Sciweavers

CSFW
2008
IEEE

Composition of Password-Based Protocols

13 years 10 months ago
Composition of Password-Based Protocols
We investigate the composition of protocols that share a common secret. This situation arises when users employ the same password on different services. More precisely we study whether resistance against guessing attacks composes when the same password is used. We model guessing attacks using a common definition based on static equivalence in a cryptographic process calculus close to the applied pi calculus. We show that resistance against guessing attacks composes in the presence of a passive attacker. However, composition does not preserve resistance against guessing attacks for an active attacker. We therefore propose a simple syntactic criterion under which we show this composition to hold. Finally, we present a protocol transformation that ensures this syntactic criterion and preserves resistance against guessing attacks.
Stéphanie Delaune, Steve Kremer, Mark Ryan
Added 29 May 2010
Updated 29 May 2010
Type Conference
Year 2008
Where CSFW
Authors Stéphanie Delaune, Steve Kremer, Mark Ryan
Comments (0)