Chosen-name Attacks: An Overlooked Class of Type-flaw Attacks
Electronic Notes in Theoretical Computer Science (ENTCS)
Deciding recognizability under Dolev-Yao intruder model
ISC'10 Proceedings of the 13th international conference on Information security
Formal verification of a type flaw attack on a security protocol using object-z
ZB'05 Proceedings of the 4th international conference on Formal Specification and Development in Z and B
Hi-index | 0.00 |
Security protocols are often modelled at a high levelof abstraction, potentially overlooking implementation-dependentvulnerabilities. Here we use the Z specificationlanguage's rich set of data structures to formally model potentiallyambiguous messages that may be exploited in a'type flaw' attack. We then show how to formally verifywhether or not such an attack is actually possible in a particularprotocol using Z's schema calculus.