03-16-2010-answers - CS 161 Spring 2010 Computer Security...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
CS 161 Computer Security Spring 2010 Paxson/Wagner Discussion 7 March 16, 2010 1. Key Exchange Consider the following key exchange protocol: Message 1 A S : A , B Message 2 S A : CA , CB Message 3 A B : CA , CB , {{ K ab , T a } K - 1 a } K b In the first message A requests from S the certificates for A and B . In the second message, S returns both certificates. These can be used to verify the public key of A and B . In the final message, A sends to B a symmetric key K ab for use in subsequent communication. A timestamp T a is included in the message. A knows that only B can read the key because it is encrypted with K b and B knows that A sent the key because it is signed by K - 1 a . What is wrong with this protocol? How could you fix it? Answer: Once A has established communication with B , B can later (within the duration of the valid period specified by T a ) communicate with a third party C , pretending to be A . C will believe it has a shared key with A . The attack would look like this: Message 1 A S : A , B Message 2 S A : CA , CB Message 3 A B : CA , CB , {{ K ab , T a } K - 1 a } K b Message 1’ B S : B , C Message 2’ S B : CB , CC Message 3’ B C : CA , CC , {{ K ab , T a } K - 1 a } K c A fix is to require message 3 of the protocol to explicitly state that key K ab is good for communication between A and B : Message 3 A B : CA , CB , {{ A , B , K ab , T a } K - 1 a } K b Another issue is that B is trusting A to choose the session key. A may not be so good at generating secure keys. This example is taken from Prudent Engineering Practice for Cryptographic Protocols by Mart´ ın Abadi and Roger Needham. The paper includes many interesting examples of broken protocols that were at one time thought to be secure. 2. Timestamps Timestamps are often an integral part of cryptographic protocols. Consider the following protocol for syn- chronizing a clock with a time server. Message 1 A S : A , N a Message 2 S A : { T s , N a } K as CS 161, Spring 2010, Discussion 7 1
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
A sends a message to the timeserver and includes a nonce N a . The timeserver responds with the current time, T s , and the nonce, using a shared key previously agreed upon by
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 3

03-16-2010-answers - CS 161 Spring 2010 Computer Security...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online