Abstract:
Security protocols have been widely used to safeguard secure
electronic transactions. We usually assume that principals are credible and shall
not maliciously disclose their individual secrets to someone else. Nevertheless,
it is impractical to completely ignore the possibility that some principals may
collude in private to achieve a fraudulent or illegal purpose. Therefore, it is
critical to address the possibility of collusion attacks in order to correctly
analyse security protocols. This paper proposes a framework by which to detect
collusion attacks in security protocols. The possibility of security threats from
insiders is especially taken into account. The case study demonstrates that our
methods are useful and promising in discovering and preventing collusion
attacks.
