80 research outputs found
Session Initiation Protocol Attacks and Challenges
In recent years, Session Initiation Protocol (SIP) has become widely used in
current internet protocols. It is a text-based protocol much like Hyper Text
Transport Protocol (HTTP) and Simple Mail Transport Protocol (SMTP). SIP is a
strong enough signaling protocol on the internet for establishing, maintaining,
and terminating session. In this paper the areas of security and attacks in SIP
are discussed. We consider attacks from diverse related perspectives. The
authentication schemes are compared, the representative existing solutions are
highlighted, and several remaining research challenges are identified. Finally,
the taxonomy of SIP threat will be presented
A Spatial-Epistemic Logic for Reasoning about Security Protocols
Reasoning about security properties involves reasoning about where the
information of a system is located, and how it evolves over time. While most
security analysis techniques need to cope with some notions of information
locality and knowledge propagation, usually they do not provide a general
language for expressing arbitrary properties involving local knowledge and
knowledge transfer. Building on this observation, we introduce a framework for
security protocol analysis based on dynamic spatial logic specifications. Our
computational model is a variant of existing pi-calculi, while specifications
are expressed in a dynamic spatial logic extended with an epistemic operator.
We present the syntax and semantics of the model and logic, and discuss the
expressiveness of the approach, showing it complete for passive attackers. We
also prove that generic Dolev-Yao attackers may be mechanically determined for
any deterministic finite protocol, and discuss how this result may be used to
reason about security properties of open systems. We also present a
model-checking algorithm for our logic, which has been implemented as an
extension to the SLMC system.Comment: In Proceedings SecCo 2010, arXiv:1102.516
Analisis Kompleksitas Waktu Algoritma Kriptografi Elgamal dan Data Encryption Standard
ElGamal as an asymmetric key cryptography system and Data Encryption Standard (DES) as a symmetric key cryptography system, both of algorithms will be compared using the time complexity analysis and computer simulation. The result of time analysis shows a different complexity for both algorithms, there is quadratic complexity for ElGamal Algorithm and Linear Complexity for DES algorithm. Input that is used by ElGamal algorithm is the private key, while for DES algorithm is the plaintext\u27s size. Based on result of simulation using a computer program, it shows a significant timing differences, ElGamal\u27s time execution is longer than DES. This is caused by differences of arithmetic operations that is used by each algorithms
High-level Cryptographic Abstractions
The interfaces exposed by commonly used cryptographic libraries are clumsy,
complicated, and assume an understanding of cryptographic algorithms. The
challenge is to design high-level abstractions that require minimum knowledge
and effort to use while also allowing maximum control when needed.
This paper proposes such high-level abstractions consisting of simple
cryptographic primitives and full declarative configuration. These abstractions
can be implemented on top of any cryptographic library in any language. We have
implemented these abstractions in Python, and used them to write a wide variety
of well-known security protocols, including Signal, Kerberos, and TLS.
We show that programs using our abstractions are much smaller and easier to
write than using low-level libraries, where size of security protocols
implemented is reduced by about a third on average. We show our implementation
incurs a small overhead, less than 5 microseconds for shared key operations and
less than 341 microseconds (< 1%) for public key operations. We also show our
abstractions are safe against main types of cryptographic misuse reported in
the literature
The Security Protocol Verifier ProVerif and its Horn Clause Resolution Algorithm
ProVerif is a widely used security protocol verifier. Internally, ProVerif
uses an abstract representation of the protocol by Horn clauses and a
resolution algorithm on these clauses, in order to prove security properties of
the protocol or to find attacks. In this paper, we present an overview of
ProVerif and discuss some specificities of its resolution algorithm, related to
the particular application domain and the particular clauses that ProVerif
generates. This paper is a short summary that gives pointers to publications on
ProVerif in which the reader will find more details.Comment: In Proceedings HCVS/VPT 2022, arXiv:2211.1067
The Meeting Businessmen Problem: Requirements and Limitations
Let us assume that some businessmen wish to have a meeting. For this to happen, they usually have to meet somewhere. If they cannot meet physically, then they can take part in a video (or audio) conference to discuss whatever needs to be discussed. But what if their meeting is meant to be private? In this case they need a cryptographic protocol that allows them to exchange their ideas remotely, while keeping them secure from any potential eavesdropper. In this paper we list all the necessary requirements that a cryptographic protocol must have in order to allow several businessmen to exchange their ideas securely over the Internet. Moreover, and based on the standard taxonomy of cryptographic pro- tocols, we suggest several approaches on how to design cryptographic protocols that enable us to achieve our aim. Finally, we propose the design of a protocol that solves the meeting businessmen problem
On the Security of Cryptographic Protocols Using the Little Theorem of Witness Functions
In this paper, we show how practical the little theorem of witness functions
is in detecting security flaws in some category of cryptographic protocols. We
convey a formal analysis of the Needham-Schroeder symmetric-key protocol in the
theory of witness functions. We show how it helps to teach about a security
vulnerability in a given step of this protocol where the value of security of a
particular sensitive ticket in a sent message unexpectedly plummets compared
with its value when received. This vulnerability may be exploited by an
intruder to mount a replay attack as described by Denning and Sacco.Comment: Accepted at the 2019 IEEE Canadian Conference on Electrical &
Computer Engineering (CCECE) on March 1, 201
- …