A. Jurcut, Madhusanka Liyanage, Jinyong Chen, Cornelia Györödi, Jingsha He
{"title":"短消息服务协议的安全性验证","authors":"A. Jurcut, Madhusanka Liyanage, Jinyong Chen, Cornelia Györödi, Jingsha He","doi":"10.1109/WCNC.2018.8377349","DOIUrl":null,"url":null,"abstract":"Short Message Service (SMS) is a text messaging service component of smart phones, web, or mobile communication systems which requires a high level of security to provide user authentication and data confidentiality. To provide such security features, a high security communication protocol for SMS, called Message Security Communication Protocol (MSCP) was proposed. In this paper, MSCP is formally analyzed using an automated logic-based verification tool with attack detection capabilities. The performed formal verification reveals that the proposed protocol is susceptible to parallel session and denial-of-service (DoS) attacks. The reasoning why these attacks are possible is detailed and an amended protocol is proposed to counter the identified attacks. Formal verification of the amended protocol provides confidence regarding the correctness and effectiveness of the proposed modifications.","PeriodicalId":360054,"journal":{"name":"2018 IEEE Wireless Communications and Networking Conference (WCNC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"On the security verification of a short message service protocol\",\"authors\":\"A. Jurcut, Madhusanka Liyanage, Jinyong Chen, Cornelia Györödi, Jingsha He\",\"doi\":\"10.1109/WCNC.2018.8377349\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Short Message Service (SMS) is a text messaging service component of smart phones, web, or mobile communication systems which requires a high level of security to provide user authentication and data confidentiality. To provide such security features, a high security communication protocol for SMS, called Message Security Communication Protocol (MSCP) was proposed. In this paper, MSCP is formally analyzed using an automated logic-based verification tool with attack detection capabilities. The performed formal verification reveals that the proposed protocol is susceptible to parallel session and denial-of-service (DoS) attacks. The reasoning why these attacks are possible is detailed and an amended protocol is proposed to counter the identified attacks. Formal verification of the amended protocol provides confidence regarding the correctness and effectiveness of the proposed modifications.\",\"PeriodicalId\":360054,\"journal\":{\"name\":\"2018 IEEE Wireless Communications and Networking Conference (WCNC)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-04-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 IEEE Wireless Communications and Networking Conference (WCNC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WCNC.2018.8377349\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE Wireless Communications and Networking Conference (WCNC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WCNC.2018.8377349","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 7
摘要
短消息服务(SMS)是智能手机、web或移动通信系统的文本消息服务组件,它需要高水平的安全性来提供用户身份验证和数据机密性。为了提供这些安全特性,提出了一种高安全性的短信通信协议——短信安全通信协议(Message security communication protocol, MSCP)。在本文中,使用具有攻击检测功能的自动化基于逻辑的验证工具对MSCP进行正式分析。正式验证表明,该协议容易受到并行会话攻击和拒绝服务攻击。详细说明了这些攻击可能发生的原因,并提出了一个修改的协议来对抗已识别的攻击。修订后的协议的正式验证为所提议的修改的正确性和有效性提供了信心。
On the security verification of a short message service protocol
Short Message Service (SMS) is a text messaging service component of smart phones, web, or mobile communication systems which requires a high level of security to provide user authentication and data confidentiality. To provide such security features, a high security communication protocol for SMS, called Message Security Communication Protocol (MSCP) was proposed. In this paper, MSCP is formally analyzed using an automated logic-based verification tool with attack detection capabilities. The performed formal verification reveals that the proposed protocol is susceptible to parallel session and denial-of-service (DoS) attacks. The reasoning why these attacks are possible is detailed and an amended protocol is proposed to counter the identified attacks. Formal verification of the amended protocol provides confidence regarding the correctness and effectiveness of the proposed modifications.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
