This preview shows page 1. Sign up to view the full content.
Unformatted text preview: t to certain Terms & Conditions, Copyright © 1996-2000 EarthWeb Inc. All rights reserved. Reproduction whole or in part in any form or medium without express written permission of EarthWeb is prohibited. Read EarthWeb's privacy statement. To access the contents, click the chapter and section titles. Applied Cryptography, Second Edition: Protocols, Algorthms, and Source Code in C (cloth)
Brief Full Advanced Search Search Tips (Publisher: John Wiley & Sons, Inc.) Author(s): Bruce Schneier ISBN: 0471128457 Publication Date: 01/01/96 Search this book:
Go! Previous Table of Contents Next
----------- The major security hole in this protocol is that old session keys are valuable. If Mallory gets access to an old K, he can launch a successful attack . All he has to do is record Alice’s messages to Bob in step (3). Then, once he has K, he can pretend to be Alice: (1) Mallory sends Bob the following message: EB(K,A) (2) Bob extracts K, generates RB, and sends Alice: EK(RB) (3) Mallory intercepts the message, decrypts it with K, and sends Bob: EK(RB - 1) (4) Bob verifies that “Alice’s” message is RB - 1. Now, Mallory has Bob convinced that he is Alice. A stronger protocol, using timestamps, can defeat this attack [461,456]. A time-stamp is added to Trent’s message in step (2) encrypted with Bob’s key: EB(K,A,T). Timestamps require a secure and accurate system clock—not a trivial problem in itself. If the key Trent shares with Alice is ever compromised, the consequences are drastic. Mallory can use it to obtain session keys to talk with Bob (or anyone else he wishes to talk to). Even worse, Mallory can continue to do this even after Alice changes her key . Needham and Schroeder attempted to correct these problems in a modified version of their protocol . Their new protocol is essentially the same as the Otway-Rees protocol, published in the same issue of the same journal. Otway-Rees This protocol also uses symmetric cryptography . (1) Alice generates a messa...
View Full Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
- Fall '10