Public-key cryptography and password protocols
ACM Transactions on Information and System Security (TISSEC)
Mobile values, new names, and secure communication
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys
Proceedings of the 5th International Workshop on Security Protocols
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Provably secure password-authenticated key exchange using Diffie-Hellman
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Hiding names: private authentication in the applied pi calculus
ISSS'02 Proceedings of the 2002 Mext-NSF-JSPS international conference on Software security: theories and systems
Forward secrecy in password-only key exchange protocols
SCN'02 Proceedings of the 3rd international conference on Security in communication networks
Computationally sound implementations of equational theories against passive adversaries
Information and Computation
Computational soundness of equational theories
TGC'07 Proceedings of the 3rd conference on Trustworthy global computing
Efficient decision procedures for message deducibility and static equivalence
FAST'10 Proceedings of the 7th International conference on Formal aspects of security and trust
Rethinking about guessing attacks
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Reducing Equational Theories for the Decision of Static Equivalence
Journal of Automated Reasoning
Reducing equational theories for the decision of static equivalence
ASIAN'09 Proceedings of the 13th Asian conference on Advances in Computer Science: information Security and Privacy
Automating security analysis: symbolic equivalence of constraint systems
IJCAR'10 Proceedings of the 5th international conference on Automated Reasoning
Customizing protocol specifications for detecting resource exhaustion and guessing attacks
FMCO'10 Proceedings of the 9th international conference on Formal Methods for Components and Objects
Security enhancement of the communication-efficient AUTHMAC_DH protocols
Security and Communication Networks
A security enhanced authentication and key distribution protocol for wireless networks
Security and Communication Networks
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Composition of password-based protocols
Formal Methods in System Design
| Hi-index | 0.00 |
We study the security of password protocols against off-line dictionary attacks. In addition to the standard adversary abilities, we also consider further cryptographic advantages given to the adversary when considering the password protocol being instantiated with particular encryption schemes. We work with the applied pi calculus of Abadi and Fournet, in which we present novel equational theories to model the (new) adversary abilities.These new abilities are crucial in the analysis of our case studies, the Encrypted Password Transmission (EPT) protocol of Halevi and Krawczyk, and the well-known Encrypted Key Exchange (EKE) of Bellovin and Merritt. In the latter, we find an attack that arises when considering the ability of distinguishing ciphertexts from random noise. We propose a modification to EKE that prevents this attack.