Workshop on
Foundations of Computer Security - FCS'03
Ottawa, Canada, 26-27 June 2003
How to prevent type-flaw guessing attacks on password protocols
Sreekanth Malladi and Jim Alves-Foss (University of Idaho - USA)
Abstract
A message in a protocol is said to have a type-flaw if it was created with
some intended type, but is later received and treated as a different type. A
type-flaw guessing attack is an attack where a password is guessed and
verified by inducing type-flaws in a protocol.
Heather et al. prove that attacks that use type-flaws can be prevented if
honest agents tag messages with their intended types. However, their tagging
scheme cannot be used in a password protocol since it allows a guess to be
directly verified using the tags inside password encryptions.
In this paper we prove that, by following a modification of Heather et al.'s
scheme, most type-flaw guessing attacks can still be prevented.