Composition of password-based protocols
Formal Methods in System Design
| Hi-index | 0.00 |
A guessing attack on a security protocol is an attack where an attacker guesses a poorly chosen secret (usually a low-entropy user password) and then seeks to verify that guess using other information. Past efforts to address guessing attacks in terms of design or analysis considered only protocols executed in isolation. However, security protocols are rarely executed in isolation and reality is always a case of mixed-protocols.In this paper, we introduce new types of attacks called multi-protocol guessing attacks, which can exist when protocols are mixed.We develop a systematic procedure to analyze protocols subject to guessing attacks and use this procedure to derive some syntactic conditions to be followed, in order for a protocol to be secure against multi-protocol guessing attacks. We then use the strand space framework to prove that a protocol will remain secure, given that these conditions are followed, by modeling the conditions within the framework. We illustrate these concepts using the Mellovin and Berritt protocol (EKE) as an example.