updated
authorChristian Urban <christian dot urban at kcl dot ac dot uk>
Wed, 29 Oct 2014 18:02:32 +0000
changeset 269 c4fa7e8a2ffa
parent 268 43629c8c88c6
child 270 8f2749152f1e
updated
handouts/ho05.pdf
handouts/ho05.tex
Binary file handouts/ho05.pdf has changed
--- a/handouts/ho05.tex	Wed Oct 29 17:35:41 2014 +0000
+++ b/handouts/ho05.tex	Wed Oct 29 18:02:32 2014 +0000
@@ -434,14 +434,15 @@
 secret key $K_{AB}$ and it contains the correct challenge from
 me, namely $N_A$. So I accept that $E$ is a friend and send
 even back the challenge $N'_A$. The problem is that $E$ now
-starts firing at me and I have no clue what is going on and
-suspect, erroneously, that an idiot must have leaked the
-secret key. I followed in both cases the protocol to the
-letter, but somehow $E$, with my help, managed to disguise as
-a friend. As a pilot, I would rather prefer the designer of
-this challenge-response protocol were a tad smarter. For one
-thing they violated the best practice in protocol design of
-using the same key, $K_{AB}$, for two different
+starts firing at me and I have no clue what is going on. I
+might suspect, erroneously, that an idiot must have leaked the
+secret key. Because I followed in both cases the protocol to
+the letter, but somehow $E$, unknowingly to me with my help,
+managed to disguise as a friend. As a pilot, I would be a bit
+peeved at that moment and would have preferred the designer of
+this challenge-response protocol had been a tad smarter. For
+one thing they violated the best practice in protocol design
+of using the same key, $K_{AB}$, for two different
 purposes---challenging and responding. They better had used
 two different keys. This would have averted this attack and
 would have saved me a lot of trouble.
@@ -492,9 +493,38 @@
 be ``online'' anymore until $A$ actually starts sending messages
 to $B$. $A$ and $S$ can completely on their own negotiate a
 new key. 
+
+The major limitation of this protocol however is that I need
+to trust a third party. And in this case completely, because
+$S$ can of course also read easily all messages $A$ sends to
+$B$. The problem is that I cannot really think of any
+institution who could serve as such a trusted third party. One
+would hope the government would be such a trusted party, but
+in the Snowden-era we know that this is wishful thinking in
+the West, and if I lived in Iran or North Korea, for example,
+I would not even start to hope for this.
+
+The cryptographic ``magic'' of public-private keys 
+seems to offer an elegant solution for this, but as we shall 
+see in the next section, this requires some very clever
+protocol design.
  
 \subsubsection*{Averting Person-in-the-Middle Attacks}
 
+The idea of public-private key encryption is that one can
+make public the key $P^{pub}$ which people can use to
+encrypt messages for me. and I can use my key $P^{priv}$
+to be the only one that can decrypt them. While this sounds
+all good, it relies that people can associate me, for example,
+with my public key. That i snot so trivial as it sounds. 
+For example, if I would be the government, Obama for example, 
+and find out who are the trouble makers, I would publish an
+innocent looking webpage and say I am the New York Times, for 
+example, publish a public key, and then just wait for incoming 
+messages. 
+
+
+
 \bigskip\bigskip
 Keyfobs - protocol