Cryptography Reference
In-Depth Information
2. Verify all three certificates.
3. Compute the three session keys
k
AB
,
k
AC
and
k
BC
.
13.13.
Assume Oscar attempts to use an active (substitution) attack against the
Diffie-Hellman key exchange with certificates in the following ways:
1. Alice wants to communicate with Bob. When Alice obtains C(B) from Bob, Os-
car replaces it with (a valid!) C(O). How will this forgery be detected?
2. Same scenario: Oscar tries now to replace only Bob's public key
b
B
with his own
public key
b
O
. How will this forgery be detected?
13.14.
We consider certificate generation with CA-generated keys. Assume the sec-
ond transmission of (Cert
A
,
k
pr
,
A
) takes place over an authenticated but insecure
channel, i.e., Oscar can read this message.
1. Show how he can decrypt traffic which is encrypted by means of a Diffie-
Hellman key that Alice and Bob generated.
2. Can he also impersonate Alice such that he computes a DH key with Bob without
Bob noticing?
13.15.
Given is a user domain in which users share the Diffie-Hellman parame-
ters
and
p
. Each user's public Diffie-Hellman key is certified by a CA. Users
communicate securely by performing a Diffie-Hellman key exchange and then en-
crypting/decrypting messages with a symmetric algorithm such as AES.
Assume Oscar gets hold of the CA's signature algorithm (and especially its pri-
vate key), which was used to generate certificates. Can he now decrypt old cipher-
texts which were exchanged between two users before the CA signature algorithm
was compromised, and which Oscar had stored? Explain your answer.
α
13.16.
Another problem in certificate systems is the authenticated distribution of the
CA's public key which is needed for certificate verification. Assume Oscar has full
control over all of Bob's communications, that is, he can alter all messages to and
from Bob. Oscar now replaces the CA's public key with his own (note that Bob has
no means to authenticate the key that he receives, so he thinks that he received the
CA public key.)
1. (Certificate issuing) Bob requests a certificate by sending a request containing
(1) Bob's ID
ID
(
B
) and (2) Bob's public key
B
from the CA. Describe exactly
what Oscar has to do so that Bob doesn't find out that he has the wrong public
CA key.
2. (Protocol execution) Describe what Oscar has to do to establish a session key
with Bob using the authenticated Diffie-Hellman key exchange, such that Bob
thinks he is executing the protocol with Alice.
13.17.
Draw a diagram that shows a key transport protocol shown in Fig. 6.5 from
Sect. 6.1, in which RSA encryption is used.
