Cryptography Reference
In-Depth Information
On page 180, we discussed and illustrated an impersonation attack on PKCs.
One mechanism for thwarting such attacks is for Alice to get a random number
r
from Bob, sign it with her private key
d
, which Bob can then verify. This is
illustrated in Diagram 5.1.
Diagram 5.1 (Challenge-Response Protocol)
r
←−−−−
−−−−→
d
(
r
)
✞
✞
Alice
Bob
−−−−−−−−−→
✝
✆
✝
✆
e
(
d
(
r
)) =
r
The random number
r
is the
challenge
from Bob to which Alice returns the
response
d
(
r
).
Three-Way Authentication and Key Agreement
Basic Assumptions
: In order to describe the scheme we need a PKC,
whose encryption we will denote by
E
and whose decryption we will denote by
D
. We also need a DSS with signature and verification pair (sig
,
ver). Moreover,
Alice and Bob have two keypairs, their PKC keypairs (
e
A
,d
A
), (
e
B
,d
B
),
respectively, and their DSS key pairs (
s
A
,v
A
) and (
s
B
,v
B
), respectively. Also,
I
A
and
I
B
are their respective identitydata strings. The goal is for Alice and
Bob to agree on a session keyand mutual authentication.
Protocol Steps
:
1. Alice selects a nonce
r
A
and sets
t
=(
I
B
,r
A
), signs it, sig
s
A
(
t
), and sends
m
1
=(
t,
sig
s
A
(
t
)) to Bob.
2. Bob verifies Alice's signature, and chooses a nonce
r
B
and a random session
key
k
. He enciphers
k
with Alice's public key,
E
e
A
(
k
)=
c
, sets
t
1
=(
I
A
,r
A
,r
B
,c
)
,
and signs it, sig
s
B
(
t
1
). Then he sends
m
2
=(
t
1
,
sig
s
B
(
t
1
)) to Alice.
3. Alice verifies Bob's signature, and checks that her
r
A
matches the one
she generated in step 1. Once verified, she now is convinced that she is
communicating with Bob. She gets
k
via
D
d
A
(
c
)=
D
d
A
(
E
e
A
(
k
)) =
k,
sets
t
2
=(
I
B
,r
B
) and signs it, sig
s
A
(
t
2
).
Then she sends
m
3
=
(
t
2
,
sig
s
A
(
t
2
)) to Bob.
4. Bob verifies Alice's signature and checks that
r
B
matches his choice in
step 2. If both verifications pass muster, Alice and Bob have mutually
authenticated each other's identities and have agreed upon session key
k
.
Search WWH ::
Custom Search