Security protocols: Difference between revisions

From miki
Jump to navigation Jump to search
Line 8: Line 8:


=== using public-key crypto - encrytion ===
=== using public-key crypto - encrytion ===

==== Needham-Schroeder-Lowe protocol (NSL) ====
References: [http://en.wikipedia.org/wiki/Needham–Schroeder_protocol]

* '''{{red|Vulnerable to MiTM attack}}''' — use the NSL variant!

The protocol:
A --> B: P_B(k_1,A)
A <== B: P_A(k_1,k_2)
A --> B: P_B(k_2)

The MiTM attack (via relay):
* If E can persuade A to start a session with him, he can relay to B and convince B that he is communicating with A.

A --> E : P_E(k_1,A)
E --> B: P_B(k_1,A)
A <== E <== B: P_A(k_1,k_2) # E simply relays B's nonce back to A
A --> E : P_E(k_2) # E learns k_2 from A's message
E --> B: P_B(k_2) # ... and forwards it to B with B public key


==== Needham-Schroeder-Lowe protocol (NSL) ====
==== Needham-Schroeder-Lowe protocol (NSL) ====
Line 13: Line 32:


* '''{{red|Don't confuse with}}''' the symmetric variant (used in Kerberos).
* '''{{red|Don't confuse with}}''' the symmetric variant (used in Kerberos).
* '''{{red|Orignal version (NS protocol) broken}}''' &mdash; use this variant instead.
* '''{{red|Original version (NS protocol) broken}}''' &mdash; use this variant instead.


The protocol:
A --> B: P_B(k_1,A)
A --> B: P_B(k_1,A)
A <== B: P_A(k_1,k_2,B)
A <== B: P_A(k_1,k_2,B)

Revision as of 07:53, 10 June 2014

References

  • Handbook of applied cryptography
! this book is not always up-to-date ! Some protocols might be broken today (eg. Needham-Schroeder public-key protocol)

Authentication Protocol

using symmetric crypto

using public-key crypto - encrytion

Needham-Schroeder-Lowe protocol (NSL)

References: [1]

  • Vulnerable to MiTM attack — use the NSL variant!

The protocol: 

A --> B: P_B(k_1,A)
A <== B: P_A(k_1,k_2)
A --> B: P_B(k_2)

The MiTM attack (via relay):

  • If E can persuade A to start a session with him, he can relay to B and convince B that he is communicating with A.
A --> E      : P_E(k_1,A)
      E --> B: P_B(k_1,A)
A <== E <== B: P_A(k_1,k_2)          # E simply relays B's nonce back to A
A --> E      : P_E(k_2)              # E learns k_2 from A's message
      E --> B: P_B(k_2)              # ... and forwards it to B with B public key

Needham-Schroeder-Lowe protocol (NSL)

References: [2], hac, chap 12, §12.38

  • Don't confuse with the symmetric variant (used in Kerberos).
  • Original version (NS protocol) broken — use this variant instead.

The protocol: 

A --> B: P_B(k_1,A)
A <== B: P_A(k_1,k_2,B)
A --> B: P_B(k_2)

using public-key crypto - signature

Retrieved from "https://miki.immie.org/mediawiki/index.php?title=Security_protocols&oldid=6127"