Suppose Alice and Bob have RSA public keys in a file on a server. They communica

Question

Suppose Alice and Bob have RSA public keys in a file on a server. They communicate regularly using authenticated, confidential messages. Eve wants to read the messages but is unable to crack the RSA private keys of Alice and Bob. However, she is able to break into the server and alter the file containing Alice’s and Bob’s public keys.

a. How should Eve alter that file so that she can read confidential messages sent between Alice and Bob, and forge messages from either?

b. How might Alice and/or Bob detect Eve’s subversion of the public keys?

Explanation / Answer

Alice has public key(eA,nA) and Bob has public key (eB,nB).Eve create two new key pairs(eEA,nEA) and (eEB,nEB)and register this for alice and bob.Then if eve can intercept all communication excnanged between alice and bob,eve can undo their computation and replace it with a signature using her version of the key.Eg.suppose bob sends a signed encrypted message to alice {m{h(m)dB}eEA,eve would inteercept it,decrypt it using her version of alice private key,recalculate the hash using her version of bob private key and reencrypt using her version of alice public key to compute {m{h(m),dEB}eA.

if eve fails to intercept a message the decryption is found because the message destined to alice and bob will not correctly decrypt since alice and bob will use their real private keys to decrypt rather than eve fake private key.

alice and bob should periodically verify that the public key they have posted on server is correct.they could also post fingerprint of public key at a separate location to encourage people they communicate to validate what they receive from the certificate server

Related Questions

Navigate

• Browse (All)
• Browse S
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.