ProtoMon: Embedded monitors for cryptographic protocol intrusion detection and prevention

Journal of Universal Computer Science

Volumn 11, Issue 1, 2005, Pages 83-103

  Joglekar, Sachin P ^a   Tate, Stephen R ^a  

^a UNIVERSITY OF NORTH TEXAS   (United States)

Author keywords

Computer Security; Cryptographic Protocol Abuse; Intrusion Detection

Indexed keywords

EID: 23844533214     PISSN: 0958695X     EISSN: 09486968     Source Type: Journal    
DOI: None     Document Type: Conference Paper

References (29)

1. [Arshad and Chan 2003] M. Arshad, P. Chan, Identifying Outliers via Clustering for Anomaly Detection, Technical Report CS-2003-19, Dept. of Computer Science, Florida Institute of Technology, 2003.
2. [Bleichenbacher 1998] D. Bleichenbacher, Chosen Ciphertext Attacks against Protocols based on the RSA Encryption Standard PKCS#1, Proceedings of CRYPTO'98, pp 1-12, 1998.
3. [Brumley and Boneh 2003] D. Brumley, D. Boneh, Remote Timing Attacks are Practical, 12th USENIX Security Symposium, pp. 1-14, 2003.
4. [Canvel et al. 2003] B. Canvel, A. Hiltgen, S. Vaudenay, M. Vuagnoux, Password Interception in a SSL/TLS Channel, in Proc. of CRYPTO 2003, pp. 583-599, 2003.
5. [CERT 2002a] CERT, "OpenSSL servers contain a buffer overflow during the SSL2 handshake process", CERT Vulnerability Note #102795, July 2002.
6. [CERT 2002b] CERT, "OpenSSL servers contain a remotely exploitable buffer overflow vulner-ability during the SSL3 handshake process", CERT Vulnerability Note #561275, July 2002.
7. [Cervesato 1999] I. Cervesato, N. Durgin, P. Lincoln, J. Mitchell, A. Scedrov, A Meta-Notation for Protocol Analysis, Proc. 12th IEEE Computer Security Foundations Workshop, pp. 55-69, 1999.
8. [Dolev and Yao 1983] D. Dolev, A. Yao, On the Security of Public Key Protocols, IEEE Transactions on Information Theory, 29(2): 198-208, March 1983.
9. [Forrest et al. 1996] S. Forrest, S.A. Hofmeyr, A. Somayaji, A Sense of Self for Unix Processes, IEEE Symposium on Security and Privacy, pp. 120-128, 1996.
10. [Heintze 1996] N. Heintze, J.D. Tygar, A Model for Secure Protocols and their Composition, IEEE Transactions on Software Engineering, 22(1):16-30, January 1996.
11. [Joglekar and Tate 2004] S. P. Joglekar and S. R. Tate, ProtoMon: Embedded Monitors for Cryptographic Protocol Intrusion Detection and Prevention, 2004 IEEE Conference on Information Technology: Coding and Computing (ITCC), pages 81-88.
12. [Klima et al. 2003] V. Klima, O. Pokorny, T. Rosa, "Attacking RSA-based Sessions in SSL/TLS," in Proc. of Cryptographic Hardware and Embedded Systems (CHES), 2003, pp. 426-440.
13. [LaBrea] The LaBrea Project, Sourceforge, http://labrea.sourceforge.net.
14. [Lee and Stolfo 1998] W. Lee, S. Stolfo, Data mining Approaches for Intrusion Detection, USENIX Security Symposium, 1998, pp. 79-93.
15. [Lowe 1996] G. Lowe, Breaking and Fixing the Needham-Schroeder Public Key Protocol using FDR, in Proc. of the Second International Workshop on Tools and Algorithms for the Construction and Analysis of Systems, pp. 147-156, 1996.
16. [Meadows 1992] C. Meadows, Applying Formal Methods to the Analysis of a Key Management Protocol, Journal of Computer Security, 1:5-53, 1992.
17. [Millen et al. 1987] J.K. Millen, S.C. Clark, S.B. Freedman, The interrogator: Protocol Security Analysis, IEEE Transaction Software Engineering, SE-13(2):274-288, Feb. 1987.
18. [Mitchell et al. 1997] J.C. Mitchell, M. Mitchell, U. Stern, Automated Analysis of Cryptographic Protocols using Mur, Proc. 1997 IEEE Symposium on Security and Privacy, 1997, pp. 141-151.
19. [Needham and Schroeder 1978] R.M. Needham, M.D. Schroeder, Using Encryption for Authentication in Large Networks of Computers, Communications of ACM, 21(12):993-999, December 1978.
20. [Psionic Technologies] PortSentry, by Psionic Technologies.
21. [Sekar et al. 2002] R. Sekar, A. Gupta, J. Frullo, T. Shanbhag, A. Tiwari, H. Yang, S. Zhou, Specification-based Anomaly Detection: A New Approach for Detecting Network Intrusions, ACM Computer and Communication Security Conference, 2002, pp. 265-274.
22. [Somayaji and Forrest 2000] A. Somayaji, S. Forrest, Automated Response using System-Call Delays, 9th USENIX Security Symposium, 2000, pp. 185-198.
23. [Song 1999] D. Song, Athena - An Automatic Checker for Security Protocol Analysis, Proc. Computer Security Foundation Workshop, 1999, pp. 192-202.
24. [Staniford et al. 2002] S. Staniford, J. Hoagland, J. McAlerney, "Practical Automated Detection of Stealthy Portscans," Journal of Computer Security, 10(1/2): 105-136, 2002.
25. [Syverson 1994] P. Syverson, A Taxonomy of Replay Attacks, Proceedings of the Computer Security Foundations Workshop VII, 1994, 187-191.
26. [Taylor and Alves-Foss 2001] C. Taylor, J. Alves-Foss, NATE-Network Analysis of Anomalous Traffic Events, A Low-cost Approach, Proceedings of the New Security Paradigms Workshop '01, pp 89-96, September 2001.
27. [Wagner and Schneier 1996] D. Wagner, B. Schneier, Analysis of the SSL 3.0 Protocol, Proceedings of Second USENIX Workshop on Electronic Commerce, USENIX Press, pp. 29-40., November 1996.
28. [Yasinsac 2000] A. Yasinsac, Dynamic Analysis of Security Protocols, Proceedings of New Security Paradigms 2000 Workshop, Sept 18-21, Ballycotton, Ireland, pp. 77-87, 2000.
29. [Yasinsac 2002] A. Yasinsac, An Environment for Security Protocol Intrusion Detection, Journal of Computer Security, 10(1/2): 177-188, 2002.