532 protocol design. |
532 protocol design. |
533 |
533 |
534 \subsubsection*{Averting Person-in-the-Middle Attacks} |
534 \subsubsection*{Averting Person-in-the-Middle Attacks} |
535 |
535 |
536 The idea of public-private key encryption is that one can make |
536 The idea of public-private key encryption is that one can make |
537 public the key $K^{pub}$ which people can use to encrypt |
537 publish the key $K^{pub}$ which people can use to encrypt |
538 messages for me. and I can use my key $K^{priv}$ to be the |
538 messages for me and I can use my private key $K^{priv}$ to be |
539 only one that can decrypt them. While this sounds all good, it |
539 the only one that can decrypt them. While this sounds all |
540 relies that people can associate me, for example, with my |
540 good, it relies on the ability that people can associate me |
541 public key. That i snot so trivial as it sounds. For example, |
541 with my public key. That is not as trivial as it sounds. For |
542 if I would be the government, say Cameron, and try to find out |
542 example, if I would be the government, say Cameron, and try to |
543 who are the trouble makers in the country, I would publish an |
543 find out who are the trouble makers in the country, I would |
544 innocent looking webpage and say I am The Guardian newspaper |
544 publish an innocent looking webpage and say I am The Guardian |
545 (or alternatively The Sun for all the juicy stories), publish |
545 newspaper (or alternatively The Sun for all the juicy |
546 a public key on it, and then just wait for incoming messages. |
546 stories), publish a public key on it, and then just wait for |
|
547 incoming messages. |
547 |
548 |
548 This problem is supposed to be solved by using certificates. |
549 This problem is supposed to be solved by using certificates. |
549 The purpose of certification organisations is that they verify |
550 The purpose of certification organisations is that they verify |
550 that a public key, say $K^{pub}_{Bob}$, really belongs to Bob. |
551 that a public key, say $K^{pub}_{Bob}$, really belongs to Bob. |
551 This is also the mechanism underlying the HTTPS protocol. The |
552 This is also the mechanism underlying the HTTPS protocol. The |
652 will send out the second half. See step 6. For this $A$ |
653 will send out the second half. See step 6. For this $A$ |
653 adds the received $M_1$ and encrypts both parts with $B$'s |
654 adds the received $M_1$ and encrypts both parts with $B$'s |
654 public key. Finally $B$ checks whether the received $M_1$ |
655 public key. Finally $B$ checks whether the received $M_1$ |
655 matches with its first half, and if yes sends $A$ its |
656 matches with its first half, and if yes sends $A$ its |
656 second half $M_2$. Now $A$ and $B$ are in the possession |
657 second half $M_2$. Now $A$ and $B$ are in the possession |
657 of $H_1$ and $H_2$, respectively $M_1$ and $M_2$ and can |
658 of $H_1$ and $H_2$, respectively $M_1$ and $M_2$, and can |
658 decrypt the corresponding messages. |
659 decrypt the corresponding messages. |
659 |
660 |
660 Now the big question is, why on earth does this splitting |
661 Now the big question is, why on earth does this splitting |
661 of messages in half and additional message exchange help |
662 of messages in half and additional message exchange help |
662 with defending against person-in-the-middle attacks? Well, |
663 with defending against person-in-the-middle attacks? Well, |
663 lets try to be such an attacker. As before we intercept |
664 let's try to be such an attacker. As before we intercept |
664 the messages where public keys are exchanged and inject |
665 the messages where public keys are exchanged and inject |
665 our own. |
666 our own. |
666 |
667 |
667 \begin{center} |
668 \begin{center} |
668 \begin{tabular}{ll@{\hspace{2mm}}l} |
669 \begin{tabular}{ll@{\hspace{2mm}}l} |
723 \end{center} |
724 \end{center} |
724 |
725 |
725 \noindent Now $E$ is in the possession of $H_1$ and $H_2$, |
726 \noindent Now $E$ is in the possession of $H_1$ and $H_2$, |
726 which it can join together in order to obtain |
727 which it can join together in order to obtain |
727 $\{A,m\}_{K^{pub}_E}$ which it can decrypt. It seems |
728 $\{A,m\}_{K^{pub}_E}$ which it can decrypt. It seems |
728 like from now on all is lost, but lets see: in order to |
729 like from now on all is lost, but let's see: in order to |
729 stay undetected it must send a message to $B$. It now has two |
730 stay undetected it must send a message to $B$. It now has two |
730 options: one is to use the newly obtained knowledge and |
731 options: one is to use the newly obtained knowledge and |
731 modify $A$'s message to be |
732 modify $A$'s message to be |
732 |
733 |
733 \[ |
734 \[ |
768 to make sense out of the two halves (which again do not fit |
769 to make sense out of the two halves (which again do not fit |
769 together). So the only option is to send $M_2$. |
770 together). So the only option is to send $M_2$. |
770 |
771 |
771 With this the protocol has ended. $E$ was able to decrypt all |
772 With this the protocol has ended. $E$ was able to decrypt all |
772 messages, but what messages did $A$ and $B$ receive and from |
773 messages, but what messages did $A$ and $B$ receive and from |
773 whom? Do you notice that they will find out that something |
774 whom? Do you notice that $A$ and $B$ will find out that |
774 strange has happened and probably not talk on this channel |
775 something strange has happened and probably not talk on this |
775 anymore? I leave you to think about it. |
776 channel anymore? I leave you to think about it. |
776 |
777 |
777 Recall from the beginning that a person-in-the middle |
778 Recall from the beginning that a person-in-the middle |
778 attack can easily be mounted at the key fob and car |
779 attack can easily be mounted at the key fob and car |
779 protocol unless we are careful. If you look at actual |
780 protocol unless we are careful. If you look at actual |
780 key fob protocols, they use a variant of the protocol |
781 key fob protocols, they use a variant of the protocol |
823 \noindent The conclusion in this post is that person-in-the-middle-attacks |
824 \noindent The conclusion in this post is that person-in-the-middle-attacks |
824 can be launched from any place on Earth---it is not required |
825 can be launched from any place on Earth---it is not required |
825 that you sit in the ``middle'' of the communication of two people. |
826 that you sit in the ``middle'' of the communication of two people. |
826 You just have to route their traffic through a node you own. |
827 You just have to route their traffic through a node you own. |
827 |
828 |
828 An article in The Guardien from 2013 reveals how GCHG and the NSA at a |
829 An article in The Guardian from 2013 reveals how GCHG and the NSA at a |
829 G20 Summit in 2009 sniffed emails from Internet cafes, monitored phone |
830 G20 Summit in 2009 sniffed emails from Internet cafes, monitored phone |
830 calls from delegates and attempted to listen on phone calls which were made |
831 calls from delegates and attempted to listen on phone calls which were made |
831 by Russions and which were transmitted via satelite links: |
832 by Russians and which were transmitted via satellite links: |
832 |
833 |
833 \begin{center} |
834 \begin{center} |
834 \url{http://www.theguardian.com/uk/2013/jun/16/gchq-intercepted-communications-g20-summits} |
835 \url{http://www.theguardian.com/uk/2013/jun/16/gchq-intercepted-communications-g20-summits} |
835 \end{center} |
836 \end{center} |
836 |
837 |