A computational justification for guessing attack formalisms
<p>Recently attempts have been made to extend the Dolev-Yao security model by allowing an intruder to learn weak secrets, such as poorly-chosen passwords, by off-line guessing. In such an attack, the intruder is able to verify a guessed value g if he can use it to produce a value called a veri...
| Autori principali: | , |
|---|---|
| Natura: | Report |
| Pubblicazione: |
Oxford University Computing Laboratory
2005
|
| _version_ | 1826281656340709376 |
|---|---|
| author | Newcomb, T Lowe, G |
| author_facet | Newcomb, T Lowe, G |
| author_sort | Newcomb, T |
| collection | OXFORD |
| description | <p>Recently attempts have been made to extend the Dolev-Yao security model by allowing an intruder to learn weak secrets, such as poorly-chosen passwords, by off-line guessing. In such an attack, the intruder is able to verify a guessed value g if he can use it to produce a value called a verifier. In such a case we say that g is verifier-producing. The definition was formed by inspection of known guessing attacks.</p><p>A more intuitive definition might be formed as follows: a value is verifiable if there exists some computational process that can somehow recognise a correct guess over any other value.</p><p>We formalise this intuitive definition, and use it to justify the soundness and completeness of the existing definition. Specifically we show that a value is recognisable if and only if the value is either already Dolev-Yao deducible or it is verifier-producing. In order to do this it was necessary to clarify the definition of verifier production slightly, revealing an ambiguity in the original definition.</p> |
| first_indexed | 2024-03-07T00:32:05Z |
| format | Report |
| id | oxford-uuid:8026bb05-f631-4523-8511-eaab24d05ec7 |
| institution | University of Oxford |
| last_indexed | 2024-03-07T00:32:05Z |
| publishDate | 2005 |
| publisher | Oxford University Computing Laboratory |
| record_format | dspace |
| spelling | oxford-uuid:8026bb05-f631-4523-8511-eaab24d05ec72022-03-26T21:21:29ZA computational justification for guessing attack formalismsReporthttp://purl.org/coar/resource_type/c_93fcuuid:8026bb05-f631-4523-8511-eaab24d05ec7Department of Computer ScienceOxford University Computing Laboratory2005Newcomb, TLowe, G<p>Recently attempts have been made to extend the Dolev-Yao security model by allowing an intruder to learn weak secrets, such as poorly-chosen passwords, by off-line guessing. In such an attack, the intruder is able to verify a guessed value g if he can use it to produce a value called a verifier. In such a case we say that g is verifier-producing. The definition was formed by inspection of known guessing attacks.</p><p>A more intuitive definition might be formed as follows: a value is verifiable if there exists some computational process that can somehow recognise a correct guess over any other value.</p><p>We formalise this intuitive definition, and use it to justify the soundness and completeness of the existing definition. Specifically we show that a value is recognisable if and only if the value is either already Dolev-Yao deducible or it is verifier-producing. In order to do this it was necessary to clarify the definition of verifier production slightly, revealing an ambiguity in the original definition.</p> |
| spellingShingle | Newcomb, T Lowe, G A computational justification for guessing attack formalisms |
| title | A computational justification for guessing attack formalisms |
| title_full | A computational justification for guessing attack formalisms |
| title_fullStr | A computational justification for guessing attack formalisms |
| title_full_unstemmed | A computational justification for guessing attack formalisms |
| title_short | A computational justification for guessing attack formalisms |
| title_sort | computational justification for guessing attack formalisms |
| work_keys_str_mv | AT newcombt acomputationaljustificationforguessingattackformalisms AT loweg acomputationaljustificationforguessingattackformalisms AT newcombt computationaljustificationforguessingattackformalisms AT loweg computationaljustificationforguessingattackformalisms |