Detecting Collusion Attacks in Security Protocols

  • Qingfeng Chen
  • Yi-Ping Phoebe Chen
  • Shichao Zhang
  • Chengqi Zhang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3841)

Abstract

Security protocols have been widely used to safeguard secure electronic transactions. We usually assume that principals are credible and shall not maliciously disclose their individual secrets to someone else. Nevertheless, it is impractical to completely ignore the possibility that some principals may collude in private to achieve a fraudulent or illegal purpose. Therefore, it is critical to address the possibility of collusion attacks in order to correctly analyse security protocols. This paper proposes a framework by which to detect collusion attacks in security protocols. The possibility of security threats from insiders is especially taken into account. The case study demonstrates that our methods are useful and promising in discovering and preventing collusion attacks.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Burrows, M., Abadi, M., Needham, R.: A logic for Authentication. ACM Transactions on Computer Systems 8(1), 18–36 (1990)CrossRefGoogle Scholar
  2. 2.
    Zhang, C., Zhang, S.: Association Rule Mining: Models and Algorithms. In: Zhang, C., Zhang, S. (eds.) Association Rule Mining. LNCS (LNAI), vol. 2307. Springer, Heidelberg (2002)Google Scholar
  3. 3.
    Denning, D., Sacco, G.: Timestamp in Key Distribution Protocols. Communications of ACM 24(8), 533–536 (1981)CrossRefGoogle Scholar
  4. 4.
    Chen, Q., Zhang, C., Zhang, S.: ENDL: A Logical Framework for Verifying Secure Transaction Protocols. Knowledge and Information Systems 7(1), 84–109 (2005)CrossRefGoogle Scholar
  5. 5.
    Heintze, N., Tygar, J., Wing, J., Wong, H.: Model Checking Electronic Commerce Protocols. In: Proceedings of the 2nd USENIX Workshop on Electronic Commerce, Oakland, California, pp. 147–164 (November 1996)Google Scholar
  6. 6.
    Boneh, D., Shaw, J.: Collusion-secure fingerprinting for digital data. IEEE Transactions on Information Theory 44(5), 1897–1905 (1998)MATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    Celik, M.U., Sharma, G., Tekalp, A.M.: Collusion-resilient fingerprinting using random pre-warping. In: Proceeding of IEEE International Conference of Image Processing, pp. 509–512 (2003)Google Scholar
  8. 8.
    Bratko, I.: Prolog Programming for Artificial Intelligence. Addison-Wesley, Reading (1990)Google Scholar
  9. 9.
    SET Secure Electronic Transaction Specification, Book 1: Business Description, Version 1.0, May 31 (1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Qingfeng Chen
    • 1
  • Yi-Ping Phoebe Chen
    • 1
  • Shichao Zhang
    • 2
  • Chengqi Zhang
    • 2
  1. 1.School of Information TechnologyDeakin UniversityMelbourneAustralia
  2. 2.Faculty of Information TechnologyUniversity of Technology SydneyBroadwayAustralia

Personalised recommendations