Certificates and KTP's Flashcards
With certificates, explain RA
Registration Authority, verifies peronal data, accepts, registers and contact with client
With certificates, explain CA
Certification Authority, Generation, management and distribution of PK-certificates
What are the biggest threads for key exchange protocols based on static symmetric keys?
Static keys (often) require a TTP, but no information should be exposed to this party. It also requires all parties to maintain long term keys
Furthermore:
* Replay attack
* Man in the middle
What principle is key transport based on?
Public key system
What kind of key is sent using key transport?
Symmetric key
Explain what the problem is with key transport? (using version 1)
Bob is unsure about the validity of the source claim.
Explain what the problem is with key transport? (using version 2)
Because Alice sents the two message-parts uncorrelated, Eve can replace the second message with her own, making Bob believe that the message was fake/bad.
Explain what the problem is with key transport? (using version 3)
Replay attack
(this is a problem in all versions)
Explain what Forward Secrecy is.
A system is said to have forward secrecy if compromising of a long-term
private key (in the future) does not compromise the security of communications made using that key in the past.
Explain DH key exchange.
Both parties choose a,b from Z/qZ respectively. Then they exchange g^a and g^b using public value g. Then the agreed key is** H** (g^ab), which can be computed by both parties but not by outsiders.
Show that DHKE is not protected against mitm attack.
Eve will intercept the messages and establish a agreed key with both parties independently. This gives her the power to read everything witout any of the two parties being aware.
Explain why signed DHKE is not secure.
Man in the middle attack, because we only sign the (partial) key g^a, there is no ID connected to the transfer. Hence Eve can replace the signature with her own, and Bob will believe that eve is trying to set up communication, instead of Alice.