Abstract
If a protocol is implemented using a poor password, then the password can be guessed and verified from the messages in the protocol run. This is termed as a guessing attack. Published design and analysis efforts always lacked a general definition for guessing attacks. Further, they never considered possible type-flaws in the protocol runs or using messages from other protocols. In this paper, we provide a simple and general definition for guessing attacks. We explain how we implemented our definition in a tool based on constraint solving. Finally, we demonstrate some new guessing attacks that use type-flaws and multiple protocols which we found using our tool.
| Original language | Undefined |
|---|---|
| Title of host publication | IFIP WG 1.7 and ACM SIGPLAN Workshop on Issues in the Theory of Security (WITS) |
| Editors | R. Gorrieri, R. Lucchi |
| Place of Publication | Italy |
| Publisher | University of Bologna |
| Pages | 62-71 |
| Number of pages | 10 |
| ISBN (Print) | not assigned |
| Publication status | Published - Apr 2003 |
| Event | Workshop on Issues in the Theory of Security 2003 - Warsaw, Poland, Warsaw, Poland Duration: 5 Apr 2003 → 6 Apr 2003 http://www.dsi.unive.it/IFIPWG1_7/wits2003.html |
Publication series
| Name | |
|---|---|
| Publisher | Dpt. di Scienze dell'Informazione Universita di Bologna |
Conference
| Conference | Workshop on Issues in the Theory of Security 2003 |
|---|---|
| Abbreviated title | WITS 2003 |
| Country/Territory | Poland |
| City | Warsaw |
| Period | 5/04/03 → 6/04/03 |
| Internet address |
Keywords
- EWI-821
- SCS-Cybersecurity
- METIS-214055
- IR-41375