Results 1 
7 of
7
Protocol Insecurity with a Finite Number of Sessions and a CostSensitive Guessing Intruder is NPComplete
"... Guessing attacks in security protocols arise when honest agents make use of data easily guessable by an intruder, such as passwords generated from a small dictionary. A way to model such attacks is to formalize a DolevYao style model with inference rules that capture the additional capabilities of ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Guessing attacks in security protocols arise when honest agents make use of data easily guessable by an intruder, such as passwords generated from a small dictionary. A way to model such attacks is to formalize a DolevYao style model with inference rules that capture the additional capabilities of the intruder concerning guessable data. In this paper, we formalize a costsensitive intruder deduction system where information is available at a cost. The intruder may apply standard operations to deduce new messages from his current knowledge, or invoke an oracle rule that allows him to get hold of data that was previously unknown to him. Our system manipulates data items by means of inference rules and uses labels to keeps track of the costs associated to the application of each rule. This allows us to answer the question of what is the cost of deducing a particular data that was meant to remain a secret between honest protocol participants. We also investigate the complexity of this quantitative insecurity problem and show that it is NPcomplete in the case of a finite number of protocol sessions.
A Formal Model for Detecting Parallel Key Search Attacks
, 2007
"... Parallel key search or meetinthemiddle attacks have been shown to be effective against a number of security APIs, designed to regulate access to tamper resistant hardware devices. However, they are outside the scope of standard DolevYao style modelling techniques. In this paper, we present an ex ..."
Abstract
 Add to MetaCart
(Show Context)
Parallel key search or meetinthemiddle attacks have been shown to be effective against a number of security APIs, designed to regulate access to tamper resistant hardware devices. However, they are outside the scope of standard DolevYao style modelling techniques. In this paper, we present an extension to the DolevYao model that allows these kinds of attacks to be detected. It is work in progress: we need to introduce quantitative aspects to the analysis, and we show why existing quantitative extensions to the DolevYao calculus are inadequate for this. 1
Your Workshop Name Modeling and Reasoning about an Attacker with Cryptanalytical Capabilities
"... We propose a probabilistic framework for the analysis of security protocols. The proposed framework allows one to model and reason about attackers that extend the usual DolevYao adversary with explicit probabilistic statements representing their (partial) knowledge of the properties of cryptographi ..."
Abstract
 Add to MetaCart
(Show Context)
We propose a probabilistic framework for the analysis of security protocols. The proposed framework allows one to model and reason about attackers that extend the usual DolevYao adversary with explicit probabilistic statements representing their (partial) knowledge of the properties of cryptographic primitives. The expressive power of these probabilistic statements is illustrated, namely by representing a standard security notion like indistinguishability under chosen plaintext attacks. We present an entropybased approach to estimate the probability of a successful attack on a cryptographic protocol given the prescribed knowledge of the attacker. Although we prove that this quantity is typically NPhard to compute, we still manage to show its usefulness in analyzing a few meaningful examples. Finally, we obtain a result which may be used to prove that a certain amount of probabilistic knowledge (about the properties of the cryptography being used) is not enough for allowing an attacker to correctly uncovering a secret with nonnegligible probability. Keywords: Security protocol, attacker, probabilistic statement, cryptographic property, Shannon entropy.
A Formal Approach for Automatic Verification of Imperfect Cryptographic Protocols
, 2007
"... In simplest form, security protocols comprise messages exchanged between agents to achieve security goals such as confidentiality and integrity of data, or authentication of the identity. Despite that simple fact, designing security protocols has ..."
Abstract
 Add to MetaCart
(Show Context)
In simplest form, security protocols comprise messages exchanged between agents to achieve security goals such as confidentiality and integrity of data, or authentication of the identity. Despite that simple fact, designing security protocols has
Protocol Insecurity with a Finite Number of Sessions and a CostSensitive Guessing Intruder is NPComplete
, 2008
"... Guessing, or dictionary, attacks arise when an intruder exploits the fact that honest agents executing a security protocol exchange certain data like passwords that may have low entropy, i.e. stem from a small set of values. One way to model such attacks is to formalize a DolevYaostyle intruder mo ..."
Abstract
 Add to MetaCart
Guessing, or dictionary, attacks arise when an intruder exploits the fact that honest agents executing a security protocol exchange certain data like passwords that may have low entropy, i.e. stem from a small set of values. One way to model such attacks is to formalize a DolevYaostyle intruder model with inference rules to capture the additional capabilities of the intruder concerning guessable data. In this paper, we formalize a costsensitive intruder deduction system where information is available at a cost: to get hold of data he does not know, the intruder invokes an oracle rule, which associates a cost to each data the intruder deduces in this way. Our deduction system manipulates data items labeled with their costs, so that we can answer the question of what is the cost of deducing a particular data that was meant to remain a secret between honest protocol participants. We also investigate the complexity of this quantitative intruder deduction insecurity problem and show that it is NPcomplete in the case of a finite number of protocol sessions (i.e. for a fixed number of interleaved protocol runs).
List of Beneficiaries Beneficiary Beneficiary Beneficiary Beneficiary Country Date enter Date exit
, 2007
"... number name short name type project project 1(coordinator) Universita ̀ di Verona UNIVR academia Italy month 1 month 36 2 ETH Zurich ETH Zurich academia Switzerland month 1 month 36 3 Institut National de Recherche en Informatique academia et Automatique INRIA (research org.) France month 1 month 36 ..."
Abstract
 Add to MetaCart
(Show Context)
number name short name type project project 1(coordinator) Universita ̀ di Verona UNIVR academia Italy month 1 month 36 2 ETH Zurich ETH Zurich academia Switzerland month 1 month 36 3 Institut National de Recherche en Informatique academia et Automatique INRIA (research org.) France month 1 month 36 4 Institut de Recherche en academia Informatique de Toulouse UPSIRIT (research org.) France month 1 month 36 5 Universita ̀ di Genova UGDIST academia Italy month 1 month 36 6 IBM Research GmbH IBM industry/research Switzerland month 1 month 36 7 OpenTrust OpenTrust industry (SME) France month 1 month 36 8 Institute eAustria Timişoara IEAT research org. (SME) Romania month 1 month 36