Abstract
If a protocol is implemented using a poor password, then the password can be guessed and verified from the messages in the protocol run. This is termed as a guessing attack. Published design and analysis efforts always lacked a general definition for guessing attacks. Further, they never considered possible type-flaws in the protocol runs or using messages from other protocols. In this paper, we provide a simple and general definition for guessing attacks. We explain how we implemented our definition in a tool based on constraint solving. Finally, we demonstrate some new guessing attacks that use type-flaws and multiple protocols which we found using our tool.
Original language | Undefined |
---|---|
Title of host publication | IFIP WG 1.7 and ACM SIGPLAN Workshop on Issues in the Theory of Security (WITS) |
Editors | R. Gorrieri, R. Lucchi |
Place of Publication | Italy |
Publisher | University of Bologna |
Pages | 62-71 |
Number of pages | 10 |
ISBN (Print) | not assigned |
Publication status | Published - Apr 2003 |
Event | Workshop on Issues in the Theory of Security 2003 - Warsaw, Poland, Warsaw, Poland Duration: 5 Apr 2003 → 6 Apr 2003 http://www.dsi.unive.it/IFIPWG1_7/wits2003.html |
Publication series
Name | |
---|---|
Publisher | Dpt. di Scienze dell'Informazione Universita di Bologna |
Conference
Conference | Workshop on Issues in the Theory of Security 2003 |
---|---|
Abbreviated title | WITS 2003 |
Country/Territory | Poland |
City | Warsaw |
Period | 5/04/03 → 6/04/03 |
Internet address |
Keywords
- EWI-821
- SCS-Cybersecurity
- METIS-214055
- IR-41375