Question

(i) (10 pts) Describe a man-in-the-middle attack on the Diffie-Hellman protocol where the adversary shares a...

(i) (10 pts) Describe a man-in-the-middle attack on the Diffie-Hellman protocol where the adversary shares a key kA with Alice and a (different) key kB with Bob, and Alice and Bob cannot detect that anything is wrong. (ii) (15 pts) Consider the following key exchange protocol: • Alice chooses two uniform strings k, r ∈ {0, 1} n , and sends s = k ⊕ r to Bob. • Bob picks an uniform t ∈ {0, 1} n , and sends u = s ⊕ t to Alice. • Alice computes w = u ⊕ r and sends w to Bob. • Alice outputs k and Bob outputs w ⊕ t. (a) (5 Points) Show that Alice and Bob output the same key. (b) (10 Points) Analyze the security of the scheme (i.e., either prove its security or show a concrete attack).

0 0
Add a comment Improve this question Transcribed image text
Answer #1

(i) The Diffie-Hellman key exchange is vulnerable to a man-in-the-middle attack.
In this attack, a man-in-the-middle intercepts Alice's public value and sends his/her own public value to Bob.
When Bob transmits his public value, adversary substitutes it with his/her own and sends it to Alice.
Adversary(man-in-the-middle) and Alice thus agree on one shared key(here, kA) and Adversary and Bob agree on another shared key(here, kB).
After this exchange, Adversary simply decrypts any messages sent out by Alice or Bob, and then reads and possibly modifies them before re-encrypting with the appropriate key and transmitting them to the other party.
This vulnerability is present because Diffie-Hellman key exchange does not authenticate the participants.
Possible solutions include the use of digital signatures and other protocol variants.

(ii) Lets discuss the key exchange protocol defined here in the given input whether it is secure or not.
Here input provided :

Alice sends s = k ⊕ r to Bob.
Bob sends u = s ⊕ t to Alice.
Alice computes w = u ⊕ r and sends w to Bob
Alice outputs k and Bob outputs w ⊕ t

a) so, Bobs outputs = > w ⊕ t = u ⊕ r ⊕ t

= s ⊕ t ⊕ r ⊕ t

= k ⊕ r ⊕ t ⊕ r ⊕ t

= k (which is same as Alice output).

b) The Protocol is not secure because given a transcript (s,u,w), an attacker can compute:

=> s ⊕ u ⊕ w = s ⊕ u ⊕ u ⊕ r

= s ⊕ r

= k ⊕ r ⊕ r

= k (Hence, the output is easily predictable thus the protocol is not secure).

Add a comment
Know the answer?
Add Answer to:
(i) (10 pts) Describe a man-in-the-middle attack on the Diffie-Hellman protocol where the adversary shares a...
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions
ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT