We propose extensions to the Dolev-Yao attacker model to make it suitable for arguments about security of Cyber-Physical Systems. The Dolev-Yao attacker model uses a set of rules to define potential actions by an attacker with respect to messages (i.e. information) exchanged between parties during a protocol execution. As the traditional Dolev-Yao model considers only information (exchanged ove...

In a cognitive radio network, a secondary user learns the spectrum environment and dynamically accesses the channel where the primary user is inactive. At the same time, a primary user emulation (PUE) attacker can send falsified primary user signals and prevent the secondary user from utilizing the available channel. The best attacking strategies that an attacker can apply have not been well st...

Game Theory is a common approach used to understand attacker and defender motives, strategies, and allocation of limited security resources. For example, many defense algorithms are based on game-theoretic solutions that conclude that randomization of defense actions assures unpredictability, creating difficulties for a human attacker. However, many game-theoretic solutions often rely on ideali...

This paper shows several security weaknesses of a MultiFactor Authenticated Key Exchange (MK-AKE) protocol, proposed by Pointcheval and Zimmer at ACNS’08. The Pointcheval-Zimmer scheme was designed to combine three authentication factors in one system, including a password, a secure token (that stores a private key) and biometrics. In a formal model, Pointcheval and Zimmer formally proved that ...

The Domain Name System (DNS) protocol is used as a naming system for computers, services, or any other network resource. This paper presents a solution for the cache poisoning attack in which the attacker inserts incorrect data into the DNS cache. In order to successfully poison the cache, the attacker response must beat the real response in the race back to the local DNS server. In our model, ...

Previous work on dynamics of interpersonal interactions in 1 vs. 1 sub-phases of basketball has identified changes in interpersonal distance between an attacker and defender as a potential control parameter for influencing organizational states of attacker-defender dyads. Other studies have reported the constraining effect of relative velocity between an attacker and defender in 1 vs. 1 dyads. ...

In the inference attacks studied in Quantitative Information Flow (QIF), the attacker typically tries to interfere with the system in the attempt to increase its leakage of secret information. The defender, on the other hand, typically tries to decrease leakage by introducing some controlled noise. This noise introduction can be modeled as a type of protocol composition, i.e., a probabilistic c...

Periodic randomization of a computer program’s binary code is an attractive technique for defending against several classes of advanced threats. In this paper we describe a model of attacker-defender interaction in which the defender employs such a technique against an attacker who is actively constructing an exploit using Return Oriented Programming (ROP). In order to successfully build a work...