Reducing risks from poorly chosen keys
SOSP '89 Proceedings of the twelfth ACM symposium on Operating systems principles
Undetectable on-line password guessing attacks
ACM SIGOPS Operating Systems Review
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Deciding security of protocols against off-line guessing attacks
Proceedings of the 12th ACM conference on Computer and communications security
Analysing protocols subject to guessing attacks
Journal of Computer Security - Special issue on WITS'02
Lessons from the Norwegian ATM System
IEEE Security and Privacy
SAT-based model-checking for security protocols analysis
International Journal of Information Security
A Calculus to Detect Guessing Attacks
ISC '09 Proceedings of the 12th International Conference on Information Security
Guessing attacks and the computational soundness of static equivalence
FOSSACS'06 Proceedings of the 9th European joint conference on Foundations of Software Science and Computation Structures
Customizing protocol specifications for detecting resource exhaustion and guessing attacks
FMCO'10 Proceedings of the 9th international conference on Formal Methods for Components and Objects
Hi-index | 0.00 |
Starting from algebraic properties that enable guessing low-entropy secrets, we formalize guessing rules for symbolic verification. The rules are suited for both off-line and on-line guessing and can distinguish between them. We add our guessing rules as state transitions to protocol models that are input to model checking tools. With our proof-of-concept implementation we have automatically detected guessing attacks in several protocols. Some attacks are especially significant since they are undetectable by protocol participants, as they cause no abnormal protocol behavior, a case not previously addressed by automated techniques.