Abstract
In security protocol analysis, the traditional choice to consider a single Dolev-Yao attacker is supported by the fact that models with multiple collaborating Dolev-Yao attackers are reducible to models with one Dolev-Yao attacker. In this paper, we take a fundamentally different approach and investigate the case of multiple non-collaborating attackers. We formalize a framework for multi-attacker scenarios and show, through a case study, that concurrent competitive attacks can interfere with each other. It is then possible to exploit interference to provide a form of defense to vulnerable protocols.
Highlights
In Fiazza et al (2011a,b), we considered the Boyd–Mathuria Example (BME), a deliberately vulnerable protocol introduced in Boyd and Mathuria (2003)
In a single-attacker situation, there is no protocol-independent indicator that could be used by honest agents to become aware that security has been compromised
Introducing an appropriate guardian procedure as soon as new attacks are discovered can mitigate the consequences of vulnerable protocols still being in use
Summary
Context and Motivation The typical attacker adopted in security protocol analysis is the Dolev–Yao (DY) attacker (Dolev and Yao, 1983), who can synthesize, send, and intercept messages at will but cannot break cryptography (i.e., the DY model follows the perfect cryptography assumption) He is in complete control of the network – he is often formalized as being the network itself – and is stronger than any attacker that can be implemented in real-life situations. Basin et al (2009) and Schaller et al (2009) extend the DY model to account for network topology, transmission delays, and node positions in the analysis of real-world security protocols, in particular for wireless networks This results in multiple distributed attackers, with restricted, but more realistic, communication capabilities than those of the standard DY attacker.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
