Security Algorithm Example challenge-and-response protocol: Assume A and B share
ID: 3799816 • Letter: S
Question
Security Algorithm
Example challenge-and-response protocol: Assume A and B share a secret key K for a symmetric encryption algorithm using 124 bit blocks and no third party knows K. B picks a challenge, x (a random 124-bit string) and B sends x to A A sends y = E_k(x) to B B computes y' = E_k(x) and checks y = y' Explain why B believes that the identity of the sender of y is A. Why would a new random challenge need to be picked every time the protocol is used? What could go wrong otherwise? How could this be modified and done with a public-key scheme like RSA? Assume that both A and B have public keys available.Explanation / Answer
Solution:
1. When B receives Ek(x), there will be a basis for deciding the identity of the sender as A. B will know it because it is only A who knows k and sends the random bit string back to him by using k. When B computes the y', the outcome he get will be y which is the the exact match which he was expecting.
2. It is necessary to have a new random challenge to be picked every time the protocol is used because it will make the communication process more secure as there will be no two random numbers that are same and can be changed. If it would not have been done than it will be possible for the Eve to record the multiple sessions and easily got access to the random number used in the communication process between A and B. It would be possible for Eve to impersonate the identity of either A or B and changing the messages sent in the communication process.
3. To communicate with a public-key scheme like RSA, the procedure would be as follows:
The main objective of the communication process is to ensure the correct identity of the parties that are the part of this process. When B sends a challenge R to A, he will respond back by sending his signature with the R. B will then uses the A's public key to check the validity of the signature coming with R. The basis of this validation is that only A is having the secret key that would enable the responding party to sign as A.
The challenge R that B has send to the A is chosen according to the uniform distribution on mod m numbers, where m is defined as the A's public modulus. Here m is assumed to be the huge number that creates many possibilities for R that it will be almost impossible for A that he has ever previously calculated some identical signature for the particular chosen. Also, R will be such a number that none can compute the signature without having secret key.