Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Alice would like to send confidential and authenticated messages for Bob. Consid

ID: 3887993 • Letter: A

Question

Alice would like to send confidential and authenticated messages for Bob.  Consider the following security protocol between Alice, Bob, using a trusted Server.  Notation: E(M,K) encryption of message M with key K; D(M,K) decryption of message M with key K;  Sign(M,K) signature of message M with key K, KD-X is the private key of X, KE-X is the public key of X, Ksession is a secret key, Id-X is the identity of X, h(M) is the hash value of message M, Time1 is a time stamp, and || denotes a concatenation of the messages.  Assume, Alice and Bob know the Server’s public key (KE-S) in a reliable manner.

Message 1: A ® S:    “Request signed public keys for A and B”

Message 2:  S ® A:   Sign([KE-B || Id-B], KD-S)   ||   Sign([KE-A || Id-A], KD-S)

Why did the Server sign both KE-B and KE-A?

           

Message 3:  A ® B:  Sign([KE-A || Id-A], KD-S)  ||  E( Ksession, KE-B)  ||  E (M, Ksession)  || Sign(h(M), KD-A)

How can B verify that message originated from A?

What happens if a passive attacker intercepts this message?

Message 4: B ® A:   E (“ACK”, Ksession)

What will Alice know after receiving the acknowledgment from Bob?

Assume that the protocol is modified as follows:

Message 1: A ® S:     “Request signed public keys for A and B”

Message 2: S ® A:      (“Bob’s key” || Sign(KE-B, KD-S))     ||   (Alice’s key” || Sign(KE-A, KD-S))

Message 3: A ® B:     “Alice’s key” || Sign(KE-A, KD-S)    || E( Ksession, KE-B)   ||   E (M, Ksession)   || Sign(h(M), KD-A)

Message 4: B ® A:       E (“ACK”, Ksession)

Show how Eve can attack the protocol such that she can disclose the message M.

Explanation / Answer

Message 1: A ® S:     “Request signed public keys for A and B”

Message 2: S ® A:    Sign([KE-B || Id-B], KD-S) ||   Sign([KE-A || Id-A], KD-S)

Why did the Server sign both KE-B and KE-A?

A signature provides a certain level of trust, that a given key was generated by the person it claims to be from. The trusted server knows the public key of all users. The trusted server has its own (private key, public key) that it is using to communicate to users. In this case, Alice requested signed public keys of A and B. Now server signs both public keys of A and B with its own private key for the authentication of the message. Alice then uses the public key of server to decrypt the message and receive Bob’s public key. Now, using the public key of Bob, Alice can communicate to Bob.

Message 3: A ® B:   Sign([KE-A || Id-A], KD-S) || E( Ksession, KE-B) || E (M, Ksession) || Sign(h(M), KD-A)

How can B verify that message originated from A?

B receives a signed message from A with its public key, identity, secret session key (Ksession), hashed message with A’s private key. Now B approaches server to get the public key of A. Server replies B with signed public key of A. B decrypts the message using A’s public key. It can see the identity of A (Id-A) from the message and authenticates A.

What happens if a passive attacker intercepts this message?

If an attacker receives this message he can’t get any information because the message is signed using public key of B and can be decrypted using only private key of B.

Message 4: B ® A:    E (“ACK”, Ksession)

What will Alice know after receiving the acknowledgment from Bob?

After receiving this acknowledgement from Bob, Alice can ensure and authenticate Bob. The ACK contains nonce value that is passed between B and A. While sending the ack, B will make sure to include the nonce value that A has send and known only to A. This help A to identify B. Vice versa also. The secret session key (Ksession) help to create a trust between Alice and Bob. It’s known only between Alice and Bob. Now since the connection (trust) is established between Alice and Bob they can start communicating without the server.

Assume that the protocol is modified as follows:

Message 1: A ® S:      “Request signed public keys for A and B”

Message 2: S ® A:     (“Bob’s key” || Sign(KE-B, KD-S))     ||   (Alice’s key” || Sign(KE-A, KD-S))

Message 3: A ® B:    “Alice’s key” || Sign(KE-A, KD-S)   || E( Ksession, KE-B)   ||   E (M, Ksession)   || Sign(h(M), KD-A)

Message 4: B ® A:      E (“ACK”, Ksession)

Show how Eve can attack the protocol such that she can disclose the message M.

If the messages are modified as shown above, then from the second message an attacker(Eve) can easily obtain Alice’s and Bob’s public key. Now using this public key, Eve can modify the third message. By modifying the message Eve can act as A for B and B for A (Identity theft)). Eve can successfully eavesdrop the communication between Alice and Bob.

Related Questions

Alice has a message, generates a one time pad, encrypts her message and sends it
Question #648979
Alice has a shuffled deck of 11 cards that have numbers 15,32, 6, 17,22, 43, 67,
Question #3354857
Alice has a ticket for a film festival. Every week, one movie will be screened.
Question #1111198
Alice has an item X and Bob has a set of five distinct items (Y1,...Y5). Design
Question #3777494
Alice has an item x and Bob has a set of five distinct items y1, y2, y3, y4, and
Question #3585755
Alice has been assigned the task of deploying Windows 8 on her department’s exis
Question #3662269
Alice has been assigned the task of deploying Windows 8 on her department’s exis
Question #3662424
Alice has four blocks of plaintext, P_0, P_1, P_2, P_3, which she encrypts using
Question #3885816
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Alice would like to compare two DNA sequences, seq1 (ACCATCGGA) and eq2 (ATCCATG
Next
Alice would like to send confidential and authenticated messages for Bob. Consid

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.