Analysing Password Protocol Security Against Off-line Dictionary Attacks

Ricardo Corin*, Jeroen Doumen, Sandro Etalle

*Corresponding author for this work

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    34 Citations (Scopus)
    58 Downloads (Pure)

    Abstract

    We study the security of password protocols against off-line dictionary attacks. In addition to the standard adversary abilities, we also consider further cryptographic advantages given to the adversary when considering the password protocol being instantiated with particular encryption schemes. We work with the applied pi-calculus of Abadi and Fournet, in which the (new) adversary abilities are modelled as equations between terms. As case studies, we analyse the Encrypted Password Transmission (EPT) protocol of Halevi and Krawczyk, and the wellknown Encrypted Key (EKE) of Bellovin and Merritt. In the latter, we find an attack that arises when considering the ability of distinguishing ciphertexts from random noise. We propose a modification to EKE that prevents this attack.
    Original languageEnglish
    Title of host publicationProceedings of the 2nd International Workshop on Security Issues with Petri Nets and other Computational Models (WISP 2004)
    EditorsNadia Busi, Roberto Gorrieri, Fabio Martinelli
    Place of PublicationAmsterdam
    PublisherElsevier
    Pages47-63
    Number of pages17
    DOIs
    Publication statusPublished - Jun 2004
    Event2nd International Workshop on Security Issues with Petri Nets and other Computational Models, WISP 2004 - Bologna, Italy
    Duration: 26 Jun 200426 Jun 2004
    Conference number: 2

    Publication series

    NameElectronic Notes in Theoretical Computer Science
    PublisherElsevier
    Volume121
    ISSN (Print)1571-0661

    Workshop

    Workshop2nd International Workshop on Security Issues with Petri Nets and other Computational Models, WISP 2004
    Abbreviated titleWISP
    CountryItaly
    CityBologna
    Period26/06/0426/06/04
    OtherJune 26, 2004

    Keywords

    • SCS-Cybersecurity
    • Password protocols
    • Dictionary attacks
    • Verification
    • Pi calculus

    Fingerprint

    Dive into the research topics of 'Analysing Password Protocol Security Against Off-line Dictionary Attacks'. Together they form a unique fingerprint.

    Cite this