Advertisement

Active Linking Attacks

  • Henning Schnoor
  • Oliver Woizekowski
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9235)

Abstract

We study linking attacks on communication protocols. We observe that an active attacker is strictly more powerful in this setting than previously-considered passive attackers. We introduce a formal model to reason about active linking attacks, formally define security against these attacks and give conditions for both security and insecurity of protocols. In addition, we introduce a composition-like technique that allows to obtain security proofs by only studying small components of a protocol.

Keywords

Function Call Secure Protocol Security Proof User Session Tracking Strategy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Aho, A.V., Beeri, C., Ullman, J.D.: The theory of joins in relational databases. ACM Trans. Database Syst. 4(3), 297–314 (1979)CrossRefGoogle Scholar
  2. 2.
    Arapinis, M., Chothia, T., Ritter, E., Ryan, M.: Analysing unlinkability and anonymity using the applied pi calculus. In: CSF, pp. 107–121. IEEE Computer Society (2010)Google Scholar
  3. 3.
    Bhargavan, K., Corin, R., Fournet, C., Gordon, A.D.: Secure sessions for web services. ACM Trans. Inf. Syst. Secur. 10(2) (2007)Google Scholar
  4. 4.
    Backes, M., Maffei, M., Pecina, K., Reischuk, R.M.: G2C: cryptographic protocols from goal-driven specifications. In: Mödersheim, S., Palamidessi, C. (eds.) TOSCA 2011. LNCS, vol. 6993, pp. 57–77. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  5. 5.
    Biryukov, A., Pustogarov, I., Weinmann, R.-P.: TorScan: tracing long-lived connections and differential scanning attacks. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 469–486. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  6. 6.
    Dong, N., Jonker, H., Pang, J.: Formal analysis of privacy in an ehealth protocol. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 325–342. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  7. 7.
    Eigner, F., Maffei, M.: Differential privacy by typing in security protocols. In: CSF, pp. 272–286. IEEE (2013)Google Scholar
  8. 8.
    Maier, D., Mendelzon, A.O., Sagiv, Y.: Testing implications of data dependencies. ACM Trans. Database Syst. 4(4), 455–469 (1979)CrossRefGoogle Scholar
  9. 9.
    Narayanan, A., Shmatikov, V.: Robust de-anonymization of large sparse datasets. In: IEEE Symposium on Security and Privacy, pp. 111–125. IEEE Computer Society (2008)Google Scholar
  10. 10.
    Rusinowitch, M., Turuani, M.: Protocol insecurity with a finite number of sessions, composed keys is NP-complete. Theoret. Comput. Sci. 1–3(299), 451–475 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Schnoor, H., Woizekowski, O.: Active linkability attacks. CoRR, abs/1311.7236 (2014)Google Scholar
  12. 12.
    Sweeney, L.: Achieving \(k\)-anonymity privacy protection using generalization and suppression. Int. J. Fuzziness Knowl. Based Syst. 10(5), 571–588 (2002)MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Veeningen, M., de Weger, B., Zannone, N.: Symbolic privacy analysis through linkability and detectability. In: Fernández-Gago, C., Martinelli, F., Pearson, S., Agudo, I. (eds.) Trust Management VII. IFIP AICT, vol. 401, pp. 1–16. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  14. 14.
    Vollmer, H.: Introduction to Circuit Complexity - A Uniform Approach. Texts in theoretical computer science. Springer, Heidelberg (1999) CrossRefzbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2015

Authors and Affiliations

  1. 1.Institut Für InformatikChristian-Albrechts-Universität Kiel Olshausenstraße 40KielGermany

Personalised recommendations