Cryptography Reference
In-Depth Information
Alice wants to transmit encrypted messages to Bob and sends him an email:
'Please mail me your public key.' Bob receives the mail and sends Alice the
key. Alice gets the key, sends the encrypted message, and Bob can actually read
it — without doubt a message from Alice, or so he thinks. In reality, however,
Mallory, the intruder, listened in on everything. He is the administrator of the
firewall computer, bribed by the competition, through which all emails flow in
Alice's company. How did he do it?
First, Mallory read Alice's request to Bob to send her the public key. Then
Mallory intercepted Bob's reply, i.e., Bob's public key. In its place, however,
he sent his
own
public key to Alice. From then on, he could decrypt and read
every mail from Alice to Bob, and then re-encrypt the session key with Bob's
public key and send it to Bob. It is not difficult at all to have a computer
program handle this procedure.
This attack is known as the
man-in-the-middle attack
. Mallory sits virtually
in the middle of the line, pretending toward both conversers to be the respective
other one.
The Interlock Protocol
There are several possibilities to prevent this attack. An easy-to-implement
method that does without a trustworthy third party called
interlock protocol
was invented by Rivest and Shamir in 1984. When using this protocol, Alice
and Bob have to send each other messages that allow each one of them to
recognize that a message clearly originates from the other one. The protocol
works like this:
1. Alice and Bob send each other their public keys. Like before, Mallory
could use his own keys.
2. Alice encrypts an individual, but not too confidential, message with the
public key she obtained (which might be Bob's or Mallory's). From
this message, however, she sends only a part that cannot be decrypted to
Bob. If the asymmetric method used is a block algorithm, then she could,
for instance, send only the left half of each block. Or she sends only
the bits or bytes in uneven positions within the message. Or she uses
the CBC mode and leaves the initialization vector (will be explained in
Section 5.1.1) out.
3.
After
he receives the first part, Bob proceeds similarly: he sends Alice
a part of an encrypted message that cannot be decrypted.
