3
$\begingroup$

a) Alice just generated a new pair of public and private RSA keys (pkA , skA ) = ((N, e), d) and would like to start a private conversation with Bob. How can Alice interact with Bob and exchange a symmetric key? Describe a key exchange protocol between them which is secure against an eavesdropper adversary.

b) Fully specify a Man-in-The-Middle (MiTM) attack attack against the key exchange protocol you described above.

c) Assume now that Alice and Bob are very old friends and that Bob already knows a public key pkA owned by Alice. How can you improve the above protocol in such a way that Bob can detect the presence of a MiTM? Can Alice also detect the presence of a MiTM?

In part a) I defined a protocol using the idea behind D Hellman, so this is vulnerable to MiTM. However, I dont know how to work out part c

Improve this question
$\endgroup$
6
  • $\begingroup$ "I defined a protocol using the idea behind D Hellman" - So you're doing a standard diffie-hellman key exchange, just with RSA private keys and a (random) message? $\endgroup$
    – SEJPM
    Commented Dec 12, 2015 at 21:59
  • $\begingroup$ yes, I did that $\endgroup$
    – santteegt
    Commented Dec 12, 2015 at 22:07
  • 1
    $\begingroup$ So, for part c) Should I use digital signatures ? $\endgroup$
    – santteegt
    Commented Dec 12, 2015 at 22:32
  • 1
    $\begingroup$ @Santiago Gonzalez Toral: I'm afraid that you over-engineered your protocol in a) and that sent you on tracks far from what the problem's author is trying to guide you. What you have been asked in a) [be secure against an adversary assumed not to send any message] can be done simply, with RSA encryption alone. Hint: Alice first sends a non-encrypted message to Bob; after the second message, Bob and Alice have their shared secret key. $\;$ When you use this simple protocol, b) and c) becomes easy. Hint: some of the shared secret can be devoted to protection against MiTM. $\endgroup$
    – fgrieu
    Commented Dec 13, 2015 at 11:23
  • 1
    $\begingroup$ 1. Alice sends a public key to Bob 2. Bob generates a temporary symmetric key and encrypts it with Alice's public key. Then, he sends the ciphertext to Alice. 3. Alice decrypts it using her private key. Now, both Alice and Bob have a shared key. MiTM ---- Even if, the attacker intercepts communication between Alice and Bob, he is unable to recover the symmetric key because he doesn't have Alice's private key. Right? $\endgroup$
    – santteegt
    Commented Dec 13, 2015 at 17:49

1 Answer 1

Reset to default
4
$\begingroup$

You need an authentic channel from Alice to Bob to get a secret channel from Bob to Alice. This assumption is missing in a), so anyone in control of the communication channel can play man in the middle on any protocol.

As long you don't have a secret channel from Alice to Bob or an authentic channel from Bob to Alice, Alice will never (= for any protocol) be sure who is sending her the secret messages.

See U. Maurer, P. Schmid, A calculus for secure channel establishment in open networks, ESORICS' 94, LNCS 875, pp 175-192.

Improve this answer
$\endgroup$

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.