Security Protocols I - Information Security

More documents

Recommendations

Info

iSebastian Mödersheim 23Building a key establishment protocol (17)a 1. a, b 2. {|kab ′ , b|} sk(a,s) , {|kab ′ , a|} sk(b,s)3. {|kab ′ , a|} sk(b,s)• The replay attack can still be regarded as successful even if i hasnot obtained the value of kab ′ :◮ i has succeeded in making a and b accept an old session key!◮ The attack allows i to replay messages protected by kab ′ whichwere sent in the previous session.• Of course: provided that a and b don’t check the key!◮ “Principals don’t think” but just follow the protocol.◮ Various techniques may be used to allow principals to checkthat session keys have not been replayed, e.g. thechallenge–response method:Def.: A nonce (“a number used only once”) is a randomvalue generated by one principal and returned to thatprincipal to show that a message is newly generated.FMSEC Module 2, v.2 28.09.2009b
Sebastian Mödersheim 24Building a key establishment protocol (18)A1. A, B, N A S2. {|K AB , B, N A , {|K AB , A|} sk(B,S) |} sk(A,S)3. {|K AB , A|} sk(B,S) 4. {|N B |} KAB5. {|N B −1 |} KAB B• A sends her nonce N A to S with the request for a new key.• If this same value is received with the session key, then A candeduce that the key has not been replayed.This deduction will be valid as long as session key and nonce are bound togethercryptographically in such a way that only S could have formed such a message.FMSEC Module 2, v.2 28.09.2009
Page 1 and 2: Security Protocols IIntroductionSeb
Page 3 and 4: Sebastian Mödersheim 2Good Crypto
Page 5 and 6: Sebastian Mödersheim 4Motivation
Page 7 and 8: Sebastian Mödersheim 6Road map•
Page 9 and 10: Sebastian Mödersheim 8Building a k
Page 11 and 12: Sebastian Mödersheim 1. A, B10Buil
Page 13 and 14: Sebastian Mödersheim 1. A, B12Buil
Page 15 and 16: Sebastian Mödersheim 14Building a
Page 19: Sebastian Mödersheim 18Building a
Page 32 and 33: Sebastian Mödersheim 31ExerciseCan
Page 34 and 35: Sebastian Mödersheim 33Summary: Co
Page 36 and 37: Sebastian Mödersheim 35Summary: Pr
Page 38 and 39: Sebastian Mödersheim 37An authenti
Page 40 and 41: Sebastian Mödersheim 39Informal Co
Page 42 and 43: Sebastian Mödersheim 41Man-in-the-
Page 44 and 45: Sebastian Mödersheim 43Assumptions
Page 46 and 47: Sebastian Mödersheim 45Examples of
Page 48 and 49: Sebastian Mödersheim 47Type flaw a
Page 50 and 51: Sebastian Mödersheim 49Type flaw a
Page 52 and 53: Sebastian Mödersheim 51Example of
Page 54 and 55: Sebastian Mödersheim 53Example of
Page 56 and 57: Sebastian Mödersheim 55. . . and s
Page 58 and 59: Sebastian Mödersheim 57Prudent eng
Page 60: Sebastian Mödersheim 59Bibliograph

Security Protocols I - Information Security

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?