WG Attack Taxonomy
نویسندگان
چکیده
An obvious problem in this area is payload inspection of encrypted traffic: since the network-based intrusion detection system (NIDS) commonly has no access to the encryption keys, it can not decrypt the captured data and, therefore, no analysis is possible. From a network perspective it is thus hard to deal with encrypted traffic. However, more and more traffic within networks uses some form of encryption (e.g., IPSec or SSL) and, thus, we need to develop approaches to also deal with this kind of network traffic in the future. Traditional attack venues such as buffer overruns or exploits of input validation errors have been known for a long time and are widely understood. As a result, a large number of defense mechanisms have been devised [16, 18]. For client-side attacks, however, only a few viable defense solutions have emerged so far. These techniques often focus on one particular problem area only and fail to address the larger and more general problem of unauthorized information flow attacks. A distinctive feature of client-side attacks is that security problems often cannot be traced to a particular vulnerability that can be easily fixed. In fact, the danger is precisely that the client’s security policy is not obviously and immediately violated. In case of a cross-site scripting attack, the malicious script is truly sent by the trusted server and thus, has to be granted the privilege to access the session tokens. Similarly, when a user enters sensitive data into a web form on a phishing site or installs spyware, agreeing to the license, one could argue that there is no problem because a deliberate action is taken and information is voluntarily disclosed. Such a point of view, however, neglects the fact that there is an implicit security requirement of users who do not want to disclose their sensitive data. Thus, even when the sameorigin policy is not violated by a cross-site scripting attack, there is an implicit policy that dictates that no sensitive user data should be disclosed to unauthorized parties. Furthermore, sending of code from server to client becomes more and more common (e.g., AJAX sends JavaScript over the network) and this new interaction model poses further challenges since a NIDS would need to inspect and verify the code. By moni-
منابع مشابه
An Improved Attack on WG Stream Cipher
WG is a synchronous stream cipher submitted to the hardware profile of eSTREAM project. The main feature of this stream cipher is the use of WG transformation. WG uses keys and initial vectors (IVs) of the same lengths 80, 96, 112 and 128 bits. Moreover, IVs of the length 32 and 64 bits are admitted. The most important key recovery attack on WG was presented by Wu and Preneel and uses the weakn...
متن کاملResynchronization Attacks on WG and LEX
WG and LEX are two stream ciphers submitted to eStream – the ECRYPT stream cipher project. In this paper, we point out security flaws in the resynchronization of these two ciphers. The resynchronization of WG is vulnerable to a differential attack. For WG with 80-bit key and 80-bit IV, 48 bits of the secret key can be recovered with about 2 chosen IVs . For each chosen IV, only the first four k...
متن کاملMILP-Based Cube Attack on the Reduced-Round WG-5 Lightweight Stream Cipher
The cube attack is a powerful cryptanalytic tool for the analysis of stream ciphers, which until recently were investigated in a blackbox scenario with a minimal consideration to their internal and polynomial structures. In this paper, we analyze the lightweight stream cipher WG5, which offers 80-bit security, using cube attacks in a non-blackbox polynomial setting employing the division proper...
متن کاملAVOIDIT: A Cyber Attack Taxonomy
Cyber attacks have greatly increased over the years, where the attackers have progressively improved in devising attacks towards a specific target. To aid in identifying and defending against cyber attacks we propose a cyber attack taxonomy called AVOIDIT (Attack Vector, Operational Impact, Defense, Information Impact, and Target). We use five major classifiers to characterize the nature of an ...
متن کاملDeveloping a Defense-centric Attack Taxomony
Many classifications of attacks have been tendered, often in taxonomic form. A common basis of these taxonomies is that they have been framed from the perspective of an attacker – they organize attacks with respect to the attacker’s goals, such as privilege elevation from user to root (from the well known Lincoln taxonomy). Taxonomies based on attacker goals are attack-centric; those based on d...
متن کاملA Taxonomy of DDoS Attacks and DDoS Defense Mechanisms
This paper proposes a taxonomy of distributed denial-ofservice attacks and a taxonomy of the defense mechanisms that strive to counter these attacks. The attack taxonomy is illustrated using both known and potential attack mechanisms. Along with this classification we discuss important features of each attack category that in turn define the challenges involved in combating these threats. The d...
متن کامل