What else do we need for Properties of Cryptographic Protocols
- Perfect Forward Secrecy and key agreement
- Scalability
- Avoidance of Single Points of Failures
- Selection of algorighms used for authentication and key establishment
- Generic authentication methods for the cryptographic protocol
- simplicity
What does Protocol Try 6 do?
Removing the Authentication Server
- add Long-term key – changes once a day
– KA,B,Longterm is cached and trusted by A and B for sometime.
– KA,B,Longterm authenticates Diffie Hellman key exchange
What does Protocol Try 7 do?
Generic AUTH payload and Selection of Algorithms
What does Protocol Try 8 do?
AUTH Payload Rework
– AUTH payloads are different and contain information provided by both principals
– Proposed/ chosen crypto algs are now authenticated
How does a FINAL Authentication and Key establishment looks like? – 4 Goals
- Alice and Bob have a shared session key for a secure channel.
- Alice and Bob have agreed on the cryptographic algorithms to be used for the secure channel
- Mutual authentication and freshness Alice(Bob) must be able to verify that Bob participated in the protocol run and that they is alive
- Alice and Bob must know that K (A,B) is newly generated.
What is the general purpose of a X509 certificate
How to prevent Replay Attack
add Nonces - only accept unknown nonce
set Timestamp - have well synchronized clocks, only recently used timestamps must be memorized
Forward Secrecy - what do we want to avoid
Long-term key leaks
If attacker has recorded previous communication, they can decrypt key transport message and data exchanged over secure channel
store now, decrypt later
