Recently attempts have been made to extend the Dolev-Yao security model by allowing an intruder to learn weak secrets, such as poorly-chosen passwords, by off-line guessing. In such an attack, the intruder is able to verify a guessed value g if he can use it to produce a value called a verifier. In such a case we say that g is verifier-producing. The definition was formed by inspection of known guessing attacks. A more intuitive definition might be formed as follows: a value is verifiable if there exists some computational process that can somehow recognise a correct guess over any other value. We formalise this intuitive definition, and use it to justify the soundness and completeness of the existing definition. Specifically we show that a value is recognisable if and only if the value is either Dolev-Yao deducible or it is verifier-producing. In order to do this it was necessary to clarify the definition of verifier production slightly, revealing an ambiguity in the original definition.
[1]
Danny Dolev,et al.
On the security of public key protocols
,
1981,
22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).
[2]
Martín Abadi,et al.
A calculus for cryptographic protocols: the spi calculus
,
1997,
CCS '97.
[3]
Sandro Etalle,et al.
Guess what? Here is a new tool that finds some new guessing attacks (Extended Abstract)
,
2003
.
[4]
Stéphanie Delaune,et al.
A theory of dictionary attacks and its complexity
,
2004,
Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..
[5]
Gavin Lowe.
Analysing Protocol Subject to Guessing Attacks
,
2004,
J. Comput. Secur..
[6]
Tom Chothia,et al.
Guessing Attacks in the pi-calculus with a Computational Justification
,
2005
.