17 Attacks

Impersonating Attack

How the Attack Works

$E(A)\to B$ : “I’m Alice”

where E(A) means Elvis is impersonating Alice.

A simple protocol - Symmetric Key Encryption

Owning Shared Keys

$$A\to B:{\text{{"I’m Alice"}}}_{K_{ab}}$$

If Alice and Bob share a key $K_{ab}$ then Alice can encrypt the message.

Replay of Messages

How the Replay Attack Works

$$\begin{array}{rl}A& \to B:{\text{{"I’m Alice"}}}_{K_{ab}}\\ E(A)& \to B:{\text{{"I’m Alice"}}}_{K_{ab}}\end{array}$$

A Simple Protocol - Nonce

Number that is only used once (often used in a challenge/response setting).

Protocol steps :

$$\begin{array}{rl}1.& A\to B:A\\ 2.& B\to A:\{N_a{\}}_{K_{ab}}\\ 3.& A\to B:\{N_a+1{\}}_{K_{ab}},\{\text{Pay Elvis 5}{\}}_{K_{ab}}\end{array}$$

Another example :

$$\begin{array}{rl}1.& A\to B:A\\ 2.& B\to A:\{N_a{\}}_{K_{ab}}\\ 3.& A\to B:\{N_a+1{\}}_{K_{ab}},\{\text{Pay Elvis 5}{\}}_{K_{ab}}\\ 4.& A\to B:A\\ 5.& B\to A:\{N_{a2}{\}}_{K_{ab}}\\ 6.& A\to B:\{N_{a2}+1{\}}_{K_{ab}},\{\text{Pay Bob 5}{\}}_{K_{ab}}\end{array}$$

Exploitation

Better Protocol - Fixed

$$\begin{array}{rl}1.& A\to B:A\\ 2.& B\to A:\{N_a{\}}_{K_{ab}}\\ 3.& A\to B:\{N_a,\text{Pay Elvis 5}{\}}_{K_{ab}}\end{array}$$

What Bob Can Be Sure Of :

• He is talking to Alice.
• Alice wants to send Elvis €5.
• Alice’s messages are fresh (not replayed).