80 likes | 254 Views
IT IS 6200/8200. Authentication & key exchange. Try to merge the previous two steps: Establish the session key and persuade Alice that you are Bob Tens of protocols have been developed: some good, some bad Lesson we learn: Do not try to be smart
E N D
Authentication & key exchange • Try to merge the previous two steps: • Establish the session key and persuade Alice that you are Bob • Tens of protocols have been developed: some good, some bad • Lesson we learn: • Do not try to be smart • Do not make messages too similar to each other
Protocol 1: Otway-Rees ( a good protocol) • 4 steps • The freshness is protected by the random numbers • Both parties get involved from the very beginning
The Protocol n || Alice || Bob || { r1 || n || Alice || Bob } kA Alice Bob n || Alice || Bob || { r1 || n || Alice || Bob } kA || { r2 || n || Alice || Bob } kB Cathy Bob n || { r1 || ks } kA || { r2 || ks } kB Cathy Bob n || { r1 || ks } kA Alice Bob
Protocol 2: Neuman-Stubblebine • 4 step protocol • Good point: • Only timestamp from one party is involved, so avoid synchronization • Even M cracks K, he cannot conduct the attack and impersonate A since the timestamp would have expired. • Problem: • Type-flaw attack: an attacker can pretend to be Alice (it needs to control the path between B and T)
Protocol 3: Denning-Sacco (an unsafe protocol) • 3 step protocol • Using public-private key • Still not safe: • B can impersonate A to talk to anyone else • Fix for this: • Identify communication parties that use the key
Lessons we learn: • Identify the communication parties • Protect the freshness of the key • Get both parties involved early • Do not make packets similar to each other • Do not try to outsmart other researchers or hackers
Secret splitting: • All parties are required to recover the secret • Solution: XOR • Secret sharing: • Only a threshold number of parties are required to recover the secret • The example using polynomial