Suppose an institute deploys a campus secure communication system, whoever affil
ID: 3715175 • Letter: S
Question
Suppose an institute deploys a campus secure communication system, whoever affiliated with the institution will have a public key and secret key pair. When a student A wants to send an encrypted message to student B gossiping about the lecturer (in this case, me). A asks B in the cleartext for B’s public key, and B sends pkB. Assuming the communication channel is completely controlled by me, i.e., I might alter the communication transcript, for example, replacing pkB with pkL which is my public key. In order for Alice and Bob to gossip freely without worrying about their final grade, Alice needs to be sure a public key she received, and claimed to be Bob’s public key indeed belongs to Bob. Essentially everybody needs an authority to certify his public key. Suppose our beloved provost is such authority, and the authority’s public key pk? is available to everybody, i.e., appeared at his homepage, or some public bulletin board. There is something called the public key infrastructure to support all kinds of problems regarding above. Briefly describe what Bob should obtain from the authority before sending out pkB.
Explanation / Answer
The concept is Diffie-Hellman key exchange. The problem mentioned here that third party able to modify the message is called man-in-the-middle attack.
To overcome the above we have the below option that using the signature
A and B are students and C is your lecturer.
Consider A, B and C are connected to each other. C can intercept A's public value and send its own public value to B. This is because Diffie-Hellman key exchange is not authenticating the participants..
While before establishing the protocol between A and B, each obtain public/private key and a certificate for public key, so even the party C intercept the message but cannot forge the signature. So Man-in-the-middle attack can be overcome.