Analysing Protocol Subject to Guessing Attacks
نویسنده
چکیده
In this paper we consider guessing attacks upon security protocols, where an intruder guesses one of the values used (typically a poorly-chosen password) and then seeks to verify that guess. We formalise such attacks, and in particular the way in which the guess is verified. We then describe how to model such attacks within the process algebra CSP, so that they can be detected using the model checker FDR, and illustrate our technique on some examples.
منابع مشابه
Analysing protocols subject to guessing attacks
In this paper we consider guessing attacks upon security protocols, where an intruder guesses one of the values used (typically a poorlychosen password) and then seeks to verify that guess. We formalise such attacks, and in particular the way in which the guess is verified. We then describe how to model such attacks within the process algebra CSP, so that they can be detected using the model ch...
متن کاملWhat are Multi-Protocol Guessing Attacks and How to Prevent Them
A guessing attack on a security protocol is an attack where an attacker guesses a poorly chosen secret (usually a low-entropy user password) and then seeks to verify that guess using other information. Past efforts to address guessing attacks in terms of design or analysis considered only protocols executed in isolation. However, security protocols are rarely executed in isolation and reality i...
متن کاملCryptanalysis on a Three Party Key Exchange Protocol-STPKE'
In the secure communication areas, three-party authenticated key exchange protocol is an important cryptographic technique. In this protocol, two clients will share a human-memorable password with a trusted server, in which two users can generate a secure session key. On the other hand the protocol should resist all types of password guessing attacks. Recently, STPKE’ protocol has been proposed...
متن کاملOptimal authentication protocols resistant to password guessing attacks
Users are typically authenticated by their passwords. Because people are known to choose convenient passwords, which tend to be easy to guess, authenti-cation protocols have been developed that protect user passwords from guessing attacks. These proposed protocols , however, use more messages and rounds than those protocols that are not resistant to guessing attacks. This paper gives new protoc...
متن کاملA Formalization of Off-Line Guessing for Security Protocol Analysis
Guessing, or dictionary, attacks arise when an intruder exploits the fact that certain data like passwords may have low entropy, i.e. stem from a small set of values. In the case of off-line guessing, in particular, the intruder may employ guessed values to analyze the messages he has observed. Previous attempts at formalizing off-line guessing consist of extending a Dolev-Yao-style intruder mo...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Journal of Computer Security
دوره 12 شماره
صفحات -
تاریخ انتشار 2004