(i) (10 pts) Describe a man-in-the-middle attack on the Diffie-Hellman protocol where the adversary shares a key kA with Alice and a (different) key kB with Bob, and Alice and Bob cannot detect that anything is wrong. (ii) (15 pts) Consider the following key exchange protocol: • Alice chooses two uniform strings k, r ∈ {0, 1} n , and sends s = k ⊕ r to Bob. • Bob picks an uniform t ∈ {0, 1} n , and sends u = s ⊕ t to Alice. • Alice computes w = u ⊕ r and sends w to Bob. • Alice outputs k and Bob outputs w ⊕ t. (a) (5 Points) Show that Alice and Bob output the same key. (b) (10 Points) Analyze the security of the scheme (i.e., either prove its security or show a concrete attack).
(i) The Diffie-Hellman key exchange is vulnerable to a
man-in-the-middle attack.
In this attack, a man-in-the-middle intercepts Alice's public value
and sends his/her own public value to Bob.
When Bob transmits his public value, adversary substitutes it with
his/her own and sends it to Alice.
Adversary(man-in-the-middle) and Alice thus agree on one shared
key(here, kA) and Adversary and Bob agree on another shared
key(here, kB).
After this exchange, Adversary simply decrypts any messages sent
out by Alice or Bob, and then reads and possibly modifies them
before re-encrypting with the appropriate key and transmitting them
to the other party.
This vulnerability is present because Diffie-Hellman key exchange
does not authenticate the participants.
Possible solutions include the use of digital signatures and other
protocol variants.
(ii) Lets discuss the key exchange protocol defined here in the
given input whether it is secure or not.
Here input provided :
Alice sends s = k ⊕ r to Bob.
Bob sends u = s ⊕ t to Alice.
Alice computes w = u ⊕ r and sends w to Bob
Alice outputs k and Bob outputs w ⊕ t
a) so, Bobs outputs = > w ⊕ t = u ⊕ r ⊕ t
= s ⊕ t ⊕ r ⊕ t
= k ⊕ r ⊕ t ⊕ r ⊕ t
= k (which is same as Alice output).
b) The Protocol is not secure because given a transcript (s,u,w), an attacker can compute:
=> s ⊕ u ⊕ w = s ⊕ u ⊕ u ⊕ r
= s ⊕ r
= k ⊕ r ⊕ r
= k (Hence, the output is easily predictable thus the protocol is not secure).
(i) (10 pts) Describe a man-in-the-middle attack on the Diffie-Hellman protocol where the adversary shares a...