A Formal Approach for Automated Reasoning About Off-Line and Undetectable On-Line Guessing

Provided by: Politecnico di Torino
Topic: Security
Format: PDF
Starting from algebraic properties that enable guessing low-entropy secrets, the authors formalize guessing rules for symbolic verification. The rules are suited for both o -line and on-line guessing and can distinguish between them. They add their guessing rules as state transitions to protocol models that are input to model checking tools. With their proof-of-concept implementation they have automatically detected guessing attacks in several protocols. Some attacks are especially significant since they are undetectable by protocol participants, as they cause no abnormal protocol behavior, a case not previously addressed by automated techniques.

Find By Topic