Guess what? Here is a new tool that finds some new guessing attacks

Abstract

If a protocol is implemented using a poor password, then the password can be guessed and verified from the messages in the protocol run. This is termed as a guessing attack. Published design and analysis efforts always lacked a general definition for guessing attacks. Further, they never considered possible type-flaws in the protocol runs or using messages from other protocols. In this paper, we provide a simple and general definition for guessing attacks. We explain how we implemented our definition in a tool based on constraint solving. Finally, we demonstrate some new guessing attacks that use type-flaws and multiple protocols which we found using our tool.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2003
Accession Number
ADA462221

Entities

People

  • Jim Alves-foss
  • Ricardo Corin
  • Sandro Etalle
  • Sreekanth Malladi

Organizations

  • University of Twente

Tags

DTIC Thesaurus Topics

  • Abstracts
  • Authentication
  • Computer Science
  • Contrast
  • Cryptography
  • Information Operations
  • Notation
  • Redundancy
  • Security
  • Security Protocols
  • Standards
  • Universities
  • Verification

Fields of Study

  • Computer science
  • Mathematics

Readers

  • Computer Networking
  • Game Theory.
  • Systems Analysis and Design