TY - GEN
T1 - Design requirements to counter parallel session attacks in security protocols
AU - Jurcut, Anca D.
AU - Coffey, Tom
AU - Dojen, Reiner
N1 - Publisher Copyright:
© 2014 IEEE.
PY - 2014
Y1 - 2014
N2 - This work is concerned with the possible exploitation of weaknesses in security protocols by attackers using parallel session attacks and discovering ways of eliminating these weaknesses. A new analysis is presented on the reasons why security protocols, with certain weaknesses in their design, are vulnerable to parallel session attacks. Building on this analysis a new set of design requirements is proposed, whose aim is to eliminate these vulnerabilities. The proposed set of design requirements is evaluated by applying them to a range of security protocols with known weaknesses as well as protocols known to be free of these weaknesses. The results of the evaluation indicate that the set of design requirements are effective as: protocols with known weaknesses violate some of the rules, while protocols without weaknesses do not violate any of the rules.
AB - This work is concerned with the possible exploitation of weaknesses in security protocols by attackers using parallel session attacks and discovering ways of eliminating these weaknesses. A new analysis is presented on the reasons why security protocols, with certain weaknesses in their design, are vulnerable to parallel session attacks. Building on this analysis a new set of design requirements is proposed, whose aim is to eliminate these vulnerabilities. The proposed set of design requirements is evaluated by applying them to a range of security protocols with known weaknesses as well as protocols known to be free of these weaknesses. The results of the evaluation indicate that the set of design requirements are effective as: protocols with known weaknesses violate some of the rules, while protocols without weaknesses do not violate any of the rules.
KW - design requirements
KW - parallel session attacks
KW - security protocols
UR - http://www.scopus.com/inward/record.url?scp=84910104344&partnerID=8YFLogxK
U2 - 10.1109/PST.2014.6890952
DO - 10.1109/PST.2014.6890952
M3 - Conference contribution
AN - SCOPUS:84910104344
T3 - 2014 12th Annual Conference on Privacy, Security and Trust, PST 2014
SP - 298
EP - 305
BT - 2014 12th Annual Conference on Privacy, Security and Trust, PST 2014
A2 - Miri, Ali
A2 - Josang, Audun
A2 - Garcia-Alfaro, Joaquin
A2 - Hengartner, Urs
A2 - Huang, Nen-Fu
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2014 12th Annual Conference on Privacy, Security and Trust, PST 2014
Y2 - 23 July 2014 through 24 July 2014
ER -