423501
Description
Mind Map by Craig Parker, updated more than 1 year ago
|
Created by Craig Parker
over 10 years ago
|
|
U4.4 Encryption Based Unilateral
authentication protocol
- Alice messages Bob >Hi, its Alice
- A-->B "Hi Bob its Alice
- A-->B "Hi Bob its Alice
- Bob responds with a random bit string as a challenge
- B --> A : R
- As its a random string it cant easily be predicted by an attacker
- As its a random string it cant easily be predicted by an attacker
- B --> A : R
- Alice responds by sending an encryption of the challenge
concatenated with Bobs ID using their shared key K
- A--> B: {R II B}K
- Bob decrypts the message and checks the plaintext contains his challenge
- Bob can be sure this message came from Alice because they share a secret
key, because it includes Bob's identity he knows he didnt generate it humself
- This also means the message cant be a replay
because it contains the challenge himself
- Bob can be sure this message came from Alice because they share a secret
key, because it includes Bob's identity he knows he didnt generate it humself
- A--> B: {R II B}K
- Random Challenges
- An attacker (M) even if he sees the challenge cant
prepare a response cos he doesnt know the Key K
- If M could predict the challenge he could impersonate Bob issue
the predicted challenge and get A's response (encrypted with key)
- Later M impersonates Alice, when Bob issues the
challenge M sends the one he got from A to Bob
- Replaying messages later = replay attack
- Replaying messages later = replay attack
- Later M impersonates Alice, when Bob issues the
challenge M sends the one he got from A to Bob
- If M could predict the challenge he could impersonate Bob issue
the predicted challenge and get A's response (encrypted with key)
- An attacker (M) even if he sees the challenge cant
prepare a response cos he doesnt know the Key K
- As soon as this protocol is complete it could be hijacked
- Therefore only providing a guarantee at time of authentication
- Therefore only providing a guarantee at time of authentication
Want to create your own Mind Maps for free with GoConqr? Learn more.