DocumentCode
2010052
Title
Composition of Password-Based Protocols
Author
Delaune, Stephanie ; Kremer, Steve ; Ryan, Mark
fYear
2008
fDate
23-25 June 2008
Firstpage
239
Lastpage
251
Abstract
We investigate the composition of protocols that share a common secret. This situation arises when users employ the same password on different services. More precisely we study whether resistance against guessing attacks composes when the same password is used. We model guessing attacks using a common definition based on static equivalence in a cryptographic process calculus close to the applied pi calculus. We show that resistance against guessing attacks composes in the presence of a passive attacker. However, composition does not preserve resistance against guessing attacks for an active attacker. We therefore propose a simple syntactic criterion under which we show this composition to hold. Finally, we present a protocol transformation that ensures this syntactic criterion and preserves resistance against guessing attacks.
Keywords
Calculus; Computer science; Computer security; Context; Cryptographic protocols; Cryptography; Dictionaries; IP networks; Privacy; Ubiquitous computing; composition; guessing attacks; security protocols;
fLanguage
English
Publisher
ieee
Conference_Titel
Computer Security Foundations Symposium, 2008. CSF '08. IEEE 21st
Conference_Location
Pittsburgh, PA, USA
ISSN
1940-1434
Print_ISBN
978-0-7695-3182-3
Type
conf
DOI
10.1109/CSF.2008.6
Filename
4556690
Link To Document