Skip to main content
SpringerLink
Log in

Modeling Partial Attacks with Alloy

  • Conference paper
Security Protocols (Security Protocols 2007)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5964))

Included in the following conference series:

Abstract

The automated and formal analysis of cryptographic primitives, security protocols and Application Programming Interfaces (APIs) up to date has been focused on discovering attacks that completely break the security of a system. However, there are attacks that do not immediately break a system but weaken the security sufficiently for the adversary. We term these attacks partial attacks and present the first methodology for the modeling and automated analysis of this genre of attacks by describing two approaches. The first approach reasons about entropy and was used to simulate and verify an attack on the ECB|ECB|OFB triple-mode DES block-cipher. The second approach reasons about possibility sets and was used to simulate and verify an attack on the personal identification number (PIN) derivation algorithm used in the IBM 4758 Common Cryptographic Architecture.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Diffie, W., Hellman, M.: Exhaustive cryptanalysis of the NBS data encryption standard. Computer 10(6), 74–84 (1977)

    Article  Google Scholar 

  2. Biham, E.: Cryptanalysis of triple-modes of operation. Technical Report, Computer Science Department, Technion (CS0885) (1996)

    Google Scholar 

  3. Clulow, J.: The design and analysis of cryptographic APIs for security devices. Master’s thesis, University of Natal (2003)

    Google Scholar 

  4. Bond, M., Zielinski, P.: Decimalisation table attacks for PIN cracking. Technical Report, University of Cambridge (560) (2003)

    Google Scholar 

  5. Lin, A.: Automated analysis of security APIs. Master’s thesis, Massachusetts Institute of Technology (2005)

    Google Scholar 

  6. Shannon, C.E.: A mathematical theory of communication. Bell System Technical Journal 27, 379–423, 623-656 (1948)

    Article  MathSciNet  MATH  Google Scholar 

  7. Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory 29 (1983)

    Google Scholar 

  8. Jackson, D.: Alloy 3.0 Reference Manual. Software Design Group (2004)

    Google Scholar 

  9. Software Design Group, MIT (2004), http://alloy.mit.edu

  10. Goldberg, E., Novilov, Y.: Berkmin: A fast and robust SAT-solver (2002)

    Google Scholar 

  11. Biham, E.: Cryptanalysis of multiple modes of operation. Technical Report, Computer Science Department, Technion (CS0833) (1994)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science and Artificial Intelligence Laboratory, Massachusetts Institute of Technology, 77 Massachusetts Avenue, Cambridge, MA, 02139, USA

    Amerson Lin

  2. Computer Laboratory, University of Cambridge, 15 JJ Thomson Avenue, Cambridge, CB3 0FD, United Kingdom

    Mike Bond & Jolyon Clulow

Authors
  1. Amerson Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mike Bond
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jolyon Clulow
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science Department, University of Hertfordshire, AL10 9AB, Hatfield, UK

    Bruce Christianson  & James A. Malcolm  & 

  2. University of Trento, Trento, Italy

    Bruno Crispo

  3. Microsoft Research Ltd.,, Roger Needham Building, 7 JJ Thomson Avenue, CB3 0FB, Cambridge, UK

    Michael Roe

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Lin, A., Bond, M., Clulow, J. (2010). Modeling Partial Attacks with Alloy . In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2007. Lecture Notes in Computer Science, vol 5964. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17773-6_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-17773-6_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-17772-9

  • Online ISBN: 978-3-642-17773-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation