Cryptography Reference
In-Depth Information
4. When Alice tries to log herself into Bob's computer, Bob sends her two
public keys: the server key and the public host key. Alice checks whether
or not the public host key matches the locally stored key.
5. If it does, then Alice creates a random session key, and encrypts it
using the
two public keys
of Bob's computer
consecutively
, and sends
the cipher to Bob. From then onwards, the entire message traffic is
encrypted. This has interesting consequences:
Bob needs
two
private keys to decrypt the session key. If Mallory suc-
ceeds in breaking into the server (Bob's computer) and stealing both
private keys, he can decrypt Bob's network traffic of the last hour at
most, because the server key is changed every hour. The public host key
is still required, because only this key authenticates the server.
This method is an important improvement versus the usual hybrid meth-
ods. But it can be used only in direct network contact. This is the reason
why it is not a choice for PGP, since the mail end nodes don't have to
be continually connected. Email can be 'buffered', sometimes even for
days in earlier times.
6. Now Alice knows almost for sure that she is communicating with Bob's
computer. But Bob wants to be sure Mallory is not pretending to be
Alice: Alice has to be authenticated. That's where the user authentication
key comes into play.
Bob uses Alice's user authentication key to encrypt a 256-bit random
number. He sends this number to Alice. Alice knows the corresponding
private component and can compute the random number and return it.
This authenticates her.
Here too, Yl onen recognized a potential risk: if Mallory broke into the
server, he could mount a chosen-ciphertext attack against RSA (see
Section 4.5.3). For example, he could do the following:
•
Alice tries to log into Bob's computer, but actually communicates
with Mallory's computer. While Alice is busy doing Steps 4 and 5.
•
Mallory starts a session on Carol's computer. He pretends to be Alice
and waits to get the 256-bit random number encrypted with Alice's
public key from Carol.
•
He sends this number to Alice, who has no idea what's going on, and
•
Returns the decrypted value to Mallory. Mallory forwards the value
to Carol and authenticates himself as Alice.
