Analysing protocols subject to guessing attacks
نویسنده
چکیده
In this paper we consider guessing attacks upon security protocols, where an intruder guesses one of the values used (typically a poorlychosen password) and then seeks to verify that guess. We formalise such attacks, and in particular the way in which the guess is verified. We then describe how to model such attacks within the process algebra CSP, so that they can be detected using the model checker FDR, and illustrate our technique on some examples.
منابع مشابه
Analysing Protocol Subject to Guessing Attacks
In this paper we consider guessing attacks upon security protocols, where an intruder guesses one of the values used (typically a poorly-chosen password) and then seeks to verify that guess. We formalise such attacks, and in particular the way in which the guess is verified. We then describe how to model such attacks within the process algebra CSP, so that they can be detected using the model c...
متن کاملPreventing Guessing Attacks Using Fingerprint Biometrics
Security protocols involving the use of poorly chosen secrets, usually low-entropy user passwords, are vulnerable to guessing attacks. Here, a penetrator guesses a value in place of the poorly chosen secret and then tries to verify the guess using other information. In this paper we develop a new framework extending strand space theory in the context of these attacks to analyze the effect using...
متن کاملWhat are Multi-Protocol Guessing Attacks and How to Prevent Them
A guessing attack on a security protocol is an attack where an attacker guesses a poorly chosen secret (usually a low-entropy user password) and then seeks to verify that guess using other information. Past efforts to address guessing attacks in terms of design or analysis considered only protocols executed in isolation. However, security protocols are rarely executed in isolation and reality i...
متن کاملOptimal authentication protocols resistant to password guessing attacks
Users are typically authenticated by their passwords. Because people are known to choose convenient passwords, which tend to be easy to guess, authenti-cation protocols have been developed that protect user passwords from guessing attacks. These proposed protocols , however, use more messages and rounds than those protocols that are not resistant to guessing attacks. This paper gives new protoc...
متن کاملSecure Authentication Protocols Resistant to Guessing Attacks
Users are normally authenticated via their passwords in computer systems. Since people tend to choose passwords that can be easily remembered, the systems are under the threat of guessing attacks. Many authentication and key distribution protocols have been proposed to protect user passwords from guessing attacks. However, these protocols either are limited to some specific environments or incu...
متن کامل