Detecting Intrusions in Security Protocols
نویسنده
چکیده
Secure electronic communication relies on the application of cryptography. However, even with perfect encryption, communication may be compromised without effective security protocols for key exchange, authentication, privacy, etc. We are beginning to see environments characterized by high volume encrypted traffic between large numbers of communicating principals, facilitated by heterogeneous infrastructure-based trusted services, e.g. Public Key Infrastructures. These vital services are dependent on security protocols. Unfortunately, security protocols are known to be highly susceptible to subtle errors. To date, we have relied on formal methods to tell us if our security protocols are effective. These methods do not provide complete or measurable protocol security. Moreover, security protocols are subject to the same implementation and administrative vulnerabilities as communication protocols. As a result, we are and will operate security protocols that have known and unknown flaws. In this paper, we describe a method and architecture to detect intrusions in security protocol environments. Our method is based on classic intrusion detection techniques of knowledge-based and behavior-based techniques detection. Section
منابع مشابه
Detecting Bot Networks Based On HTTP And TLS Traffic Analysis
Abstract— Bot networks are a serious threat to cyber security, whose destructive behavior affects network performance directly. Detecting of infected HTTP communications is a big challenge because infected HTTP connections are clearly merged with other types of HTTP traffic. Cybercriminals prefer to use the web as a communication environment to launch application layer attacks and secretly enga...
متن کاملEmbedded Monitors for Detecting and Preventing Intrusions in Cryptographic and Application Protocols
Intrusion Detection Systems (IDS) are responsible detecting intrusions in order to protect information from unauthorized access or manipulation. There are two main approaches for intrusion detection: signature-based and anomaly-based. Signature-based detection employs pattern matching to match attack signatures with observed data making it ideal for detecting known attacks. However, it cannot d...
متن کاملDetecting Anomalous and Unknown Intrusions Against Programs
The ubiquity of the Internet connection to desktops has been both boon to business as well as cause for concern for the security of digital assets that may be unknowingly exposed. Firewalls have been the most commonly deployed solution to secure corporate assets against intrusions, but rewalls are vulnerable to errors in con guration, ambiguous security policies, data-driven attacks through all...
متن کاملWhy Information Security is Hard-An Economic Perspective
According to one common view, information security comes down to technical measures. Given better access control policy models, formal proofs of cryptographic protocols, approved firewalls, better ways of detecting intrusions and malicious code, and better tools for system evaluation and assurance, the problems can be solved. In this note, I put forward a contrary view: information insecurity i...
متن کاملCurrent approaches to detecting intrusions
Before the flourishing of the Internet, computers were limited to the walls of the organization where computers were linked to each other but had little contact with computer systems outside. Now, we can reach farther, and can expose and link our computers to the entire world; however, such capabilities have made our privacy and assets vulnerable to cyber space attackers. Fortunately, attacks c...
متن کامل