Although various past eorts have been made to character-ize and detect guessing attacks, there is no consensus on the de nition of guessing attacks. Such a lack of generic deni-tion makes it extremely dicult to evaluate the resilience of security protocols to guessing attacks. To overcome this hurdle, we seek a new denition in this paper to fully characterize the attacker's guessing capabili-ties (i.e., guessability). This provides a general framework to reason about guessing attacks in a symbolic setting, in-dependent of specic intruder models. We show how the framework can be used to analyze both passive and active guessing attacks
Abstract. The indistinguishability of two pieces of data (or two lists of pieces of data) can be rep...
In the present thesis, we aim at alleviating the inherent limitations affecting current solu- tions ...
Parameterized password guessability—how many guesses a particular cracking algorithm with particular...
Although various past efforts have been made to character-ize and detect guessing attacks, there is ...
Guessing, or dictionary, attacks arise when an intruder exploits the fact that certain data like pas...
Abstract. We present a calculus for detecting guessing attacks, based on oracles that instantiate cr...
Starting from algebraic properties that enable guessing low-entropy secrets, we formalize guessing r...
If a protocol is implemented using a poor password, then the password can be guessed and verified fr...
Users are normally authenticated via their passwords in computer systems. Since people tend to choos...
Abstract. We introduce a probabilistic framework for the automated analysis of security protocols. O...
A guessing attack on a security protocol is an attack where an attacker guesses a poorly chosen secr...
<p>In an effort to improve security by preventing users from picking weak passwords, system administ...
This paper presents an extension of the pi-calculus that can reason about brute force and guessing a...
While trawling online/offline password guessing has been intensively studied, only a few studies hav...
Abstract—We report on the largest corpus of user-chosen passwords ever studied, consisting of anonym...
Abstract. The indistinguishability of two pieces of data (or two lists of pieces of data) can be rep...
In the present thesis, we aim at alleviating the inherent limitations affecting current solu- tions ...
Parameterized password guessability—how many guesses a particular cracking algorithm with particular...
Although various past efforts have been made to character-ize and detect guessing attacks, there is ...
Guessing, or dictionary, attacks arise when an intruder exploits the fact that certain data like pas...
Abstract. We present a calculus for detecting guessing attacks, based on oracles that instantiate cr...
Starting from algebraic properties that enable guessing low-entropy secrets, we formalize guessing r...
If a protocol is implemented using a poor password, then the password can be guessed and verified fr...
Users are normally authenticated via their passwords in computer systems. Since people tend to choos...
Abstract. We introduce a probabilistic framework for the automated analysis of security protocols. O...
A guessing attack on a security protocol is an attack where an attacker guesses a poorly chosen secr...
<p>In an effort to improve security by preventing users from picking weak passwords, system administ...
This paper presents an extension of the pi-calculus that can reason about brute force and guessing a...
While trawling online/offline password guessing has been intensively studied, only a few studies hav...
Abstract—We report on the largest corpus of user-chosen passwords ever studied, consisting of anonym...
Abstract. The indistinguishability of two pieces of data (or two lists of pieces of data) can be rep...
In the present thesis, we aim at alleviating the inherent limitations affecting current solu- tions ...
Parameterized password guessability—how many guesses a particular cracking algorithm with particular...