Security protocols: Difference between revisions
Jump to navigation
Jump to search
Line 9: | Line 9: | ||
=== using public-key crypto - encrytion === |
=== using public-key crypto - encrytion === |
||
==== Needham-Schroeder |
==== Needham-Schroeder protocol (NS) ==== |
||
References: [http://en.wikipedia.org/wiki/Needham–Schroeder_protocol] |
References: [http://en.wikipedia.org/wiki/Needham–Schroeder_protocol] |
||
Line 27: | Line 27: | ||
A --> E : P_E(k_2) # E learns k_2 from A's message |
A --> E : P_E(k_2) # E learns k_2 from A's message |
||
E --> B: P_B(k_2) # ... and forwards it to B with B public key |
E --> B: P_B(k_2) # ... and forwards it to B with B public key |
||
:Now, B falsely believes that A is communicating with him, and that k_1 and k_2 are known only to A and B. |
|||
==== Needham-Schroeder-Lowe protocol (NSL) ==== |
==== Needham-Schroeder-Lowe protocol (NSL) ==== |
Revision as of 12:42, 10 June 2014
References
- Handbook of applied cryptography
- ! this book is not always up-to-date ! Some protocols might be broken today (eg. Needham-Schroeder public-key protocol)
Authentication Protocol
using symmetric crypto
using public-key crypto - encrytion
Needham-Schroeder protocol (NS)
References: [1]
- Vulnerable to MiTM attack — use the NSL variant!
The protocol:
A --> B: P_B(k_1,A) A <== B: P_A(k_1,k_2) A --> B: P_B(k_2)
The MiTM attack (via relay):
- If E can persuade A to start a session with him, he can relay to B and convince B that he is communicating with A.
A --> E : P_E(k_1,A) E --> B: P_B(k_1,A) A <== E <== B: P_A(k_1,k_2) # E simply relays B's nonce back to A A --> E : P_E(k_2) # E learns k_2 from A's message E --> B: P_B(k_2) # ... and forwards it to B with B public key
- Now, B falsely believes that A is communicating with him, and that k_1 and k_2 are known only to A and B.
Needham-Schroeder-Lowe protocol (NSL)
References: [2], hac, chap 12, §12.38
- Don't confuse with the symmetric variant (used in Kerberos).
- Original version (NS protocol) broken — use this variant instead.
The protocol:
A --> B: P_B(k_1,A) A <== B: P_A(k_1,k_2,B) A --> B: P_B(k_2)