PDA

View Full Version : Problem of mAN IN MIDDLE with digital signature.



DATA
03-20-2002, 12:12 AM
HI,
Okey,this is about public key algoritm(asymmetric keys).
Let our 2 famous personalities Alice & Bob be autheticating
each other through their digital signatures.
Three cases arise.
*:>Assume that there is no Key Distribution Centre(KDC)
2:>Assume there is a trusted KDC
*:>Assume there is a compramised KDC

Let Mallory be the evil guy who wants to eavs drop
the communication between Alice & Bob.
Let Trinity be the KDC manager who signs alice's &
bob's public keys.

*:>If there is no KDC , Mallory can ping flood or ping'o death
Bob.Now Bob is out of the way.
Now Mallory being in the middle can say that he is Bob
and give alice, Mallory's own public key.
Now alice encrypts her plain text using Mallory's
public key ,which alice thinks is bob's.
Mallory now just have to decrypt using his private key
to read Alice's message.
This won't be a man in the middle attack,since Bob is
out of the picture but still is a sucessfull attack.
One better way to autheticate bob is to ring up BOB
and ask him to come online,the authetication
being his voice.If they haven't met before this will
be difficult.
What if Alice checks bob's ip address between the
communication?
Mallory have to use a spoofed ip & may need to
do a router attack on the way to Bob's actual ip
address so that Mallory can pick up Alice's encrypted
packets.

2:>Trusted KDC

Trinity being the KDC manager signs alice's & bob's
public key using her private key.
Now if Mallory is capable to perform a Router Attack
between the KDC signed public key data base & the
out side world, Mallory can use his own private keys
to sign 2 phony public keys for alice & bob.
When Alice sends a request to fetch Bob's public key
frm the KDC data base it is intercepted by Mallory.
He sends Alice his phony public key signed by his own
private key telling alice that it is bob's public key
signed by Trinity's private key.
He does the same to Bob.
The requests never reach the KDC.
Now Mallory is in a position to do the man in the middle
attack.

*:>Compramised KDC.
Assuming that Mallory is a very powerfull person,say
in the Secret Police.He forces Trinity to give him her
private key or face the wrath.I bet trinity would give
Mallory the private key rather tham facing the wrath.
Now as in the previous example,Mallory signs 2 phony
public keys using Trinity's private key & put it in the
KDC data base.
The attack is then exactly similar to the previous example.
Mallory launches a sucessful Man in the Middke Attack.

Regards Data.