Report
A computational justification for guessing attack formalisms
- Abstract:
-
Recently attempts have been made to extend the Dolev-Yao security model by allowing an intruder to learn weak secrets, such as poorly-chosen passwords, by off-line guessing. In such an attack, the intruder is able to verify a guessed value g if he can use it to produce a value called a verifier. In such a case we say that g is verifier-producing. The definition was formed by inspection of known guessing attacks.
A more intuitive definition might be formed as follows: a value is verifiable if there exists some computational process that can somehow recognise a correct guess over any other value.
We formalise this intuitive definition, and use it to justify the soundness and completeness of the existing definition. Specifically we show that a value is recognisable if and only if the value is either already Dolev-Yao deducible or it is verifier-producing. In order to do this it was necessary to clarify the definition of verifier production slightly, revealing an ambiguity in the original definition.
Actions
Access Document
- Files:
-
-
(Preview, pdf, 328.7KB, Terms of use)
-
Authors
- Publisher:
- Oxford University Computing Laboratory
- Publication date:
- 2005-10-01
- UUID:
-
uuid:8026bb05-f631-4523-8511-eaab24d05ec7
- Local pid:
-
cs:45
- Deposit date:
-
2015-03-31
- ARK identifier:
Terms of use
- Copyright date:
- 2005
If you are the owner of this record, you can report an update to it here: Report update to this record