{"title":"Rethinking about guessing attacks","authors":"Zhiwei Li, Weichao Wang","doi":"10.1145/1966913.1966954","DOIUrl":null,"url":null,"abstract":"Although various past efforts have been made to characterize and detect guessing attacks, there is no consensus on the definition of guessing attacks. Such a lack of generic definition makes it extremely difficult to evaluate the resilience of security protocols to guessing attacks.\n To overcome this hurdle, we seek a new definition in this paper to fully characterize the attacker's guessing capabilities (i.e., guessability). This provides a general framework to reason about guessing attacks in a symbolic setting, independent of specific intruder models. We show how the framework can be used to analyze both passive and active guessing attacks.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1966913.1966954","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
Although various past efforts have been made to characterize and detect guessing attacks, there is no consensus on the definition of guessing attacks. Such a lack of generic definition makes it extremely difficult to evaluate the resilience of security protocols to guessing attacks.
To overcome this hurdle, we seek a new definition in this paper to fully characterize the attacker's guessing capabilities (i.e., guessability). This provides a general framework to reason about guessing attacks in a symbolic setting, independent of specific intruder models. We show how the framework can be used to analyze both passive and active guessing attacks.