Undetectable on-line password guessing attacks
ACM SIGOPS Operating Systems Review
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
A Theory of Dictionary Attacks and its Complexity
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Deciding security of protocols against off-line guessing attacks
Proceedings of the 12th ACM conference on Computer and communications security
Analysing protocols subject to guessing attacks
Journal of Computer Security - Special issue on WITS'02
Lessons from the Norwegian ATM System
IEEE Security and Privacy
Guessing attacks and the computational soundness of static equivalence
FOSSACS'06 Proceedings of the 9th European joint conference on Foundations of Software Science and Computation Structures
Rethinking about guessing attacks
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
A formal approach for automated reasoning about off-line and undetectable on-line guessing
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
| Hi-index | 0.00 |
We present a calculus for detecting guessing attacks, based on oracles that instantiate cryptographic functions. Adversaries can observe oracles, or control them either on-line or off-line. These relations can be established by protocol analysis in the presence of a Dolev-Yao intruder, and the derived guessing rules can be used together with standard intruder deductions. Our rules also handle partial verifiers that fit more than one secret. We show how to derive a known weakness in the Anderson-Lomas protocol, and new vulnerabilities for a known faulty ATM system.