Analysing protocols subject to guessing attacks
In this paper we consider guessing attacks upon security protocols, where an intruder guesses one of the values used (typically a poorly-chosen password) and then seeks to verify that guess. We formalise such attacks, and in particular the way in which the guess is verified. We then describe how to...
Saved in:
| Published in | Journal of computer security Vol. 12; no. 1; pp. 83 - 97 |
|---|---|
| Main Author | |
| Format | Journal Article |
| Language | English |
| Published |
London, England
SAGE Publications
01.01.2004
|
| Online Access | Get full text |
| ISSN | 0926-227X 1875-8924 |
| DOI | 10.3233/JCS-2004-12104 |
Cover
| Summary: | In this paper we consider guessing attacks upon security protocols, where an intruder guesses one of the values used (typically a poorly-chosen password) and then seeks to verify that guess. We formalise such attacks, and in particular the way in which the guess is verified. We then describe how to model such attacks within the process algebra CSP, so that they can be detected using the model checker FDR, and illustrate our technique on some examples. |
|---|---|
| Bibliography: | ObjectType-Article-2 SourceType-Scholarly Journals-1 ObjectType-Feature-1 content type line 23 |
| ISSN: | 0926-227X 1875-8924 |
| DOI: | 10.3233/JCS-2004-12104 |