applied cryptography - protocols, algorithms, and source code in c

Eve listening in on the interaction cannot get any

Info icon This preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: x100 off her list. Every time Alice logs in, she enters the last uncrossed number on her list: xi. The computer calculates f(xi) and compares it with xi+1 stored in its database. Eve can’t get any useful information because each number is only used once, and the function is one-way. Similarly, the database is not useful to an attacker. Of course, when Alice runs out of numbers on her list, she has to reinitialize the system. Authentication Using Public-Key Cryptography Even with salt, the first protocol has serious security problems. When Alice sends her password to her host, anyone who has access to her data path can read it. She might be accessing her host through a convoluted transmission path that passes through four industrial competitors, three foreign countries, and two forward-thinking universities. Eve can be at any one of those points, listening to Alice’s login sequence. If Eve has access to the processor memory of the host, she can see the password before the host hashes it. Public-key cryptography can solve this problem. The host keeps a file of every user’s public key; all users keep their own private keys. Here is a na•ve attempt at a protocol. When logging in, the protocol proceeds as follows: (1) The host sends Alice a random string. (2) Alice encrypts the string with her private key and sends it back to the host, along with her name. (3) The host looks up Alice’s public key in its database and decrypts the message using that public key. (4) If the decrypted string matches what the host sent Alice in the first place, the host allows Alice access to the system. No one else has access to Alice’s private key, so no one else can impersonate Alice. More important, Alice never sends her private key over the transmission line to the host. Eve, listening in on the interaction, cannot get any information that would enable her to deduce the private key and impersonate Alice. The private key is both long and non-mnemonic, and will probably be processed automatically by the user’s hardware or communications software. This requires an intellig...
View Full Document

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern