Visible to the public Biblio

Filters: Keyword is ISO-IEC 9798-6:2010 standard  [Clear All Filters]
2018-02-15
Delaune, S., Kremer, S., Robin, L..  2017.  Formal Verification of Protocols Based on Short Authenticated Strings. 2017 IEEE 30th Computer Security Foundations Symposium (CSF). :130–143.

Modern security protocols may involve humans in order to compare or copy short strings between different devices. Multi-factor authentication protocols, such as Google 2-factor or 3D-secure are typical examples of such protocols. However, such short strings may be subject to brute force attacks. In this paper we propose a symbolic model which includes attacker capabilities for both guessing short strings, and producing collisions when short strings result from an application of weak hash functions. We propose a new decision procedure for analysing (a bounded number of sessions of) protocols that rely on short strings. The procedure has been integrated in the AKISS tool and tested on protocols from the ISO/IEC 9798-6:2010 standard.