How to Prevent Type-Flaw Guessing Attacks on Password Protocols
IDAHO UNIV MOSCOW CENTER FOR SECURE AND DEPENDABLE SYSTEMS
Pagination or Media Count:
A message in a protocol is said to have a type-flaw if it was created with an intended type, but is later received and treated as a different type. A type-flaw guessing attack is an attack in which a type-flaw is induced in a protocol to enable a password guessing attack to occur. Heather, Lowe, and Schneider in How to Prevent Type Flaw Attacks on Security Protocols July 2000 prove that attacks that use type-flaws can be prevented if honest agents tag messages with their intended types. However, their tagging scheme cannot be used in a password protocol since it allows a guess to be directly verified using the tags inside password encryptions. In this paper, the authors prove that following a modification of Heather et al.s scheme, most type-flaw guessing attacks can still be prevented.
- Computer Systems Management and Standards