509 see in the next section, this requires some very clever |
509 see in the next section, this requires some very clever |
510 protocol design. |
510 protocol design. |
511 |
511 |
512 \subsubsection*{Averting Person-in-the-Middle Attacks} |
512 \subsubsection*{Averting Person-in-the-Middle Attacks} |
513 |
513 |
514 The idea of public-private key encryption is that one can |
514 The idea of public-private key encryption is that one can make |
515 make public the key $P^{pub}$ which people can use to |
515 public the key $K^{pub}$ which people can use to encrypt |
516 encrypt messages for me. and I can use my key $P^{priv}$ |
516 messages for me. and I can use my key $K^{priv}$ to be the |
517 to be the only one that can decrypt them. While this sounds |
517 only one that can decrypt them. While this sounds all good, it |
518 all good, it relies that people can associate me, for example, |
518 relies that people can associate me, for example, with my |
519 with my public key. That i snot so trivial as it sounds. |
519 public key. That i snot so trivial as it sounds. For example, |
520 For example, if I would be the government, Obama for example, |
520 if I would be the government, say Cameron, and try to find out |
521 and find out who are the trouble makers, I would publish an |
521 who are the trouble makers in the country, I would publish an |
522 innocent looking webpage and say I am the New York Times, for |
522 innocent looking webpage and say I am The Guardian newspaper |
523 example, publish a public key, and then just wait for incoming |
523 (or alternatively The Sun for all the juicy stories), publish |
524 messages. |
524 a public key on it, and then just wait for incoming messages. |
525 |
525 |
526 |
526 This problem is supposed to be solved by using certificates. |
527 |
527 The purpose of certification organisations is that they verify |
528 \bigskip\bigskip |
528 that a public key, say $K^{pub}_{Bob}$, really belongs to Bob. |
529 Keyfobs - protocol |
529 This is also the mechanism underlying the HTTPS protocol. The |
|
530 problem is that this system is essentially completely |
|
531 broken\ldots{}but this is a story for another time. Suffice |
|
532 to say for now that one of the main certification |
|
533 organisations, VeriSign, has limited its liability to \$100 in |
|
534 case it issues a false certificate. This is really a joke and |
|
535 really the wrong incentive for the certification organisations |
|
536 to clean up their mess. |
|
537 |
|
538 The problem we want to study closer here is that |
|
539 public-private key encryption is susceptible to |
|
540 person-in-the-middle attack. Consider the following protocol |
|
541 where $A$ and $B$ attempt to exchange secret messages using |
|
542 public-private keys. |
|
543 |
|
544 \begin{itemize} |
|
545 \item $A$ sends public key to $B$ |
|
546 \item $B$ sends public key to $A$ |
|
547 \item $A$ sends message encrypted with $B$'s public |
|
548 key,\\ $B$ decrypts it with its private key |
|
549 \item $B$ sends message encrypted with $A$'s public |
|
550 key,\\ $A$ decrypts it with its private key |
|
551 \end{itemize} |
|
552 |
|
553 |
|
554 \bigskip\bigskip Keyfobs - protocol |
530 |
555 |
531 \subsubsection*{Further Reading} |
556 \subsubsection*{Further Reading} |
532 |
557 |
533 {\small |
558 {\small |
534 \url{http://www.cs.ru.nl/~rverdult/Gone_in_360_Seconds_Hijacking_with_Hitag2-USENIX_2012.pdf}} |
559 \url{http://www.cs.ru.nl/~rverdult/Gone_in_360_Seconds_Hijacking_with_Hitag2-USENIX_2012.pdf}} |