Model–Based Testing of Cryptographic Protocols

Rosenzweig, Dean; Runje, Davor; Schulte, Wolfram

doi:10.1007/11580850_4

Cited by 8 publications

(7 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Despite the title, the paper [17] is not really about model-based testing of cryptographic protocols in our usage of the term "model-based testing" (i.e., generate test-sequences from models) but rather about soundness and completeness of symbolic models of cryptographic protocols with respect to computational complexity models, and about using the SpecExplorer for model-checking Spec-sharp models of cryptographic protocols. The approach proposed in [15] deals with the problem of establishing whether or not a security property expressed using an observer formalised as an input/output labelled transition system (IOLTS) holds in an IOLTS providing a black-box specification of the system.…”

Section: Related Workmentioning

confidence: 98%

Model-based Security Testing Using UMLsec

Jürjens

2008

Electronic Notes in Theoretical Computer Science

View full text Add to dashboard Cite

Designing and implementing security-critical systems correctly is very difficult. In practice, most vulnerabilities arise from bugs in implementations. We present work towards systematic specification-based testing of security-critical systems based on UMLsec models. We show how to systematically generate test sequences for security properties based on the model that can be used to test the implementation for vulnerabilities. We explain our method at the example of a part of the Common Electronic Purse Specifications (CEPS), a candidate for an international electronic purse standard.

show abstract

Section: Related Workmentioning

confidence: 98%

Model-based Security Testing Using UMLsec

Jürjens

2008

Electronic Notes in Theoretical Computer Science

View full text Add to dashboard Cite

show abstract

“…Nonce can be generated in many ways but for the proposed solution pseudo random nonce is recommended so that nonce for upcoming packets cannot be predicted. Nonce generation is a separate research issue and is explained in [9].…”

Section: Noncementioning

confidence: 99%

Threats Identification and their Solution in Inter-Basestation Dynamic Resource Sharing IEEE-802.22

Shaukat

Khan

Ahmed

2008

2008 International Conference on Convergence and Hybrid Information Technology

View full text Add to dashboard Cite

Cognitive Radio based IEEE 802.22 deploys the concept of maximum resource utilization through dynamic resource sharing. Inter base station resource sharing is dynamic process in IEEE 802.22 and is accomplished by exchange of control messages between the neighboring base stations. Insecure transmission of control channels open vulnerable holes for the Denial of Service attacks on base station. First the paper identifies the rogue base station and replay attacks during the resource sharing between the base stations that can snatch the resources from the renter base station. Then paper presents a hybrid approach of timestamp, nonce and Digital Signature to authenticate the sender and avoid the attacks.

show abstract

“…Rosenzweig, Runje, and Schulte explained this abstraction process, 'experiments as structures', and argued for its faithfulness in [16]. They showed how the Dolev-Yao intruder model fits into Spec Explorer.…”

Section: Model-based Testing Of Cryptographic Protocolsmentioning

confidence: 99%

“…Here we highlight Professor Rosenzweig's contributions to modeling, analysis, and testing of network security protocols [14] - [16], and his work on information technology used in the Zagreb Stock Exchange. His work on program specification and verification, evolving algebras, and abstract state machines [1]- [13] and [17]- [19] is described in eloquent tributes by Egon Börger [20] and Yuri Gurevich [21].…”

Section: Dean Rosenzweig (1949 -2007)mentioning

confidence: 99%