Abstract

In this article the subject of DoS vulnerabilities of cryptographic key establishment and authentication protocols is discussed. The system for computer-aided DoS protocol resistance analysis, which employs the Petri nets formalism and Spin model-checker, is presented.

Highlights

  • Denial of service attacks (DoS ) limits the server abilities to respond to clients’ requests

  • The article will focus on the computational DoS (CDoS ) attacks, that exhaust servers computational resources and connections queue

  • This section will demonstrate the results of analysis of two examplary protocols: the simple STS protocol [15, 16] and the SigmaI protocol [16, 17] that has been equipped with the DoS resistance mechanisms

Read more

Summary

Our approach

The output includes the information on the most dangerous attack types and vulnerabilities as well as comparison and evaluation of different protocols DoS. Running a simulation for each type of attack, with a chosen number of honest clients and attackers of the type under consideration. (4) Comparing different attack scenarios – finding the most dangerous attack type at (which exposes vulnerabilities of the protocol), such that:. F (atj) – the number of successful honest clients protocol runs, for a Usimulation with the j-th attacker type,. AT – the number of attacker types in the modelled protocol, defined by equation (3) (in this article bounded by 15). Ati is the most dangerous attack type in the i -th protocol, as denoted by equation (1)

Protocol model for the DoS analysis
Static protocol model
Clients launching DoS attacks
Dynamic protocol model
Modelling protocol as a Petri net
Petri nets simulation tool choice
Results
Conclusions
Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.