3 Digital signatures a. Digital signatures are sometimes used for authenticating
ID: 3604757 • Letter: 3
Question
3 Digital signatures a. Digital signatures are sometimes used for authenticating users in network protocols. SSH and TLS, for example, can both use such a echanism. Consider the following protocol . The server sends Alice a randomly chosen number Alice digitally signs the number and sends the signature back to the server The server checks the signature using Alice's public key. If the signature is valid, then the server accepts Alice's connection request Suppose that Alice uses the same private key to log in to a server and sign her emails. Show how a server could forge emails from Alice. For this exercise, assume that the authentication mechanism signs the bare challenge without hashing, while for emails Alice signs the hash of the message. 2 marks. b. Suggest a modification to the authentication protocol which would defeat this attack. 2 marks.Explanation / Answer
Solution:
a)
The server can easily forge the emails from Alice. Since Alice is using the same private key to log into server attacker can easily get that key information and can exchange data with the server. Since there is not hashing on the data the attacker can easily identify the private key of Alice by analyzing data sent over a period of time. This attack is usually known as the man in the middle attack which the attacker can use and exploit the data of Alice.
b)
The modification would be to encrypt the data using the digital number signed sent by the server and the authentication of the private and public key should be based on the hash sent. Also, there should be a lock mechanism implemented on the transfer to ensure that the communication link is happening correctly between Alice and server. The lock should ensure that the packet actually is coming from the server.
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.