Undetectable on-line password guessing attacks
ACM SIGOPS Operating Systems Review
Public-key cryptography and password protocols
ACM Transactions on Information and System Security (TISSEC)
Strand spaces: proving security protocols correct
Journal of Computer Security
Mobile values, new names, and secure communication
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Athena: a novel approach to efficient automatic security protocol analysis
Journal of Computer Security
Constraint solving for bounded-process cryptographic protocol analysis
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Automated Unbounded Verification of Security Protocols
CAV '02 Proceedings of the 14th International Conference on Computer Aided Verification
Intruder Deductions, Constraint Solving and Insecurity Decision in Presence of Exclusive or
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
Optimal authentication protocols resistant to password guessing attacks
CSFW '95 Proceedings of the 8th IEEE workshop on Computer Security Foundations
A Meta-Notation for Protocol Analysis
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
How to prevent type flaw attacks on security protocols
Journal of Computer Security - CSFW13
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Reasoning About Knowledge
A Theory of Dictionary Attacks and its Complexity
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Multiset rewriting and the complexity of bounded security protocols
Journal of Computer Security
A method for symbolic analysis of security protocols
Theoretical Computer Science
Deciding security of protocols against off-line guessing attacks
Proceedings of the 12th ACM conference on Computer and communications security
Deciding knowledge in security protocols under equational theories
Theoretical Computer Science - Automated reasoning for security protocol analysis
A survey of algebraic properties used in cryptographic protocols
Journal of Computer Security
A Complete Axiomatization of Knowledge and Cryptography
LICS '07 Proceedings of the 22nd Annual IEEE Symposium on Logic in Computer Science
Analysing protocols subject to guessing attacks
Journal of Computer Security - Special issue on WITS'02
Computational soundness of observational equivalence
Proceedings of the 15th ACM conference on Computer and communications security
Proceedings of the 15th ACM conference on Computer and communications security
Automatic verification of correspondences for security protocols
Journal of Computer Security
A Calculus to Detect Guessing Attacks
ISC '09 Proceedings of the 12th International Conference on Information Security
Computing Knowledge in Security Protocols under Convergent Equational Theories
CADE-22 Proceedings of the 22nd International Conference on Automated Deduction
Irreversibility and heat generation in the computing process
IBM Journal of Research and Development
Analysing Password Protocol Security Against Off-line Dictionary Attacks
Electronic Notes in Theoretical Computer Science (ENTCS)
Easy intruder deduction problems with homomorphisms
Information Processing Letters
Deciding knowledge in security protocols for monoidal equational theories
LPAR'07 Proceedings of the 14th international conference on Logic for programming, artificial intelligence and reasoning
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Deciding recognizability under Dolev-Yao intruder model
ISC'10 Proceedings of the 13th international conference on Information security
| Hi-index | 0.01 |
Although various past efforts have been made to characterize and detect guessing attacks, there is no consensus on the definition of guessing attacks. Such a lack of generic definition makes it extremely difficult to evaluate the resilience of security protocols to guessing attacks. To overcome this hurdle, we seek a new definition in this paper to fully characterize the attacker's guessing capabilities (i.e., guessability). This provides a general framework to reason about guessing attacks in a symbolic setting, independent of specific intruder models. We show how the framework can be used to analyze both passive and active guessing attacks.