Download presentation
Presentation is loading. Please wait.
1
7.3 Scheme (figure) A KDC B (1) A, Eka(Na) (2) A, Eka(Na), B, Ekb(Nb) (3) Ekb(Ks,A,Nb), Eka(Ks,B,Na) (4) Eka(Ks,B,Na)
2
7.3 Scheme (1) The sender A sends a message to Receiver B, including the identity A and a nonce Na encrypted by Ka. ( This means only A & KDC can know Na. ) (2) The receiver B issues a request to the KDC for a session key. The message includes the inf. of (1) and identity B, and a nonce Nb encrypted by Kb.
3
7.3 Scheme (cont.) (3) The KDC responds with 2 messages encrypted using Ka and Kb. So B can read the inf. in the message encrypted by Kb. This includes 3 item: session key Ks, the identity of target, and the nonce Nb ( enable B to check if the message was send by KDC ). (4) B sends another message to A. And the message includes the same inf. with (3).
4
7.3 優點 顯然的,四個步驟比 fig 7-9 少了一個 步驟 … 傳遞的訊息都有對稱性,容易理解。 如: (2) A, Eka(Na) with B, Ekb(Nb) and (3) Ekb(Ks,A,Nb), Eka(Ks,B,Na)
5
7.3 缺點 因為 receiver B 沒有在送出 message of (4) 之 後,要求 A 送回一個訊息做 Authentication 的 動作。 (1) 有可能只是外人送來的假訊息,並 不是真的是 sender A 送的也說不一定。 (3) 這個步驟送的訊息分別由 Ka & Kb 來加密, 這並不是一個好的做法,一般來說,傳送的訊 息越少人知道越好。可以考慮把 (3) 改成 Ekb( Ks,A,Nb, Eka(Ks,B,Na) )
6
7.4 Holmes ’ question B A KDC A,Eka[R],B Ekb[R] Ekb[R], Er[M] Weakness ! Don ’ t authenticate Users who send him a request
![7.4 Holmes ’ question B A KDC A,Eka[R],B Ekb[R] Ekb[R], Er[M] Weakness .](http://images.slideplayer.com/17/5310156/slides/slide_6.jpg "Don ’ t authenticate Users who send him a request.")
7
7.4 Holmes question He sends the server the name A, the destination B and the intercepted message EKA[R]. Since the server does not authenticate A, it does not know that in truth it's another user Z requesting to talk to Ben. In fact, this man Kane could have access to B's computer. If he knows B's secret key, then his work is done.
![7.4 Holmes question He sends the server the name A, the destination B and the intercepted message EKA[R].](http://images.slideplayer.com/17/5310156/slides/slide_7.jpg "Since the server does not authenticate A, it does not know that in truth it s another user Z requesting to talk to Ben. In fact, this man Kane could have access to B s computer. If he knows B s secret key, then his work is done..")
8
7.4 Holmes question Get Kb -> decrypt Ekb[R] -> know R -> decrypt Er[M] -> know M !
![7.4 Holmes question Get Kb -> decrypt Ekb[R] -> know R -> decrypt Er[M] -> know M !](http://images.slideplayer.com/17/5310156/slides/slide_8.jpg "7.4 Holmes question Get Kb -> decrypt Ekb[R] -> know R -> decrypt Er[M] -> know M !")
9
Problem of 9.1 A. M1 = 5 4 2 3 1 M2 = 5 2 3 4 1 4 2 5 1 3 1 3 2 4 5 3 1 4 2 5 2 5 3 4 1 M3 = k=1, f1(1) = 5 f3(f2(f1(k),p),k) = p p=1, f2(5,1) = 2 -> f3(2,1) = 1 P=2, f2(5,2) = 5 -> f3(5,1) = 2 P=3, f2(5,3) = 3 -> f3(3,1) = 3 P=4, f2(5,4) = 4 -> f3(4,1) = 4 P=5, f2(5,5) = 1 -> f3(1,1) = 5 2 4 1 5 4 2 3 2 1 5 2 3 3 1 4 4 5 3 5 1 1 2 3 4 5
10
Problem of 9.1 B. Encrypt : plaintext p, secret key k ciphertext c = f2(f1(k),p) Decrypt : ciphertext c, secret key k plaintext p = f3(c,k) why ? ( f3(f2(f1(k),p),k) = p )
11
Problem of 9.1 C. We know the mechanism (M1,M2,M3) and the cipher text, if we don ’ t know the secret key, we can ’ t know the plaintext ! ( Bruce force attack : need n! time )
Similar presentations
