applied cryptography - protocols, algorithms, and source code in c

Add the names inside the encrypted message in step 3

This preview shows page 1. Sign up to view the full content.

This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: dium without express written permission of EarthWeb is prohibited. Read EarthWeb's privacy statement. To access the contents, click the chapter and section titles. Applied Cryptography, Second Edition: Protocols, Algorthms, and Source Code in C (cloth) Go! Keyword Brief Full Advanced Search Search Tips (Publisher: John Wiley & Sons, Inc.) Author(s): Bruce Schneier ISBN: 0471128457 Publication Date: 01/01/96 Search this book: Go! Previous Table of Contents Next ----------- Denning-Sacco This protocol also uses public-key cryptography [461]. Trent keeps a database of everyone’s public keys. (1) Alice sends a message to Trent with her identity and Bob’s identity: A,B (2) Trent sends Alice Bob’s public key, KB, signed with Trent’s private key, T. Trent also sends Alice her own public key, KA, signed with his private key. ST(B,KB),ST(A,KA) (3) Alice sends Bob a random session key and a timestamp, signed in her private key and encrypted in Bob’s public key, along with both signed public keys. EB(SA(K,TA)),ST(B,KB),ST(A,KA) (4) Bob decrypts Alice’s message with his private key and then verifies Alice’s signature with her public key. He checks to make sure that the timestamp is still valid. At this point both Alice and Bob have K, and can communicate securely. This looks good, but it isn’t. After completing the protocol with Alice, Bob can then masquerade as Alice [5]. Watch: (1) Bob sends his name and Carol’s name to Trent B,C (2) Trent sends Bob both Bob’s and Carol’s signed public keys. ST(B,KB),ST(C,KC) (3) Bob sends Carol the signed session key and timestamp he previously received from Alice, encrypted with Carol’s public key, along with Alice’s certificate and Carol’s certificate. EC(SA(K,TA)),ST(A,KA),ST(C,KC) (4) Carol decrypts Alice’s message with her private key and then verifies Alice’s signature with her public key. She checks to make sure that the timestamp is still valid. Carol now thinks she is talking to Alice; Bob has successfully fooled her. In fact, Bob can fool ever...
View Full Document

This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.

Ask a homework question - tutors are online