Mercurial Mercurial > hg > sen-material / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | gz | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
updated
authorChristian Urban <christian dot urban at kcl dot ac dot uk>
Wed, 29 Oct 2014 17:35:41 +0000
changeset 268 43629c8c88c6
parent 267 37821a377c4a
child 269 c4fa7e8a2ffa
updated
handouts/ho05.pdf file | annotate | diff | comparison | revisions
handouts/ho05.tex file | annotate | diff | comparison | revisions 
Binary file handouts/ho05.pdf has changed
--- a/handouts/ho05.tex	Wed Oct 29 16:49:00 2014 +0000
+++ b/handouts/ho05.tex	Wed Oct 29 17:35:41 2014 +0000
@@ -446,6 +446,55 @@
 two different keys. This would have averted this attack and
 would have saved me a lot of trouble.
 
+\subsubsection*{Trusted Third Parties}
+
+One limitation the protocols we discussed so far is
+that they pre-suppose a secret shared key. As already 
+mentioned, this is a convenience we cannot always assume.
+How to establish a secret key then? Well, if both parties,
+say $A$ and $B$, mutually trust a third party, say $S$, 
+then they can use the following protocol:
+
+\begin{center}
+\begin{tabular}{l@{\hspace{2mm}}l}
+$A \rightarrow S :$ & $A, B$\\
+$S \rightarrow A :$ & $\{K_{AB}\}_{K_{AS}}$ and $\{\{K_{AB}\}_{K_{BS}} \}_{K_{AS}}$\\
+$A \rightarrow B :$ & $\{K_{AB}\}_{K_{BS}}$\\
+$A \rightarrow B :$ & $\{m\}_{K_{AB}}$\\
+\end{tabular}
+\end{center}
+
+\noindent The assumption in this protocol is that $A$ and $S$
+share a secret key, and also $B$ and $S$ ($S$ being the
+trusted third party). The goal is that $A$ can send $B$ a
+message $m$ under a shared secret key $K_{AB}$, which at the
+beginning of the protocol does not exist yet. How does this
+protocol work? In the first step $A$ contacts $S$ and says
+that it wants to talk to $B$. In turn $S$ invents a new key
+$K_{AB}$ and sends two messages back to $A$: one message is
+$\{K_{AB}\}_{K_{AS}}$ which is encrypted with the key $A$ and
+$S$ share, and also the message
+$\{\{K_{AB}\}_{K_{BS}}\}_{K_{AS}}$. which is encrypted with
+$K_{AB}$ but also a second time with $K_{BS}$. The point of
+the second message is that it is a message intended for $B$.
+So a receives both messages and can decrypt them---in the
+first case it obtains the key $K_{AB}$ which $S$ suggested to
+use. In the second case it obtains a message it can forward to
+$B$. $B$ receives this message and since it knows the key it
+shares with $S$ obtains the key $K_{AB}$. Now $A$ and $B$ can
+start to exchange messages with the shared secret key
+$K_{AB}$. What is the advantage of $S$ sending $A$ two 
+messages instead of contacting $B$ instead? Well, for one
+there can now be a time-delay between the second and
+third step in the protocol. At some point in the past
+$A$ and $S$ need to have come together to share
+a key, similarly $B$ and $S$. After that $B$ does not need to
+be ``online'' anymore until $A$ actually starts sending messages
+to $B$. $A$ and $S$ can completely on their own negotiate a
+new key. 
+ 
+\subsubsection*{Averting Person-in-the-Middle Attacks}
+
 \bigskip\bigskip
 Keyfobs - protocol
sen-material