Politecnico di Torino
Starting from algebraic properties that enable guessing low-entropy secrets, the authors formalize guessing rules for symbolic verification. The rules are suited for both o -line and on-line guessing and can distinguish between them. They add their guessing rules as state transitions to protocol models that are input to model checking tools. With their proof-of-concept implementation they have automatically detected guessing attacks in several protocols. Some attacks are especially significant since they are undetectable by protocol participants, as they cause no abnormal protocol behavior, a case not previously addressed by automated techniques.