http://www.cnr.it/ontology/cnr/individuo/prodotto/ID64101
Retaliation Against Protocol Attacks (Articolo in rivista)
- Type
- Label
- Retaliation Against Protocol Attacks (Articolo in rivista) (literal)
- Anno
- 2008-01-01T00:00:00+01:00 (literal)
- Alternative label
[1] Bistarelli S., [2] Bella G., [3] Massacci F. (2008)
Retaliation Against Protocol Attacks
in Journal of information assurance and security; Dynamic Publishers, Inc., Atlanta (Stati Uniti d'America)
(literal)
- Http://www.cnr.it/ontology/cnr/pubblicazioni.owl#autori
- [1] Bistarelli S., [2] Bella G., [3] Massacci F. (literal)
- Pagina inizio
- Pagina fine
- Http://www.cnr.it/ontology/cnr/pubblicazioni.owl#numeroVolume
- Rivista
- Http://www.cnr.it/ontology/cnr/pubblicazioni.owl#note
- to be published (literal)
- Http://www.cnr.it/ontology/cnr/pubblicazioni.owl#affiliazioni
- [1] IIT- CNR, Pisa, Italy; [2] Dip. di Matematica e Informatica Università di Catania, Italy; [3] Dip. di Informatica e Telecomunicazioni Università di Trento, Italy (literal)
- Titolo
- Retaliation Against Protocol Attacks (literal)
- Abstract
- Security protocols intend to give their parties reasonable assurance that certain
security properties will protect their communication session. However, the literature
confirms that the protocols may suffer subtle and hidden attacks. Flawed
protocols are customarily sent back to the design process, but the costs of reengineering
a deployed protocol may be prohibitive. This paper outlines the concept
of retaliation: who would steal a sum of money today, should this pose significant
risks of having twice as much stolen back tomorrow? When ethics is left behind,
attacks are always balanced decisions: if an attack can be retaliated, the economics
of security may convince the attacker to refrain from attacking, and us to live with
a flawed protocol. This new perspective requires a new threat model where any
party may decide to subvert the protocol for his own sake, depending on the risks
of retaliation. This threat model, which for example is also suitable to studying
non-repudiation protocols, seems more appropriate than the Dolev-Yao model to
the present technological/social setting. It is demonstrated that machine-assisted
protocol verification can and must be tailored to the new threat model. (literal)
- Editore
- Prodotto di
- Autore CNR
- Insieme di parole chiave
Incoming links:
- Prodotto
- Autore CNR di
- Http://www.cnr.it/ontology/cnr/pubblicazioni.owl#rivistaDi
- Editore di
- Insieme di parole chiave di