Security Protocols I - Information Security

More documents

Recommendations

Info

Sebastian Mödersheim 17Building a key establishment protocol (11)s 1. a, b2. {|kab|} sk(a,s) , {|kab|} sk(b,s) a3. {|kab|} sk(b,s) , a i3 ′ . {|kab|} sk(b,s) , D b• The result of this attack will depend on the scenario in which theprotocol is used, but may include such actions as b giving awayinformation to a which should have been shared only with D.• Although i does not obtain kab, we can still regard the protocolas broken since it does not satisfy the requirement that the usersshould know who else knows the session key.• But there is also another (more serious) attack:FMSEC Module 2, v.2 28.09.2009
Sebastian Mödersheim 18Building a key establishment protocol (12)1. a, bi 1 ′ . a,i2 ′ . {|kai|} sk(a,s) , {|kai|} sk(i,s) s2. {|kai|} sk(a,s) , {|kai|} sk(i,s) a3. {|kai|} sk(i,s) , a i• i alters the message from a to s so that s generates a key kai fora and i and encrypts it with the key sk(i, s) of the intruder.• Since a cannot distinguish between encrypted messages meant forother principals she will not detect the alteration. Note also that◮ kai is simply a formal name for the bit-string representing the session key, soit will be accepted by a.◮ i intercepts the message from a intended for b so that a will not detect anyanomaly.FMSEC Module 2, v.2 28.09.2009
Page 1 and 2: Security Protocols IIntroductionSeb
Page 3 and 4: Sebastian Mödersheim 2Good Crypto
Page 5 and 6: Sebastian Mödersheim 4Motivation
Page 7 and 8: Sebastian Mödersheim 6Road map•
Page 9 and 10: Sebastian Mödersheim 8Building a k
Page 11 and 12: Sebastian Mödersheim 1. A, B10Buil
Page 13 and 14: Sebastian Mödersheim 1. A, B12Buil
Page 15 and 16: Sebastian Mödersheim 14Building a
Page 17: Sebastian Mödersheim 16Building a
Page 24 and 25: iSebastian Mödersheim 23Building a
Page 32 and 33: Sebastian Mödersheim 31ExerciseCan
Page 34 and 35: Sebastian Mödersheim 33Summary: Co
Page 36 and 37: Sebastian Mödersheim 35Summary: Pr
Page 38 and 39: Sebastian Mödersheim 37An authenti
Page 40 and 41: Sebastian Mödersheim 39Informal Co
Page 42 and 43: Sebastian Mödersheim 41Man-in-the-
Page 44 and 45: Sebastian Mödersheim 43Assumptions
Page 46 and 47: Sebastian Mödersheim 45Examples of
Page 48 and 49: Sebastian Mödersheim 47Type flaw a
Page 50 and 51: Sebastian Mödersheim 49Type flaw a
Page 52 and 53: Sebastian Mödersheim 51Example of
Page 54 and 55: Sebastian Mödersheim 53Example of
Page 56 and 57: Sebastian Mödersheim 55. . . and s
Page 58 and 59: Sebastian Mödersheim 57Prudent eng
Page 60: Sebastian Mödersheim 59Bibliograph

Security Protocols I - Information Security

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?