协议抗拒绝服务攻击性自动化证明被引量：4

Automatic proof of resistance of denial of service attacks in protocols

下载PDF

导出

摘要首先从攻击者上下文与进程表达式2个方面对标准应用PI演算进行扩展,然后从协议状态的角度,应用扩展后的应用PI演算对协议抗拒绝服务攻击性进行建模,提出一个基于定理证明支持一阶定理证明器ProVerif的抗拒绝服务攻击性自动化证明方法,最后应用ProVerif分析与验证了JFK协议与IEEE 802.11四步握手协议抗拒绝服务攻击性,发现IEEE 802.11四步握手协议存在一个新的拒绝服务攻击,并且针对IEEE 802.11四步握手协议存在的拒绝服务攻击提出了改进方法。 First,the applied PI calculus was extended from two aspects： attacker contexts and process expression,then from the view of protocol state,the protocols were modeled with the extended applied PI calculus and a automatic method of proof of resistance of denial of service attacks based on theorem proof with first order theorem prover ProVerif was presented,finally resistance of denial of service attacks in JFK protocol and IEEE 802.11 four-way handshake pro-tocol were analyzed.The results obtained are that JFK protocol is resistance of denial of service attack and IEEE 802.11 four-way handshake protocol is not.At the same time a new denial of service attack in IEEE 802.11 four-way handshake protocol was found.The methods to prevent resistance of denial of service attacks in IEEE 802.11 four-way handshake protocol were proposed.

作者孟博黄伟王德军邵飞

机构地区中南民族大学计算机科学学院

出处《通信学报》 EI CSCD 北大核心 2012年第3期112-121,共10页 Journal on Communications

基金国家民委基金资助项目(10ZN09) 国家自然科学基金资助项目(60603008) 中南民族大学自然科学基金资助项目(YZZ09008) 武汉市科技型中小企业技术创新基金资助项目(SZY11008)~~

关键词拒绝服务攻击形式化自动化证明协议状态 denial of service attacks formal method automatic proof protocol state

分类号 TP309 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献25

1YU C,GLIGOR V.A formal specification and verification method forthe prevention of denial of service[J].IEEE Transactions on SoftwareEngineering,1990,16(6):581-592.
2MEADOWS C.A cost-based framework for analysis of denial ofservice networks[J].Journal of Computer Security,2001,9(1/2):143-164.
3BLANCHET B.An efficient cryptographic protocol verifier based onprolog rules[A].Proc of the 14th IEEE Workshop on Computer Secu-rity Foundations Workshop(CSFW)[C].Cape Breton,Nova Scotia,Canada,2001.82-96.
4郭云川,丁丽,周渊,郭莉.基于ProVerif的电子商务协议分析[J].通信学报,2009,30(3):125-129. 被引量：4
5MENG B,HUANG W,LI Z M,et al.Automatic verification of secu-rity properties in remote Internet voting protocol with applied pi cal-culus[J].International Journal of Digital Content Technology and itsApplications,2010,4(7):88-107.
6MENG B.Refinement of mechanized proof of security properties ofremote Internet voting protocol in applied PI calculus with ProVerif[J].Information Technology Journal,2011,10(2):293-334.
7ABADI M,BLANCHET B,FOURNET C.Just fast keying in the picalculus[J].ACM Transactions on Information and System Security,2007,10(3):1-59.
8ABADI M,FOURNET C.Mobile values,new names,and securecommunication[A].Proc of the 28th ACM SIGPLAN-SIGACT Sym-posium on Principles of Programming Languages(POPL)[C].London,UK,2001.104-115.
9MILLEN J K.A resource allocation model for denial of service pro-tection[J].Journal of Computer Security,1993,2(2-3):89-106.
10CUPPENS F,SAUREL C.Towards a formalization of availability anddenial of service[A].Proc of Information Systems Technology PanelSymposium on Protecting Nato Information Systems in the 21st Cen-tury[C].Washington,1999.

二级参考文献31

1BURROWS M, ABADI M, NEEDHAM R. A logic of authentication[J]. ACM Transactions on Computer Systems,1990,8(1):18-36.
2KAILAR R. Accountability in electronic commerce protocol[J]. IEEE Transactions on software Engineering, 1996,22(5): 313-328.
3LOWE G. Breaking and fixing the needham-schroeder public-key protocol using FDR[A]. Proceedings of Tools and Algorithms for the Construction and Analysis of Systems (TACAS) [C]. 1996.147-166.
4PAULSON L C.Proving properties of security protocols by induction[A]. Proceedings of the 10th Computer Security Foundation Workshop[C]. 1997. 70-83.
5JAVlER F, FABREGA T, CHERZOG J, et al. Strand space: proving security protocols correct[J]. Journal of Computer Security, 1999, 7:191-230.
6BLANCHET B. A computationally sound mechanized prover for security protocols[C]. Proceedings of the 27th IEEE Symposium on Security & Privacy, 2006.140-154.
7BHARGAVAN K, FOURNET C, GORDON A, et al. Verified implementations of the information card federated identity-management protocol[A]. Proceedings of ACM Symposium on Information, Computer and Communications Security[C]. 2008.123-135.
8ABADI M, BLANCHET B, FOURNET C. Just fast keying in the pi calculus[J]. ACM Transactions on Information and System Security (TISSEC), 2007, 10(3):1-59.
9ABADI M, BLANCHET B, FOURNET C. Just fast keying in the pi calculus[J]. ACM Transactions on Information and System Security (TISSEC), 2007, 10(3):1-59.
10KREMER S, RYAN M D. Analysis of an electronic voting protocol in the applied pi calculus[A]. Proceedings of the European Symposium on Programming[C]. 2005.186-200.

共引文献6

1徐士伟,张焕国.基于应用π演算的可信平台模块的安全性形式化分析[J].计算机研究与发展,2011,48(8):1421-1429. 被引量：5
2刘文远,马生,司亚利,侯贵宾.有穷机和逻辑结合的电子商务协议分析方法[J].小型微型计算机系统,2013,34(3):492-497. 被引量：1
3何祝平,贾振红,山拜.达拉拜,刘伟.IEEE802.11i中2-步握手过程的安全性分析及应用[J].激光杂志,2014,35(7):55-58.
4顾香,潘进,王小明.密钥交换协议前向安全性的自动化分析[J].现代电子技术,2015,38(22):21-24.
5金大鹏,林宏刚.一种协议抗拒绝服务的形式化分析方法研究[J].成都信息工程学院学报,2015,30(5):465-469.
6高强,林星辰,林宏刚,金大鹏.安全协议抗DoS攻击的形式化分析研究[J].四川大学学报（自然科学版）,2018,55(6):1211-1218. 被引量：2

同被引文献27

1卫剑钒,陈钟,段云所,王立福.一种认证协议防御拒绝服务攻击的设计方法[J].电子学报,2005,33(2):288-293. 被引量：11
2崔媛媛 ,周永彬 ,丁金扣 ,温巧燕 .一种具有用户匿名性和前向安全性的WTLS握手协议的安全性分析及其改进[J].高技术通讯,2005,15(4):6-10. 被引量：3
3李建华,张爱新,薛质.网络安全协议的形式化分析与验证[M].北京:机械工业出版社,2010.
4KWAK D J, HA J, LEE H J C, et al. A WTLS handshake pro- tocol with user anonymity and forward secrecy [J]. Lecture Notes in Computer Science, 2003, 2524: 219-230.
5RYAN M D, SMYTH B. Applied Pi calaulus [M]. [S.1.]: IOS Press, 2011.
6BLANCHET B. An efficient cryptographic protocol verifier based on prolog rules [C]// Proceedings of 14th IEEE Computer Security Foundations Workshop. Nova Scotia, Canada: IEEE, 2002 : 82-96.
7BLANCHET B, SMYTH B, CHEVAL V. ProVerif 1.88: auto- matic cryptographic protocol verifier, user manual and tutorial [M]. [S.1.]: [s.n.], 2013.
8斯延森.密码学原理与实践[M].冯登国,译.3版.北京:电子工业出版社,2009.
9Meadows C. A formal framework and evaluation method for, network denial of service [ C ]//Pro- ceedings of 12th IEEE Computer, Security Foun- dations Workshop, 1999 : 4 - 13.
10Meadows C. A cost-based framework for analysis of denial of service networks[J ]. Journal of Com- puter Security, 2001,9:143 - 164.

引证文献4

1杨伊彤.基于SAML2.0的单点登录模型及其安全性研究[J].软件导刊,2015,14(10):131-133.
2顾香,潘进,王小明.密钥交换协议前向安全性的自动化分析[J].现代电子技术,2015,38(22):21-24.
3金大鹏,林宏刚.一种协议抗拒绝服务的形式化分析方法研究[J].成都信息工程学院学报,2015,30(5):465-469.
4高强,林星辰,林宏刚,金大鹏.安全协议抗DoS攻击的形式化分析研究[J].四川大学学报（自然科学版）,2018,55(6):1211-1218. 被引量：2

二级引证文献2

1刘云,肖添.IP黑名单关联聚类算法对恶意簇检测的优化研究[J].四川大学学报（自然科学版）,2021,58(1):91-98. 被引量：4
2王大飞,尚茜.计算机网络技术的应用与发展[J].新一代信息技术,2020,3(14):36-39.

1汪卫.基于ProVerif的安全协议形式化分析与验证[J].计算机安全,2011(10):41-44. 被引量：1
2焦政达,马建峰,孙聪,姚青松.新的车辆远程诊断授权协议[J].通信学报,2014,35(11):146-153. 被引量：3
3赵仲孟,饶芳艳,沈钧毅.状态监测技术的研究[J].计算机科学,2002,29(3):67-68. 被引量：1
4张杨.基于嵌入式Linux系统中网络通信研究与实现[J].辽宁大学学报（自然科学版）,2012,39(1):58-60.
5张大兴.TCP/IP协议异常状态转换及其安全性分析[J].计算机工程与设计,2005,26(6):1441-1443. 被引量：4
6顾纯祥,祝跃飞,光焱.可证明安全性自动化证明方法研究[J].电子与信息学报,2009,31(12):3001-3005. 被引量：1
7李慧君,江民斌,熊鹏.基于协议分析的网络攻击分类方法的研究[J].南昌水专学报,2004,23(4):66-70. 被引量：1
8陈安林,潘进,郭超,刘小琼.移动自组网中跨域两方认证密钥协商协议研究[J].计算机应用研究,2011,28(7):2734-2737. 被引量：6
9许博,陈鸣,孙瑞锦.FIFS:一种基于流序列的分组流识别方法[J].解放军理工大学学报（自然科学版）,2010,11(6):628-633.
10杨伊彤.基于SAML2.0的单点登录模型及其安全性研究[J].软件导刊,2015,14(10):131-133.

通信学报

2012年第3期

浏览历史

内容加载中请稍等...

协议抗拒绝服务攻击性自动化证明被引量：4

参考文献25

二级参考文献31

共引文献6

同被引文献27

引证文献4

二级引证文献2

相关作者

相关机构

相关主题

浏览历史

协议抗拒绝服务攻击性自动化证明 被引量：4

参考文献25

二级参考文献31

共引文献6

同被引文献27

引证文献4

二级引证文献2

相关作者

相关机构

相关主题

浏览历史

协议抗拒绝服务攻击性自动化证明被引量：4