Title :
What are multi-protocol guessing attacks and how to prevent them
Author :
Malladi, Srikanth ; Alves-Foss, Jim ; Malladi, Srikanth
Author_Institution :
Center for Secure & Dependable Syst., Idaho Univ., Moscow, ID, USA
Abstract :
A guessing attack on a security protocol is an attack where an attacker guesses a poorly chosen secret (usually a low-entropy user password) and then seeks to verify that guess using other information. Past efforts to address guessing attacks in terms of design or analysis considered only protocols executed in isolation. However, security protocols are rarely executed in isolation and reality is always a case of mixed-protocols. In this paper, we introduce new types of attacks called multi-protocol guessing attacks, which can exist when protocols are mixed. We develop a systematic procedure to analyze protocols subject to guessing attacks and use this procedure to derive some syntactic conditions to be followed, in order for a protocol to be secure against multi-protocol guessing attacks. We then use the strand space framework to prove that a protocol will remain secure, given that these conditions are followed, by modeling the conditions within the framework. We illustrate these concepts using the Mellovin and Berritt protocol (EKE) as an example.
Keywords :
cryptography; protocols; low-entropy user password; mixed protocols; multi-protocol guessing attacks; poorly chosen secret guessing; security protocol; strand space framework; syntactic conditions; Collaborative work; Communication channels; Conferences; Costs; Cryptographic protocols; Cryptography; Humans; Information security; International collaboration; Isolation technology;
Conference_Titel :
Enabling Technologies: Infrastructure for Collaborative Enterprises, 2002. WET ICE 2002. Proceedings. Eleventh IEEE International Workshops on
Print_ISBN :
0-7695-1748-X
DOI :
10.1109/ENABL.2002.1029992
