allows adversaries to launch stealthy attacks against them. In this review paper, we survey several emergent personal wireless systems and their applications. These systems include mobile social networks, active implantable medical devices, and consumer products. We explore each system's usage of contextual information and provide insight into its security vulnerabilities. Where possible, we describe existing solutions for defending against these vulnerabilities. Finally, we point out promising future research directions for improving these systems' robustness and security.

show abstract

“…Since tags themselves will reveal information about a message to a penetrator there are several refinements of this tagging approach to minimize the set of subterms of a message that have to be tagged (e.g. [13,14]). The second area is concerned with the verification of protocols that may contain type-flaw attacks.…”

Section: Related Workmentioning

confidence: 99%

On the Automated Correction of Protocols with Improper Message Encoding

Hutter¹,

Monroy

2009

Foundations and Applications of Security Analysis

View full text Add to dashboard Cite

Abstract. Security protocols are crucial to achieve trusted computing. However, designing security protocols is not easy and so security protocols are typically faulty and have to be repaired. Continuing previous work we present first steps to automate this repairing process, especially for protocols that are susceptible to type-flaw attacks. To this end, we extend the notion of strand spaces by introducing an implementation layer for messages and extending the capabilities of a penetrator to swap messages that share the same implementation. Based on this framework we are able to track type flaw attacks to incompatibilities between the way messages are implemented and the design of concrete security protocols. Heuristics are given to either change the implementation or the protocol to avoid these situations.

show abstract

On Preventing Replay Attacks on Security Protocols

Cited by 58 publications

References 19 publications

Enforcing spatial constraints for mobile RBAC systems

Enforcing spatial constraints for mobile RBAC systems

Applications and Security of Next-Generation, User-Centric Wireless Systems

On the Automated Correction of Protocols with Improper Message Encoding

Contact Info

Product

Resources

About