Detecting Subverted Cryptographic Protocols by Entropy Checking

نویسندگان

Julien Olivain

Jean Goubault-Larrecq

چکیده

What happens when your implementation of SSL or some other cryptographic protocol is subverted through a buffer overflow attack? You have been hacked, yes. Unfortunately, you may be unaware of it: because normal traffic is encrypted, most IDSs cannot monitor it. We propose a simple, yet efficient technique to detect most of such attacks, by computing the entropy of the flow and comparing it against known thresholds.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Verifying Security Properties in Unbounded Multiagent Systems

We study the problem of analysing the security for an unbounded number of concurrent sessions of a cryptographic protocol. Our formal model accounts for an arbitrary number of agents involved in a protocol-exchange which is subverted by a Dolev-Yao attacker. We define the parameterised model checking problem with respect to security requirements expressed in temporal-epistemic logics. We formul...

متن کامل

A short introduction to two approaches in formal verification of security protocols: model checking and theorem proving

In this paper, we shortly review two formal approaches in verification of security protocols; model checking and theorem proving. Model checking is based on studying the behavior of protocols via generating all different behaviors of a protocol and checking whether the desired goals are satisfied in all instances or not. We investigate Scyther operational semantics as n example of this...

متن کامل

Fingerprinting Cryptographic Protocols with Key Exchange using an Entropy Measure

Encryption has increasingly been used in all applications for various purposes, but it also brings big challenges to network security. In this paper, we take first steps towards addressing some of these challenges by introducing a novel system to identify key exchange protocols, which are usually required if encryption keys are not pre-shared. We observed that key exchange protocols yield certa...

متن کامل

Self-Guarding Cryptographic Protocols against Algorithm Substitution Attacks

We put forward the notion of self-guarding cryptographic protocols as a countermeasure to algorithm substitution attacks. Such self-guarding protocols can prevent undesirable leakage by subverted algorithms if one has the guarantee that the system has been properly working in an initialization phase. Unlike detection-based solutions they thus proactively thwart attacks, and unlike reverse firew...

متن کامل

Mémoire d ' Habilitation à Diriger les Recherches

Security is a very old concern, which until quite recently was mostly of interest for military purposes. The deployment of electronic commerce changes this drastically. The security of exchanges is ensured by cryptographic protocols which are notoriously error prone. The formal veri cation of cryptographic protocols is a di cult problem that can be seen as a particular model-checking problem in...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره شماره

صفحات -

تاریخ انتشار 2006

Detecting Subverted Cryptographic Protocols by Entropy Checking

نویسندگان

چکیده

منابع مشابه

Verifying Security Properties in Unbounded Multiagent Systems

A short introduction to two approaches in formal verification of security protocols: model checking and theorem proving

Fingerprinting Cryptographic Protocols with Key Exchange using an Entropy Measure

Self-Guarding Cryptographic Protocols against Algorithm Substitution Attacks

Mémoire d ' Habilitation à Diriger les Recherches

عنوان ژورنال:

اشتراک گذاری