Guess what? Here is a new tool that finds some new guessing attacks (Extended Abstract)

R.J. Corin, Sreekanth Malladi, Jim Alves-Foss, Sandro Etalle

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    82 Downloads (Pure)

    Abstract

    If a protocol is implemented using a poor password, then the password can be guessed and verified from the messages in the protocol run. This is termed as a guessing attack. Published design and analysis efforts always lacked a general definition for guessing attacks. Further, they never considered possible type-flaws in the protocol runs or using messages from other protocols. In this paper, we provide a simple and general definition for guessing attacks. We explain how we implemented our definition in a tool based on constraint solving. Finally, we demonstrate some new guessing attacks that use type-flaws and multiple protocols which we found using our tool.
    Original languageUndefined
    Title of host publicationIFIP WG 1.7 and ACM SIGPLAN Workshop on Issues in the Theory of Security (WITS)
    EditorsR. Gorrieri, R. Lucchi
    Place of PublicationItaly
    PublisherUniversity of Bologna
    Pages62-71
    Number of pages10
    ISBN (Print)not assigned
    Publication statusPublished - Apr 2003
    EventWorkshop on Issues in the Theory of Security 2003 - Warsaw, Poland, Warsaw, Poland
    Duration: 5 Apr 20036 Apr 2003
    http://www.dsi.unive.it/IFIPWG1_7/wits2003.html

    Publication series

    Name
    PublisherDpt. di Scienze dell'Informazione Universita di Bologna

    Conference

    ConferenceWorkshop on Issues in the Theory of Security 2003
    Abbreviated titleWITS 2003
    Country/TerritoryPoland
    CityWarsaw
    Period5/04/036/04/03
    Internet address

    Keywords

    • EWI-821
    • SCS-Cybersecurity
    • METIS-214055
    • IR-41375

    Cite this