Discussion:
Question on Public Key Cryptography
(too old to reply)
mmp
2004-10-05 15:57:26 UTC
Permalink
1. A sends to B
(A, EKUb[M], B)

2. B sends to A
(B, EKUa[M], A)

EKuUb->Public Key of B
EKuUa->Public Key of A

The format of the above notation is (sender, message, receiver)

This protocol can be attacked using Man-in-the-middle attack.

William Stallings in his book on Cryptography suggests that, if slight
changes are made to this protocol, it is resistant to
Man-in-the-middle attack.

1. A sends to B
(A, EKUb[M, A], B)

2. B sends to A
(B, EKUa[M, B], A)

In the above protocol, A adds his name to the message before
encrypting it with B's public key. I cannpt understand how this will
prevent the attack on the first protocol. Can anyone come up with any
ideas?

Your ideas will be greatly appreciated,

Thanks,
mmp
DEMAINE Benoit-Pierre
2004-10-09 17:20:27 UTC
Permalink
| 1. A sends to B
| (A, EKUb[M, A], B)
|
| 2. B sends to A
| (B, EKUa[M, B], A)
|
| In the above protocol, A adds his name to the message before
| encrypting it with B's public key. I cannpt understand how this will
| prevent the attack on the first protocol. Can anyone come up with any
| ideas?

Try a MID by M:

M wants to be able to open all messages:
A sends to M
(A, EKUb[M, A], B)

if M wants to change the message, he need the private key of B ( since
the message in computed by A with B's key
What can do M ? nothing without B's private key. Just forward the
message as is.

M forward the message to B.

B receives the message af A, untouched.

- --
DEMAINE Beno<EE>t-Pierre http:/www.demaine.info/
\_o< apt-get remove ispell >o_/
There're 10 types of people: those who can count in binary and those who
can't
Bill Stallings
2004-10-09 19:05:49 UTC
Permalink
Post by mmp
1. A sends to B
(A, EKUb[M], B)
2. B sends to A
(B, EKUa[M], A)
EKuUb->Public Key of B
EKuUa->Public Key of A
The format of the above notation is (sender, message, receiver)
This protocol can be attacked using Man-in-the-middle attack.
William Stallings in his book on Cryptography suggests that, if slight
changes are made to this protocol, it is resistant to
Man-in-the-middle attack.
1. A sends to B
(A, EKUb[M, A], B)
2. B sends to A
(B, EKUa[M, B], A)
In the above protocol, A adds his name to the message before
encrypting it with B's public key. I cannpt understand how this will
prevent the attack on the first protocol. Can anyone come up with any
ideas?
Your ideas will be greatly appreciated,
Thanks,
mmp
This is not a classic man in the middle attack. The discussion in the
book refers to a specialized protocol, in which A sends a message to B,
and B acknowledges by returning the same message, with the message
encrypted with the destination's public key in both directions. Without
the inclusion of the identifier of the sender in the encrypted portion,
an attacker in the middle can defeat the protocol.

Bill Stallings



/ Descriptions and errata sheets for my current books
/ and info on forthcoming books: WilliamStallings.com
/
/ Visit Computer Science Student Resource site:
/ WilliamStallings.com/StudentSupport.html
Bill Stallings
2004-12-14 07:08:08 UTC
Permalink
(August 1987) as
saying, "I visualize a time when we will be to robots what dogs are to
humans, and I'm rooting for the machines."

29. (Paragraph 154) This is no science fiction! After writing
paragraph 154 we came across an article in Scientific American
according to which scientists are actively developing techniques for
identifying possible future criminals and for treating them by a
combination of biological and psychological means. Some scientists
advocate compulsory application of the treatment, which may be
available in the near future. (See "Seeking the Criminal Element", by
W. Wayt Gibbs, Scientific American, March 1995.) Maybe you think this
is OK because the treatment would be applied to those who might become
drunk drivers (they endanger human life too), then perhaps to peel who
spank their children, then to environmentalists who sabotage logging
equipment, eventually to anyone whose behavior is inconvenient for the
system.

30. (Paragraph 184) A further advantage of nature as a counter-ideal
to technology is that, in many people, nature inspires the kind of
reverence that is associated with religion, so that nature could
perhaps be idealized on a religious basis. It is true that in many
societies religion has served as a support and justification for the
established order, but it is also true that religion has often
provided a basis for rebellion. Thus it may be useful to introduce a
religious element into the rebellion against technology, the more so
because Western society today has no strong religious foundation.

Religion, nowadays either is used as cheap and transparent support for
narrow, short-sighted selfishness (some conservatives use it this
way), or even is cynically exploited to make easy money (by many
evangelists), or has degenerated into crude irrationalism
(fundamentalist Protestant sects, "cults"), or is simply stagnant
(Catholicism, main-line P

Loading...