Authentication and authenticated key exchanges
Designs, Codes and Cryptography
Undetectable on-line password guessing attacks
ACM SIGOPS Operating Systems Review
A cost-based framework for analysis of denial of service in networks
Journal of Computer Security
Some new attacks upon security protocols
CSFW '96 Proceedings of the 9th IEEE workshop on Computer Security Foundations
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Modelling denial of service attacks on JFK with Meadows's cost-based framework
ACSW Frontiers '06 Proceedings of the 2006 Australasian workshops on Grid computing and e-research - Volume 54
Analysing protocols subject to guessing attacks
Journal of Computer Security - Special issue on WITS'02
SAT-based model-checking for security protocols analysis
International Journal of Information Security
Analysing Password Protocol Security Against Off-line Dictionary Attacks
Electronic Notes in Theoretical Computer Science (ENTCS)
Formal modelling and automatic detection of resource exhaustion attacks
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Guessing attacks and the computational soundness of static equivalence
FOSSACS'06 Proceedings of the 9th European joint conference on Foundations of Software Science and Computation Structures
A formal approach for automated reasoning about off-line and undetectable on-line guessing
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
RTA'06 Proceedings of the 17th international conference on Term Rewriting and Applications
Hi-index | 0.00 |
Model checkers for security protocols often focus on basic properties, such as confidentiality or authentication, using a standard model of the Dolev-Yao intruder. In this paper, we explore how to model other attacks, notably guessing of secrets and denial of service by resource exhaustion, using the AVANTSSAR platform with its modelling language ASLan. We do this by adding custom intruder deduction rules and augmenting protocol transitions with constructs that keep track of these attacks. We compare several modelling variants and find that writing deductions in ASLan as Horn clauses rather than transitions using rewriting rules is crucial for verification performance. Providing automated tool support for these attacks is important since they are often neglected by protocol designers and open up other attack possibilities.