Skip to Main content Skip to Navigation

Formal verification of protocols based on short authenticated strings (extended version)

Abstract : Modern security protocols may involve humans in order to compare or copy short strings between different devices. Multi-factor authentication protocols, such as Google 2-factor or 3D-secure are typical examples of such protocols. However, such short strings may be subject to brute force attacks. In this paper we propose a symbolic model which includes attacker capabilities for both guessing short strings, and producing collisions when short strings result from an application of weak hash functions. We propose a new decision procedure for analysing (a bounded number of sessions of) protocols that rely on short strings. The procedure has been integrated in the AKISS tool and tested on protocols from the ISO/IEC 9798-6:2010 standard.
Document type :
Complete list of metadata

Cited literature [22 references]  Display  Hide  Download
Contributor : Steve Kremer Connect in order to contact the contributor
Submitted on : Monday, May 29, 2017 - 12:59:11 PM
Last modification on : Tuesday, October 19, 2021 - 11:59:00 PM
Long-term archiving on: : Wednesday, September 6, 2017 - 10:51:23 AM


Files produced by the author(s)


  • HAL Id : hal-01528603, version 1


Stéphanie Delaune, Steve Kremer, Ludovic Robin. Formal verification of protocols based on short authenticated strings (extended version). [Research Report] Inria Nancy - Grand Est. 2017. ⟨hal-01528603⟩



Record views


Files downloads