Accession Number:

ADA459892

Title:

How to Prevent Type-Flaw Guessing Attacks on Password Protocols

Descriptive Note:

Research paper

Corporate Author:

IDAHO UNIV MOSCOW CENTER FOR SECURE AND DEPENDABLE SYSTEMS

Personal Author(s):

Report Date:

2003-01-01

Pagination or Media Count:

12.0

Abstract:

A message in a protocol is said to have a type-flaw if it was created with an intended type, but is later received and treated as a different type. A type-flaw guessing attack is an attack in which a type-flaw is induced in a protocol to enable a password guessing attack to occur. Heather, Lowe, and Schneider in How to Prevent Type Flaw Attacks on Security Protocols July 2000 prove that attacks that use type-flaws can be prevented if honest agents tag messages with their intended types. However, their tagging scheme cannot be used in a password protocol since it allows a guess to be directly verified using the tags inside password encryptions. In this paper, the authors prove that following a modification of Heather et al.s scheme, most type-flaw guessing attacks can still be prevented.

Subject Categories:

  • Computer Systems Management and Standards
  • Cybernetics

Distribution Statement:

APPROVED FOR PUBLIC RELEASE