1 spoofE2EHost(Principal,ImpersonatedHost,FooledHost,SpoofingHost,Prot,Port,
Consequence).
2
3 spoofE2EHost(Principal, ImpersonatedHost, FooledHost, AttackerHost, Prot, Port
, trafficTheft):-
4 isNameResolver(NameResolver, FooledHost, ImpersonatedHost),
5 vulE2EProtocol(FooledHost, NameResolver, dnsCachePoisoning, dns, DNSPort,
remoteExploit, dataFalsification),
6 netAccess(Principal, AttackerHost, NameResolver, dns, DNSPort).
7 spoofE2EHost(Principal, ImpersonatedHost, FooledHost, AttackerHost, Prot, Port
, trafficTheft):-
8 isNameResolver(NameResolver, FooledHost, ImpersonatedHost),
9 localAccess(Principal, NameResolver, admin),
10 netAccess(Principal2, FooledHost, AttackerHost, Prot, Port),
11 localAccess(Principal, AttackerHost, User).
12 spoofE2EHost(Principal, ImpersonatedHost, FooledHost, AttackerHost, Prot, Port
, trafficTheft):-
13 isNameResolver(NameResolver, FooledHost, ImpersonatedHost),
14 accessFile(Principal, NameResolver, write, RecoredPath),
15 dataBind(NameResolverRecord, NameResolver, RecoredPath),
16 isNameResolverRecord(NameResolverRecord).
Listing 12: DNS spoofing.
1 dos(Principal,Host).
2
3 dos(Principal,Host):-
4 localAccess(Principal,Host,User),
5 localService(Host,Prog,User),
6 vulHost(Host,VulID,Prog,localExploit,dos),
7 malicious(Principal).
8 dos(Principal,DstHost):-
9 networkService(DstHost,Prog,Prot,Port,NetworkServiceUser),
10 aclH(DstHost,NetworkServiceUser,SrcHost,DstHost,Prot,Port),
11 vulHost(DstHost,VulID,Prog,remoteExploit,dos),
12 netAccess(Principal,SrcHost,DstHost,Prot,Port),
13 malicious(Principal).
Listing 13: DoS attacks.
predicate) which runs a vulnerable service that allows DoS
(represented by the localService and vulHost predicates). In
a network-based DoS attack, the attacker P rincipal exploits
his/her access to a network service running on DstHost
(represented by the netAccess, aclH, and networkService pred-
icates), which contains a vulnerability that enables DoS upon
successful exploitation (represented by the vulHost predi-
cate).
C. Man-in-the-Middle Attacks
A man-in-the-middle (MITM) attack is a scenario in which
the attacker manages to pose as a relay of the communication
between two hosts. We distinguish between a MITM attack
in the link layer (Listing 14, lines 1-6), in which the entire
communication between SrcHost and DstHost is routed
through the attacker’s host (AttackerHost); and a MITM
attack in the end-to-end layer (Listing 14, lines 8-12), in which
only a specific application layer protocol (represented by the
P ort and P rot arguments) is routed through the attacker’s
host.
D. Attacks on Wireless Communication
One of the main contributions of this work is the ability
to model attacks on wireless communication. Specifically,
we model two common attacks on wireless protocols: WEP
cracking and Bluetooth PIN cracking, both of which enable
the attacker to derive the encryption key used for the secured
communication.
WEP Cracking (see Listing 15). The Wired Equivalent Pri-
vacy (WEP) algorithm is based on the RC4 stream cipher
which has weak key scheduling and uses a small initial vector
(IV) of 24 bits [24]. In order to crack WEP’s encryption, the
following two preconditions must be satisfied: (1) the attacker
must capture a large amount of legitimate packets transmitted
to/from the access point; and (2) the access point must use the
1 mitmLink(Principal,SrcHost,DstHost,SpoofingHost):-
2 spoofLinkHost(Principal,SrcHost,DstHost,SpoofingHost,trafficTheft),
3 spoofLinkHost(Principal,DstHost,SrcHost,SpoofingHost,trafficTheft).
4 relay(MITMHost,FlowName):-
5 mitmLink(Principal,SrcHost,DstHost,MITMHost),
6 dataFlow(SrcHost,DstHost,FlowName,Direction).
7
8 mitmE2E(Principal,SrcHost,DstHost,SpoofingHost,Prot,Port):-
9 spoofE2EHost(Principal,SrcHost,DstHost,SpoofingHost,Prot,Port,trafficTheft)
,
10 spoofE2EHost(Principal,DstHost,SrcHost,SpoofingHost,Prot,Port,trafficTheft)
.
11 relay(MITMHost,SrcHost,DstHost,Prot,Port):-
12 mitmE2E(Principal,SrcHost,DstHost,MITMHost,Prot,Port).
Listing 14: MiTM attacks.
1 crackAPEncKey(Principal,AP):-
2 malicious(Principal),
3 accessDataFlow(Principal,FlowName,view),
4 relay(AP,FlowName),
5 isAP(AP,WirelessRange,DstZone,Prot,secured),
6 vulLinkProtocol(WirelessRange,weakEncryption,Prot,remoteExploit,
keyExtraction).
7
8 accessDataFlow(Principal,FlowName,read):-
9 crackAPEncKey(Principal,AP),
10 relay(AP,FlowName),
11 dataFlow(Host,FlowName),
12 flowBind(FlowName,Prot,Port),
13 vulE2EProtocol(Host,VulID,Prot,Port,remoteExploit,eavesdropping),
14 isAP(AP,WirelessRange,DstZone,WirelessProt,secured),
15 located(AttackerHost,WirelessRange,physical),
16 localAccess(Principal,AttackerHost,admin).
17
18 isAuthenticated(Principal,AttackerHost,AP):-
19 crackAPEncKey(Principal,AP),
20 isAP(AP,WirelessRange,DstZone,Prot,secured),
21 localAccess(Principal,AttackerHost,admin),
22 located(AttackerHost,WirelessRange,physical).
Listing 15: WEP cracking attack.
vulnerable WEP protocol. Afterwards the attacker can crack
the encryption key by performing offline analysis [24]. These
two preconditions are modeled by the crackAP EncKey in-
teraction rule (lines 1-6), which utilizes the accessDataF low,
relay, isAP , and vulLinkP rotocol predicates.
By cracking the encryption key, the attacker can (1)
eavesdrop on all of the traffic broadcasted by the com-
promised access point; and (2) authenticate to the access
point. These two different consequences are represented by
the accessDataF low and isAuthenticated interaction rules
(lines 8-22).
WPA2 Key Reinstallation. (see Listing 16). The Wi-fi Pro-
tected Access II (WPA2) protocol is widely used for protecting
wireless networks. The Key Reinstallation Attack on the
WPA2 protocol, which exploits a vulnerability in the 4-way
handshake and tricks the victim into reinstalling an already
in-used key, was published in 2017 by Vanhoef and Piessens
[25]. The 4-way handshake is used for assuring that both client
and access point has the correct credentials, and to negotiate
an encryption key for encrypting future communication. The
encryption key is installed in the client after receiving the
3
rd
handshake message. If no acknowledgment is received
(i.e., the 4
th
handshake message), the access point might
retransmit the 3
rd
handshake message to handle messages loss.
Upon receiving this message, the client reinstalls the same
encryption key and resets the nonce, which is also used in
the derivation of the encryption key. As a result, an already
used encryption key with a previously used nonce is used
to further encrypt packets. Then, the attacker can derive the
WPA2’s encryption protocols keystream by using an encrypted
message with a known content (or other methods when no such
messages are found). In short, the key reinstallation attack
is performed by the following two steps: (1) The attacker