Cryptography Reference
In-Depth Information
security. We will look at an example and discuss it. The protocol by the catchy
name of
wide-mouth frog
we are looking at uses one single symmetric method.
1. Using a trustworthy server, Alice and Bob independently of one another
agree on secret keys; Alice picks
Sa
while Bob picks
Sb
. Only the server
knows both keys.
2. Alice generates a session key,
Ss
, and creates a timestamp,
T
A
(which
is a unique byte sequence showing the current time). She concatenates
Bob's name,
B
, and the timestamp and the key, and encrypts the byte
sequence thus created using the secret key,
Sa
. She then sends the cipher
together with her name,
A
, to the server:
A, E
Sa
(T
A
, B, Ss)
(As usual,
E
Sa
()
denotes the encryption by use of key
S
a
.)
3. The server decrypts Alice's message. The server can do this, because
Alice's name readably precedes the message, and because it also knows
Sa
. The server creates a new timestamp,
T
B
, and sends the following to
Bob:
E
Sb
(T
B
, A, Ss)
4. Bob can decrypt this message and recognize both Alice's name and the
session key from it. Their secret communication can now begin.
You will probably ask: 'If both Alice and Bob agree on secret keys with a
server, why don't they agree on a key directly?' There are at least two reasons.
First, such a server can secure the communication of perhaps 100 users. If each
pair of communicators were to directly agree on keys, then there would be 5050
different keys, 99 per user. This is impracticable, and the consequence is that
each converser would use only a few keys. The second reason actually results
from the first:
one
negligent user storing other people's keys readably on his
disk would be enough to compromise many others. Within the wide-mouth frog
protocol, one negligent user would compromise only himself.
Another thing: timestamps seem to be unnecessary with this protocol. Though
the method can certainly do without them, Mallory could exploit this situation
and mount a
replay attack
:
