Security protocols: Difference between revisions

References

• Handbook of applied cryptography

! this book is not always up-to-date ! Some protocols might be broken today (eg. Needham-Schroeder public-key protocol)

Authentication Protocol

using symmetric crypto

using public-key crypto - encrytion

Needham-Schroeder protocol (NS)

References: [1]

• Vulnerable to MiTM attack — use the NSL variant!

The protocol:

A --> B: P_B(k_1,A)
A <== B: P_A(k_1,k_2)
A --> B: P_B(k_2)

The MiTM attack (via relay):

• If E can persuade A to start a session with him, he can relay to B and convince B that he is communicating with A.

A --> E      : P_E(k_1,A)
      E --> B: P_B(k_1,A)
A <== E <== B: P_A(k_1,k_2)          # E simply relays B's nonce back to A
A --> E      : P_E(k_2)              # E learns k_2 from A's message
      E --> B: P_B(k_2)              # ... and forwards it to B with B public key

Now, B falsely believes that A is communicating with him, and that k_1 and k_2 are known only to A and B.

Needham-Schroeder-Lowe protocol (NSL)

References: [2], hac, chap 12, §12.38

• Don't confuse with the symmetric variant (used in Kerberos).
• Original version (NS protocol) broken — use this variant instead.

The protocol:

A --> B: P_B(k_1,A)
A <== B: P_A(k_1,k_2,B)
A --> B: P_B(k_2)

using public-key crypto - signature

• The private key could be derived from a passphrase (GitHub does that apparently [3]). This way, secret data never leaves the client side.