Protecting Poorly Chosen Secrets from Guessing Attacks
نویسندگان
چکیده
In a security system that allows people to choose their own passwords those people tend to choose passwords that can be easily guessed This weakness exists in practically all widely used systems Instead of forcing users to choose well chosen secrets which are likely to be di cult to remember we propose solutions that maintain both user convenience and a high level of security at the same time The basic idea is to ensure that data available to the attacker is su ciently unpredictable to prevent an o line veri cation of whether a guess is successful or not We examine common forms of guessing attacks develop examples of cryptographic protocols that are immune to such attacks and suggest a systematic way to examine protocols to detect vulnerabilities to such attacks
منابع مشابه
Some Remarks on Protecting Weak Keys and Poorly-Chosen Secrets from Guessing Attacks
Authentication and key distribution protocols that utilize weak secrets (such as passwords and PINs) are traditionally susceptible to guessing attacks whereby an adversary iterates through a relatively small key space and veri es the correct guess. Such attacks can be defeated by the use of public key encryption and careful protocol construction. In their recent work, Lomas et al. investigated ...
متن کاملPreventing Guessing Attacks Using Fingerprint Biometrics
Security protocols involving the use of poorly chosen secrets, usually low-entropy user passwords, are vulnerable to guessing attacks. Here, a penetrator guesses a value in place of the poorly chosen secret and then tries to verify the guess using other information. In this paper we develop a new framework extending strand space theory in the context of these attacks to analyze the effect using...
متن کاملProtecting Intellectual Property by Guessing Secrets
In the guessing secrets problem defined by Chung, Graham and Leighton [9], player B has to unveil a set of k > 1 secrets that player A has chosen from a pool of N secrets. To discover the secrets, player B is allowed to ask a series of boolean questions. For each question asked, A can adversarially choose one of the secrets but once he has made his choice he must answer truthfully. In this pape...
متن کاملA computational justification for guessing attack formalisms
Recently attempts have been made to extend the Dolev-Yao security model by allowing an intruder to learn weak secrets, such as poorly-chosen passwords, by off-line guessing. In such an attack, the intruder is able to verify a guessed value g if he can use it to produce a value called a verifier. In such a case we say that g is verifier-producing. The definition was formed by inspection of known...
متن کاملAnalysing Protocol Subject to Guessing Attacks
In this paper we consider guessing attacks upon security protocols, where an intruder guesses one of the values used (typically a poorly-chosen password) and then seeks to verify that guess. We formalise such attacks, and in particular the way in which the guess is verified. We then describe how to model such attacks within the process algebra CSP, so that they can be detected using the model c...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IEEE Journal on Selected Areas in Communications
دوره 11 شماره
صفحات -
تاریخ انتشار 1993