Guess what? Here is a new tool that finds some new guessing attacks


Corin, Ricardo and Malladi, Sreekanth and Alves-Foss, Jim and Etalle, Sandro (2003) Guess what? Here is a new tool that finds some new guessing attacks. In: IFIP WG 1.7 and ACM SIGPLAN Workshop on Issues in the Theory of Security, WITS '03, April 5-6, 2003, Warsaw, Poland (pp. pp. 62-71).

open access
PDF (Extended abstract)
Abstract:If a protocol is implemented using a poor password, then the password can be guessed and verified from the messages in the protocol run. This is termed as a guessing attack. Published design and analysis efforts always lacked a general definition for guessing attacks. Further, they never considered possible type-flaws in the protocol runs or using messages from other protocols. In this paper, we provide a simple and general definition for guessing attacks. We explain how we implemented our definition in a tool based on constraint solving. Finally, we demonstrate some new guessing attacks that use type-flaws and multiple protocols which we found using our tool.
Item Type:Conference or Workshop Item
Electrical Engineering, Mathematics and Computer Science (EEMCS)
Research Group:
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page

Metis ID: 214055