What are Multi-Protocol Guessing Attacks and How to Prevent Them

Abstract

A guessing attack on a security protocol is an attack where an attacker guesses a poorly chosen secret (usually a low-entropy user password) and then seeks to verify that guess using other information. Past efforts to address guessing attacks in terms of design or analysis considered only protocols executed in isolation. However, security protocols are rarely executed in isolation and reality is always a case of mixed-protocols. In this paper, we introduce new types of attacks called multi-protocol guessing attacks, which can exist when protocols are mixed. We then develop a systematic procedure to analyze protocols subject to guessing attacks. Using this procedure, we will present a method of deriving some syntactic conditions to be followed in order for a protocol to be secure against multi-protocol guessing attacks. Lastly, we use the strand space framework to prove that a protocol will remain secure, given that these conditions are followed, by modeling the conditions within the strand space framework. We illustrate these concepts using the Mellovin and Berritt protocol (EKE) as an example.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Apr 01, 2002
Accession Number
ADA462228

Entities

People

  • Jim Alves-foss
  • Sreekanth Malladi
  • Sreenivas Malladi

Organizations

  • University of Idaho

Tags

DTIC Thesaurus Topics

  • Abstracts
  • Authentication
  • Communication Channels
  • Computers
  • Concrete
  • Contrast
  • Countermeasures
  • Cryptography
  • Environment
  • Identification
  • Information Operations
  • Materials
  • Security
  • Security Protocols
  • Spoofing
  • Text Messaging
  • Verification

Fields of Study

  • Computer science
  • Mathematics

Readers

  • Applied Combinatorial Optimization and Logic Circuit Design.
  • Cybersecurity.

Technology Areas

  • Space