protocols part 2 - public key

Question 1

why is key establishment needed?

Answer 1

protocol possible as A and B share a key

Question 2

how to set up a session key

Answer 2

using key establishment protocol

Question 3

how to ensure secure communication is happening

Answer 3

use eachothers public key:
- only one party has private keys everyone else encrypt using public key , no one can decrypt using parties.
use a trusted third party(TTP)
- ttp that trusted between the two principals
certificates

Question 4

notation for needham schroeder public key protocol

Answer 4

1. A →B : EB (Na, A)
2. B →A : EA(Na, Nb)
3. A →B : EB (Nb)
   Nb and Na used to then generate a symmetrivc key

Question 5

how do we know for sure A is A and B is B in
(As in they are making sure they are talking yo eachother )
1. A →B : EB (Na, A)
2. B →A : EA(Na, Nb)
3. A →B : EB (Nb)

Answer 5

2. shows A that it is b as inly b could have decrypted the previous message and sent nonce back with new nonce
3. shows b A ia A as only A could have decrypted the message and sent nonce back

Question 6

what is public key encryption notation in protocol

Answer 6

E_x(-)

Question 7

what attack is needham schroeder public key protocol susceptible to

Answer 7

man in the middle attack

Question 8

Needham-Schroeder-Lowe Public Key Protocol notation

Answer 8

1. A →B : EB (Na, A)
2. B →A : EA(Na, Nb, B)
3. A →B : EB (Nb)

Question 9

what is B in B →A : EA(Na, Nb, B)
in Needham-Schroeder-Lowe Public Key Protocol

Answer 9

b is identity message

Question 10

what is the Needham-Schroeder-Lowe Public Key Protocol secure
1. A →B : EB (Na, A)
2. B →A : EA(Na, Nb, B)
3. A →B : EB (Nb)

Answer 10

▶ A and B mutually authenticate each other.
▶ The attack where Elvis intercepts and impersonates
Bob is no longer possible.
▶ Mutual Authentication — Alice and Bob both verify
each other.
▶ Protection Against MITM — Attackers cannot
impersonate Bob.

Question 11

1. A →B : EB (Na, A)
2. B →A : EA(Na, Nb, B)
3. A →B : EB (Nb)
4. B →A : {M}key_(Na,Nb)
   can adversary read the message encrypted with key_(Na,Nb)

Answer 11

no . secure against adversary

Question 12

1. A →B : EB (Na, A)
2. B →A : EA(Na, Nb, B)
3. A →B : EB (Nb)
4. B →A : {M}key_(Na,Nb)
   can the government read the message encrypted with key_(Na,Nb)

Answer 12

after protocol runs , governement can force people to handover private keys

Question 13

what is foward secrecy

Answer 13

A protocol has Forward Secrecy if it keeps the message secret from an attacker
who has:
▶ A recording of the protocol run.
▶ The long-term keys of the principals.

Question 14

why does forward secrecy matter?

Answer 14

Protection against:
▶ Governments that can force people to give up their keys.
▶ Hackers that might steal private keys.

Question 15

describe station to station protocol

Answer 15

uses public key infrastructure
adds digital signatures and encryption of signatures whith Diffie Hellman shared key secret to achieve the goals:
each party has their own key
prevent eavesdroppers from learning about the message or identities

Question 16

STS notation

Answer 16

1. A →B : gx
2. B →A : gy, {SB (gy, gx )}gxy
3. A →B : {SA(gy, gx )}gxy
4. B →A : {M}gxy

Question 17

notation for signing in protocols

Answer 17

S_x(-)

Question 18

why is STS secure?

Answer 18

▶ x, y , gxy are not stored after the protocol run.
▶ A and B’s keys don’t let the attacker read M.
▶ STS ensures Forward Secrecy.

Question 19

what is a problem with STS?

Answer 19

have to verify eachothers public keys
()how does b know a is a and a know b is b)?

Question 20

solutions to verifying eachothers public key is STS protocol

Answer 20

meet face to face to securely exchange keys
use a pre - shared key mechanism

TTP (trusted third party) -> signs identities and public keys ehich creates certificates-> ensures they can verify eachother public keys

Question 21

why add certificates to STS protocol

Answer 21

A →B : gx
2. B →A : gy, CertB , {SB (gy, gx )}gxy
3. A →B :CertA, {SA(gy, gx )}gxy
▶ The ”full” STS protocol includes
certificates for A and B.
▶ Certificates contain public keys
signed by a Trusted Third Party (TTP).
▶ Alice and Bob don’t need to know
each other’s public key beforehand

Question 22

how does the Needham-Schroeder Key Establishment Protocol work?

Answer 22

1. A →S : A, B, Na
2. S →A : {Na, B, Kab, {Kab, A}Kbs }Kas
3. A →B : {Kab, A}Kbs
4. B →A : {Nb}Kab
5. A →B : {Nb + 1}Kab

▶ S is a Trusted Third Party (TTP) that helps establish a shared key Kab.
▶ S encrypts the session key separately for Alice and Bob.
▶ Alice and Bob mutually authenticate using nonces Na and Nb.
▶ Ensures that only Alice and Bob know Kab.

Question 23

what are key establishment goals

Answer 23

key freshness
key exclusivity
good key

Question 24

what is key freshness

Answer 24

key established is new (from TTP or uses a new nonce)

Question 25

what is key exclusivity

Answer 25

key only known to principals in the protocol

Question 26

what is good key

Answer 26

key is both fresh and exclusive

Question 27

what are authentication goals

Answer 27

entity authentication far - end operative once authentication

Question 28

what is far - end operative

Answer 28

A knows B is active For instance, B might have signed a nonce generated by A, e.g. ▶ A →B: Na ▶ B →A: SB (Na) Not enough on its own (e.g. Needham-Schroeder protocol).

Question 29

what is Once authentication

Answer 29

A knows B wishes to communicate with A B might have name A in message B -> A: S_B(A)

Question 30

what is the highest goal in protocols

Answer 30

A protocol provides Mutual Belief in a key K for Alice with respect to Bob if, after running the protocol, Bob can be sure that: * K is a good key with A * Alice can be sure that Bob wishes to communicate with Alice using K * Alice knows that Bob believes that K is a good key for B.

Question 31

what is entity authentication

Answer 31

A knows that B is currently active and wants to communicate with A. e.g. ▶ A →B: Na ▶ B →A: SB (A, Na)