论文信息 - Identifying Dependency Between Secure Messages for Protocol Analysis

Identifying Dependency Between Secure Messages for Protocol Analysis

Collusion attack has been recognized as a key issue in e-commerce systems and increasingly attracted people's attention for quite some time in the literatures of information security. Regardless of the wide application of security protocol, this attack has been largely ignored in the protocol analysis. There is a lack of efficient and intuitive approaches to identify this attack since it is usually hidden and uneasy to find. Thus, this article addresses this critical issue using a compact and intuitive Bayesian network (BN)-based scheme. It assists in not only discovering the secure messages that may lead to the attack but also providing the degree of dependency to measure the occurrence of collusion attack. The experimental results demonstrate that our approaches are useful to detect the collusion attack in secure messages and enhance the protocol analysis.

Shichao Zhang | Qingfeng Chen | Yi-Ping Phoebe Chen

[1] Catherine A. Meadows,et al. Formal methods for cryptographic protocol analysis: emerging issues and trends , 2003, IEEE J. Sel. Areas Commun..

[2] Martín Abadi,et al. Secrecy by typing in security protocols , 1999, JACM.

[3] Yunghsiang Sam Han,et al. A pairwise key predistribution scheme for wireless sensor networks , 2005, TSEC.

[4] Shichao Zhang,et al. Detecting Collusion Attacks in Security Protocols , 2006, APWeb.

[5] A. Murat Tekalp,et al. Collusion-resilient fingerprinting using random prewarping , 2003, Proceedings 2003 International Conference on Image Processing (Cat. No.03CH37429).

[6] Dan Boneh,et al. Collusion-Secure Fingerprinting for Digital Data , 1998, IEEE Trans. Inf. Theory.

[7] Yanchun Zhang,et al. Frontiers of WWW Research and Development - APWeb 2006, 8th Asia-Pacific Web Conference, Harbin, China, January 16-18, 2006, Proceedings , 2006, APWeb.

[8] Richard E. Neapolitan,et al. Learning Bayesian networks , 2007, KDD '07.