Back to University of Twente portal
Guess what? Here is a new tool that finds some new guessing attacks
Corin, Ricardo and Malladi, Sreekanth and Alves-Foss, Jim and Etalle, Sandro (2003) Guess what? Here is a new tool that finds some new guessing attacks. In: IFIP WG 1.7 and ACM SIGPLAN Workshop on Issues in the Theory of Security, WITS '03, April 5-6, 2003, Warsaw, Poland.
![[img]](http://doc.utwente.nl/style/images/fileicons/application_pdf.png)
| PDF 170Kb | |
| PDF (Extended abstract) 65Kb |
| Abstract: | If a protocol is implemented using a poor password, then the password can be guessed and verified from the messages in the protocol run. This is termed as a guessing attack. Published design and analysis efforts always lacked a general definition for guessing attacks. Further, they never considered possible type-flaws in the protocol runs or using messages from other protocols. In this paper, we provide a simple and general definition for guessing attacks. We explain how we implemented our definition in a tool based on constraint solving. Finally, we demonstrate some new guessing attacks that use type-flaws and multiple protocols which we found using our tool. |
| Item Type: | Conference or Workshop Item |
| Faculty: | Electrical Engineering, Mathematics and Computer Science (EEMCS) |
| Research Group: | |
| Link to this item: | http://purl.utwente.nl/publications/41375 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page
Metis ID: 214055