|Previous||Table of Contents||Next|
A common cryptographic technique is to encrypt each individual conversation with a separate key. This is called a session key, because it is used for only one particular communications session. As discussed in Section 8.5, session keys are useful because they only exist for the duration of the communication. How this common session key gets into the hands of the conversants can be a complicated matter.
Key Exchange with Symmetric Cryptography
This protocol assumes that Alice and Bob, users on a network, each share a secret key with the Key Distribution Center (KDC) Trent in our protocols. These keys must be in place before the start of the protocol. (The protocol ignores the very real problem of how to distribute these secret keys; just assume they are in place and Mallory has no idea what they are.)
This protocol relies on the absolute security of Trent, who is more likely to be a trusted computer program than a trusted individual. If Mallory corrupts Trent, the whole network is compromised. He has all of the secret keys that Trent shares with each of the users; he can read all past communications traffic that he has saved, and all future communications traffic. All he has to do is to tap the communications lines and listen to the encrypted message traffic.
The other problem with this system is that Trent is a potential bottleneck. He has to be involved in every key exchange. If Trent fails, that disrupts the entire system.
Key Exchange with Public-Key Cryptography
The basic hybrid cryptosystem was discussed in Section 2.5. Alice and Bob use public-key cryptography to agree on a session key, and use that session key to encrypt data. In some practical implementations, both Alices and Bobs signed public keys will be available on a database. This makes the key-exchange protocol even easier, and Alice can send a secure message to Bob even if he has never heard of her:
While Eve cannot do better than try to break the public-key algorithm or attempt a ciphertext-only attack on the ciphertext, Mallory is a lot more powerful than Eve. Not only can he listen to messages between Alice and Bob, he can also modify messages, delete messages, and generate totally new ones. Mallory can imitate Bob when talking to Alice and imitate Alice when talking to Bob. Heres how the attack works:
Even if Alices and Bobs public keys are stored on a database, this attack will work. Mallory can intercept Alices database inquiry and substitute his own public key for Bobs. He can do the same to Bob and substitute his own public key for Alices. Or better yet, he can break into the database surreptitiously and substitute his key for both Alices and Bobs. Then he simply waits for Alice and Bob to talk with each other, intercepts and modifies the messages, and he has succeeded.
This man-in-the-middle attack works because Alice and Bob have no way to verify that they are talking to each other. Assuming Mallory doesnt cause any noticeable network delays, the two of them have no idea that someone sitting between them is reading all of their supposedly secret communications.
The interlock protocol, invented by Ron Rivest and Adi Shamir , has a good chance of foiling the man-in-the-middle attack. Heres how it works:
The important point is that half of the message is useless without the other half; it cant be decrypted. Bob cannot read any part of Alices message until step (6); Alice cannot read any part of Bobs message until step (7). There are a number of ways to do this:
|Previous||Table of Contents||Next|