applied cryptography - protocols, algorithms, and source code in c

Applied cryptography protocols algorithms and source code in c

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: lking to Alice and imitate Alice when talking to Bob. Here’s how the attack works: (1) Alice sends Bob her public key. Mallory intercepts this key and sends Bob his own public key. (2) Bob sends Alice his public key. Mallory intercepts this key and sends Alice his own public key. (3) When Alice sends a message to Bob, encrypted in “Bob’s” public key, Mallory intercepts it. Since the message is really encrypted with his own public key, he decrypts it with his private key, re-encrypts it with Bob’s public key, and sends it on to Bob. (4) When Bob sends a message to Alice, encrypted in “Alice’s” public key, Mallory intercepts it. Since the message is really encrypted with his own public key, he decrypts it with his private key, re-encrypts it with Alice’s public key, and sends it on to Alice. Even if Alice’s and Bob’s public keys are stored on a database, this attack will work. Mallory can intercept Alice’s database inquiry and substitute his own public key for Bob’s. He can do the same to Bob and substitute his own public key for Alice’s. Or better yet, he can break into the database surreptitiously and substitute his key for both Alice’s and Bob’s. Then he simply waits for Alice and Bob to talk with each other, intercepts and modifies the messages, and he has succeeded. This man-in-the-middle attack works because Alice and Bob have no way to verify that they are talking to each other. Assuming Mallory doesn’t cause any noticeable network delays, the two of them have no idea that someone sitting between them is reading all of their supposedly secret communications. Interlock Protocol The interlock protocol, invented by Ron Rivest and Adi Shamir [1327], has a good chance of foiling the man-in-the-middle attack. Here’s how it works: (1) Alice sends Bob her public key. (2) Bob sends Alice his public key. (3) Alice encrypts her message using Bob’s public key. She sends half of the encrypted message to Bob. (4) Bob encrypts his message using Alice’s public key. He sends half of the encrypted mes...
View Full Document

This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.

Ask a homework question - tutors are online