# HG changeset patch # User cu # Date 1508715394 -3600 # Node ID 490079e1615747ad45c6dd123234a09d05c4176d # Parent 9fe160a13539aefe440e8cd7449a971586e9eb54 updated diff -r 9fe160a13539 -r 490079e16157 handouts/ho05.pdf Binary file handouts/ho05.pdf has changed diff -r 9fe160a13539 -r 490079e16157 handouts/ho05.tex --- a/handouts/ho05.tex Wed Oct 18 22:31:20 2017 +0100 +++ b/handouts/ho05.tex Mon Oct 23 00:36:34 2017 +0100 @@ -201,9 +201,9 @@ \{\{msg\}_{K_1}\}_{K_2} \] -\noindent This protocol is called lockstep protocol. +\noindent The idea is that even if attacker Eve has the -key $K_2$ she could decrypt the outer envelop, but +key $K_2$, she could decrypt the outer envelop, but still does not get to the message, because it is still encrypted with the key $K_1$. Note, however, while an attacker cannot obtain the content of the message @@ -416,7 +416,7 @@ course that it requires a pre-shared secret key. That is something that needs to be established beforehand. Not all situations allow such an assumption. For example if I am a -whistleblower (say Snowden) and want to talk to a journalist +whistle-blower (say Snowden) and want to talk to a journalist (say Greenwald) then I might not have a secret pre-shared key. Another limitation is that such mutual challenge-response @@ -467,7 +467,7 @@ risk to be shot. So we add our own challenge $N'_A$ and encrypt it under the secret key $K_{AB}$ (step 3). Now $E$ does not need to know this key in order to form the correct -answer for the first protocol. It will just replays this +answer for the first protocol. It will just replay this message back to us in the challenge mode (step 4). I happily accept this message---after all it is encrypted under the secret key $K_{AB}$ and it contains the correct challenge from @@ -477,7 +477,7 @@ might suspect, erroneously, that an idiot must have leaked the secret key. Because I followed in both cases the protocol to the letter, but somehow $E$, unknowingly to me with my help, -managed to disguise as a friend. As a pilot, I would be a bit +managed to disguise as a friend. As a fighter-pilot, I would be a bit peeved at that moment and would have preferred the designer of this challenge-response protocol had been a tad smarter. For one thing they violated the best practice in protocol design @@ -807,7 +807,7 @@ \noindent I hope you have thought about all these questions. $E$ cannot modify -the received messages---$A$ and $B$ woudl find this out. To stay +the received messages---$A$ and $B$ would find this out. To stay undetected, $E$ can only forward the messages (unmodified) and this is all what $A$ and $B$ need in order to establish a shared secret. For example they can use the Hellman-Diffie key exchange protocol (see @@ -886,7 +886,7 @@ \end{center} \noindent -With this $E$ is in the possesion of both halves from $A$. +With this $E$ is in the possession of both halves from $A$. In order to get the reply from $B$, $E$ can send the message \begin{center} @@ -916,7 +916,7 @@ \noindent $A$ and $B$ receive expected messages and were able to verify their first halves. That means they do not suspect anything dodgy -going on: $E$ has sucessfully managed a man-in-the middle attack. +going on: $E$ has successfully managed a man-in-the middle attack. In case $A$ and $B$ are computers, there is not much that can prevent this attack. In case they are humans, there are a few things they can do. For example $A$ and $B$ can craft their