sen-material: comparison handouts/ho05.tex

equal deleted inserted replaced

-:88ee59591384
+:f5172bb6cf45
 \documentclass{article}
 \usepackage{../style}
 \usepackage{../langs}
 \begin{document}
-\fnote{\copyright{} Christian Urban, 2014}
+\fnote{\copyright{} Christian Urban, King's College London, 2014, 2016}
 %% the expectation is that anything encrypted today, will be
 %% decrypted in 20 years time
 %http://www.net.in.tum.de/fileadmin/TUM/teaching/netzsicherheit/ws1516/07_PKI.pdf
 meters). But there are many, many more examples for protocols
 (Bitcoins, Tor, mobile phones,\ldots).
 The common characteristics of the protocols we are interested
 in is that an adversary or attacker is assumed to be in
-complete control over the network or channel over which we
+complete control of  the network or channel over which we
 exchanging messages. An attacker can install a packet sniffer
 on a network, inject packets, intercept packets, modify
 packets, replay old messages, or fake pretty much everything
 else. In this hostile environment, the purpose of a protocol
 (that is exchange of messages) is to achieve some security
 broken\ldots{}but this is a story for another time. Suffice
 to say for now that one of the main certification
 organisations, VeriSign, has limited its liability to \$100 in
 case it issues a false certificate. This is really a joke and
 really the wrong incentive for the certification organisations
-to clean up their mess.
+to clean up their mess. The problem is compounded that
+browser vendors also play a crucial role for this to
-The problem we want to study closer here is that protocols
+work (and they might have completely different incentives
+according to which they operate).
+The problem we want to study closer now is that protocols
 based on public-private key encryption are susceptible to
 simple person-in-the-middle attacks. Consider the following
 protocol where $A$ and $B$ attempt to exchange secret messages
 using public-private keys.
 \end{tabular}
 \end{center}
 \noindent Since we assume an attacker, say $E$, has complete
 control over the network, $E$ can intercept the first two
-messages and substitutes her own public key. The protocol
+messages and substitutes her own public key. The resulting protocol
-run would therefore be
+run would be
 \begin{center}
 \begin{tabular}{ll@{\hspace{2mm}}l}
 1. & $A \to E :$ & $K^{pub}_A$\smallskip\\
 2. & $E \to B :$ & $K^{pub}_E$\smallskip\\
 possibility: what if $A$ and $B$ include a voice message in there
 messages.
 \end{minipage}}}\bigskip
 \noindent
-I hope you have thought about all these questions. Maybe you noticed that
+I hope you have thought about all these questions. $E$ cannot modify
-there is a way to defeat the lockstep protocol. If an attacker could only
+the received messages---$A$ and $B$ woudl find this out. To stay
-forward the (unmodified) messages, then all would be great. Because then
+undetected, $E$ can only forward the messages (unmodified) and this is
-it could be used to establish secret keys using the Hellman-Diffie
+all what $A$ and $B$ need in order to establish a shared secret.  For
-technique (see further reading). That $E$ was able to decrypt all messages
+example they can use the Hellman-Diffie key exchange protocol (see
-is of no importance for the Hellman-Diffie
+further reading) which works, even if $E$ can decrypt all messages.
-technique.
+All good? Unfortunately, there is a way to defeat this lockstep
-Unfortunately, $E$ can create completely fake messages. Let
+protocol---the name of this protocol that halves the messages.  The
-us look at this possibility: $E$ intercepts again the keys from $A$
+problem is $E$ can create completely fake messages. Let us look at
-and $B$, and substitutes its own keys.
+this possibility: $E$ intercepts again the keys from $A$ and $B$, and
+substitutes its own keys.
 \begin{center}
 \begin{tabular}{ll@{\hspace{2mm}}l}
 1. & $A \to E :$ & $K^{pub}_A$\smallskip\\
 2. & $E \to B :$ & $K^{pub}_E$\smallskip\\

changeset 495	f5172bb6cf45
parent 494	88ee59591384
child 551	321877915a05