How to Prevent Type-Flaw Guessing Attacks on Password Protocols

Abstract

A message in a protocol is said to have a type-flaw if it was created with an intended type, but is later received and treated as a different type. A type-flaw guessing attack is an attack in which a type-flaw is induced in a protocol to enable a password guessing attack to occur. Heather, Lowe, and Schneider in "How to Prevent Type Flaw Attacks on Security Protocols" (July 2000) prove that attacks that use type-flaws can be prevented if honest agents tag messages with their intended types. However, their tagging scheme cannot be used in a password protocol since it allows a guess to be directly verified using the tags inside password encryptions. In this paper, the authors prove that following a modification of Heather et al.'s scheme, most type-flaw guessing attacks can still be prevented.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2003
Accession Number
ADA459892

Entities

People

  • Jim Alves-foss
  • Sreekanth Malladi

Organizations

  • University of Idaho

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Abstracts
  • Algorithms
  • Authentication
  • Contrast
  • Cryptography
  • Identities
  • Information Operations
  • Notation
  • Redundancy
  • Security
  • Security Protocols
  • Sequences
  • Standards
  • Template Patterns
  • Text Messaging

Fields of Study

  • Computer science
  • Mathematics

Readers

  • Computer Networking
  • Cybersecurity.
  • Neurological Diseases/Conditions/Disorders