Download presentation

Presentation is loading. Please wait.

Published byKeaton Hingson Modified over 2 years ago

1
Interlock Protocol - Akanksha Srivastava 2002A7PS589

2
Motivation Prior establishment of secret / public keys or passwords. Public Key Cryptography – communicate securely without prior arrangement. Let α,β be large publicly known numbers. A wants to talk to B. A and B pick random numbers – A R and B R respectively.

3
Exponential Key Exchange Protocol A B α A R mod β α B R mod β Thus, A and B can calculate the shared key as α A R B R mod β

4
Vulnerable to – MITM attack A Z B α A R mod β α Z R mod β α B R mod β α Z’ R mod β Here, A and Z can compute the key as (α A R ) Z’ R mod β Ξ (α Z ’R ) A R mod β Ξ α A R Z’ R mod β

5
Similarly, Z and B can compute the key as (α Z R ) B R mod β Ξ (α B R ) Z R mod β Ξ α Z R B R mod β After the key exchange, message M should be sent across to B by A as E a,b (M) ie message M, (say, its password for authentication) encrypted using the private key derived from the exponential key exchange. Instead, A sends its password P A across as E a,z’ (P A ) which is intercepted by Z, decrypted using its private key α A R Z’ R mod β. He, then encrypts it using B’s public key and sends it to B as E Z,B (P A ). B responds with its Password P B encrypted as E Z,B (P B ) which is again deciphered by Z and forwarded as E z’,a (P B ).

6
Implication A decrypts E a,z’ (P B ) to get P B, hashes it and matches it with the stored hash and verifies it to be correct. Similarly, B authenticates “A” as genuine. A and B communicate oblivious of the presence of the man-in-the-middle (Z). Z knows not only knows the keys used by A and B to encrypt messages but also their passwords. Z can not only eavesdrop on all the messages exchanged between A and B but can also change them or substitute them with new ones. Z, aware of the passwords of A and B can potentially sneak into the information not explicitly exchanged by A and B during the session.

7
Solution (suggested by Davies and Price) – Interlock Protocol Originally proposed by R.L. Rivest and A. Shamir. Based on the “interlocking” of message halves, such that incomplete message is unintelligible to Z.

8
Actual Model AB E a,b (P A )(1) E a,b (P B )(1) E a,b (P B )(2) E a,b (P A )(2) This time, even if Z eavesdrops on the 1 st half of password sent by A, it will not be able to decrypt it until the 2 nd half is received. This means Z will not be able to re-encrypt it using its shared key with B. Similar is the case with B’s half –password. So, A and b can detect if Z tries to intrude after the passwords have been exchanged.

9
Bellovin – Merritt Attack AZ E z’,a (P A )(1) E z’,a (P A )(2) E z’,a (P ? )(1)

10
Bellovin – Merritt attack (Contd…) Z B E z,b (P A )(1) E z,b (P B )(1) E z,b (P A )(1) E z,b (P B )(2)

11
A case of interest here, can be on where A is the user and B is the host. This means B would need to send the first data so that A can verify it be genuine before it sends it password. This would require z to first obtain P B and then communicate with A.

12
Forced Latency Interlock Protocol Here, B (say, the server) delays its responses each time (say, by time Dt) A sends messages across. A ZB KaKz Kz’Kb E a,z’ (P A )(1) E a,z’ (P A )(2) E a,z’ (P ? )(1) E a,z’ (P ? )(2) E b,z (P A )(1) E b,z (P B )(1) E b,z (P A )(2) E b,z (P B )(2) (Dt) data

13
Implications After A has sent its password, it receives data only after Dt * 2 time intervals, whereas it was expecting the data after Dt. This detects the presence of Z. But, Z could also keep communicating with A, posing as B and not talk to B at all. This means there would be no delays. This means, Interlock Protocol with latency can prevent a third party from eavesdropping on the communication but cannot provide authentication.

14
Thanks!

Similar presentations

OK

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google

Ppt on motion for class 9 free download Download ppt on oxidation and reduction reaction Ppt on stock market Ppt on chemical properties of metals and nonmetals Ppt on founder of facebook Ppt on bluetooth wireless technology Ppt on bacterial zoonoses Ppt on traffic light controller using verilog 3d holographic display ppt on tv Ppt on credit default swaps 60