Abstract
Knowledge about attacks is a necessary foundation for security analysis of information systems or cryptographic protocols. Current security verification methods for improving the security of target systems or the soundness of cryptographic protocols has limitations because they are all based on the assumptions from known attacks, while the attackers are trying every possible attacks against the information systems. Once a new-style attack was found by adversaries earlier, it would bring severe loss to the target systems. Therefore, it is essential to understand and take measures against new attacks previously. A new method has been proposed for predicting new attacks, but it lacks experimental results to prove its effectiveness. This paper confirms the effectiveness of the proposed method by a rediscovery experiment that shows several known attacks on cryptographic protocols rediscovered successfully. The paper also shows issues of the approach for predicting new attacks.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Abadi M, Fournet C (2001) Mobile values, new names and secure communication. In: Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on principles of programming languages, pp 104–115, ACM
Anderson RJ, Needham RM (1995) Programming Satan’s computer. In: van Leeuwen J (ed) Computer science today: recent trends and developments. LNCS, vol 1000. Springer, Heidelberg, pp 426–440
Bao D, Goto Y, Cheng J (2014) Predicting new attacks for information security. In: Park JJ et al. (eds) Computer science and its applications, ubiquitous information technologies. LNEE, vol 330. Springer, Heidelberg, pp 1353–1358
Bau J, Mitchell J (2011) Security modeling and analysis. IEEE Secur Priv 9(3):18–25
Boyd C, Mao W (1994) On a limitation of BAN logic. In: Helleseth T (ed) EUROCRYPT 1993. LNCS, vol 765. Springer, Heidelberg, pp 465–474
Boyd C, Mathuria A (2003) Protocols for authentication and key establishment. Springer, Heidelberg
Burrows M, Abadi M, Needham R (1990) A logic of authentication. ACM Trans Comput Syst 8(1):18–36
Cheng J (2006) Strong relevant logic as the universal basis of various applied logics for knowledge representation and reasoning. In: Kiyoki Y, Henno J, Jaakkola H, Kangassalo H (eds) Information modelling and knowledge bases XVII. Frontiers in artificial intelligence and applications, vol 136. IOS Press, Amsterdam, pp 310–320
Cheng J (2014) New challenges in future software engineering. In: Park JJ, Pan Y, Kim C, Yan Y (eds) Future information technology, FutureTech 2014. LNEE, vol 309. Springer, Berlin, pp 31–36
Cheng J, Miura J (2006) Deontic relevant logic as the logical basis for specifying, verifying, and reasoning about information security and information assurance. In: Proceedings of 1st international conference on availability, reliability and security, IEEE Computer Society, pp 601–608
Cheng J, Nara S, Goto Y (2007) FreeEnCal: a forward reasoning engine with general-purpose. In: Knowledge-based intelligent information and engineering systems, LNAI, vol 4693. Springer, Berlin, pp 444–452
Clark J, Jacob J (1996) Attacking authentication protocols. High Integr Syst 1(5):465–473
Dolev D, Yao A (1983) On the security of public-key protocols. IEEE Trans Inf Theory 29:198–208
Otway D, Rees O (1987) Efficient and timely mutual authentication. Oper Syst Rev 21(1):8–10
Wagatsuma K, Goto Y, Cheng J (2015) A formal analysis method with reasoning for key exchange protocols. J Inf Process Soc Jpn 56(3):903–910 (in Japanese)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer Science+Business Media Singapore
About this paper
Cite this paper
Bao, D., Wagatsuma, K., Gao, H., Cheng, J. (2016). Predicting New Attacks: A Case Study in Security Analysis of Cryptographic Protocols. In: Park, J., Jin, H., Jeong, YS., Khan, M. (eds) Advanced Multimedia and Ubiquitous Engineering. Lecture Notes in Electrical Engineering, vol 393. Springer, Singapore. https://doi.org/10.1007/978-981-10-1536-6_35
Download citation
DOI: https://doi.org/10.1007/978-981-10-1536-6_35
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-1535-9
Online ISBN: 978-981-10-1536-6
eBook Packages: Computer ScienceComputer Science (R0)