Cryptography Reference
In-Depth Information
•
Mallory intercepts the message the server sends to Bob in Step 3 above.
Though he can't decrypt it, he knows from snooping on the server activ-
ities that it came on Alice's request.
•
At a later point in time, Mallory pretends to be the server and sends
the intercepted message once more to Bob. For example, Mallory waits
until Alice wants to communicate again with Bob and replaces the server
message in Step 3 by the old message. Similarly, he can send the message
regardless of Alice's activities.
•
Bob doesn't check whether or not session key
Ss
had been used before,
since that would be pretty cumbersome. He assumes that Alice wants
to tell him something and unsuspectingly starts sending
Ss
-encrypted
messages to Alice. Or he waits for a note from Alice.
At this point, Mallory has several options: he can send some junk data to Bob;
he can have Alice and Bob 'communicate' with different session keys (which
won't work, of course); he can snatch one of Bob's requests and pretend Alice
had been kidnapped. Any of these options would perhaps make both of them
panic, which is absolutely in Mallory's interest.
This form of disturbing a channel (without anybody being able to identify the
initiator) is a
denial-of-service attack
at the same time. The main goal of this
attack is to impair or bring down a system without being able to identify the
initiator rather than intercepting or forging data.
Naturally, the protocol also has drawbacks:
•
If Alice happens to create bad keys, she can cause threats to Bob.
•
If the centralized server is compromised, then all users are compromised
at once.
•
Using timestamps means that the clocks of all computers have to run
synchronously. This is not a trivial problem: programs used by time-
announcing services, of all programs, often have security flaws. A radio
clock for each computer is normally too expensive. The administrator
could forget to manually adjust the clock, or it may be too costly.
The problem of choosing keys is handled better by other protocols. In
Ker-
beros
, for example, two trustworthy services create and distribute session keys,
among other things. Kerberos is rather complicated and will not be discussed
here any further.
