Data Protection and Security

VII

Identification and Entity Authentication

VII.III

Authentication Protocols

Authenticated Key Exchange:

With symmetric-key protocols, for encryption take the session key as (KAB+1){R}. It is not secure to use (KAB){R} as the session key because it is transmitted by Alice as the third message and is seen by other parties.

With public-key protocols, send additional random nonces {R}A (R encrypted with Alice’s public key), {R}B (R encrypted with Bob’s public key) and use them to derive a session key.
Alternatively, Alice and Bob can do a Diffie Hellman key exchange (see Chapter 4) where each signs the quantity they are sending (Authenticated Diffie-Hellman).

VII.III.V Q

[+] Question

[-] Question

We need not only authentication at start but encryption and/or integrity checks in the the rest of the session. Why? (Hint: Remember the connection hijaction attack)

«previous session

[1] [2] [3] [4] [5] [6] [7] [8] [9]

next session »

«proceed to previous section

proceed to next section »

chapter index