Rivest, R. L., and Shamir, A. How to expose an eavesdropper. Commununications of ACM 27, 4 (1984), 393--394.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....the message but can t decipher it. Only the authority S can decrypt it to obtain the session key K, because it is the only one who knows the matching secret key. A digital signature of T has to be attached to the message in order to protect the communication against a man in the middle attack [30]. No. Party Content Description 1 TB Price, licence Contract 2 T B sT(e S(K) e S(K) Encrypted and digitally signed session key. 3 B S If vT(e S(K) then e S(OL e S(K) Check signature. If valid add OL and encrypt 4 S d S(e S(OL e S(K) Check OL If OL valid then O L(n=OL .n,v=r) Decrypt ....

Rivest, Ronald L.: How to expose an eavesdropper. Communications of the ACM; vol. 27; no. 4; 1984; p. 393-395.

....U and k H = g r E Deltar H , respectively, which are both known to E. Such an attack can be detected if U and H mutually authenticate the calculated session keys. Indeed, there are many protocols aimed at extending the basic Diffie Hellman key exchange to provide the required authentication [4, 10]. When authentication is based on user passwords, the protocols must be resistant to guessing attack. It is also advantageous to devise alternative protocols that do not employ conventional encryption algorithms for this purpose [1] 3 Anderson and Lomas Scheme Motivated by the above ....

R. L. Rivest and A. Shamir, "How to Expose an Eavesdropper," Communications of the ACM, vol. 27, 1984.

....resulting cleartext with Alice s real public key and send it to Alice. Both Alice and Bob might indulge in self beatitude for using advanced technology, yet al..l their messages are being perused by Eve without either of them even being aware of it. Rivest and Shamir proposed the interlock protocol [29], which has a good chance of foiling the man in the middle attack. However, it is not widely used since it requires Alice and Bob to know what they are going to say in advance. Unfortunately, it is far too restrictive to be used by a large user population. A more scalable approach is to have ....

R. Rivest and A. Shamir, "How to Expose an Eavesdropper," Communications of the ACM, v.21, n. 2, Feb 1978, pp. 120--126.

....implicit key authentication. The 3 protocols described in this section demonstrate some of the subtleties involved in designing secure authenticated key agreement protocols. Other kinds of attacks that have been identified besides small subgroup attacks include: 1. intruder in the middle attack [37]. In this classic attack on ephemeral DiffieHellman, the adversary replaces A s and B s ephemeral keys g x and g y with keys g x and g y of its choice. E can then compute the session keys formed by A and B (g xy and g xy , respectively) and use these to translate messages exchanged ....

R. Rivest and A. Shamir, "How to expose an eavesdropper", Communications of the ACM, 27 (1984), 393-395.

....low entropy individual answers, Mallet could perform a dictionary attack, given T x , and determine R x . Given R x , he could form the correct response, using keys he had provided to the other party, and allow the protocol to succeed. Rivest and Shamir designed and published an interlock protocol[5] to prevent such attacks. Instead of transmitting the entire message, Alice and Bob each transmit one half of the message 8 , waiting to receive the first half before transmitting the second half. Unfortunately, this works only when large entropy secrets are exchanged. If the answers are of ....

Rivest and Shamir, "How to Expose an Eavesdropper ", CACM, Vol. 27, April 1984, pp. 393395.

....4.1.1 Authentication Protocols The provision of authentication in distributed systems is a well studied problem often solved by cryptographic techniques. Existing authentication systems solve the problem of mutual entity authentication and provide a mechanism for key certification and exchange [1, 37]. These and other existing techniques, like those for the Authentication Services [11] in the Taos Operating System [44] and in DIMACS [3] can be used to address authentication problems for the agent and the server in both agent execution path configurations. Single Server Agent Execution ....

R.L. Rivest and A. Shamir. How to expose an eavesdropper. In Communications of the ACM, pages 393--395, April 1984.

....the order of 20 24 bits) an attacker can do a brute force calculation to find a user attacker shared key that agrees in those bits with the hostattacker exponential. 1 Both sides will have the same challenge, so the authentication step will succeed. To avoid this, we use the Interlock Protocol [RS84], forcing each party to reveal evidence that it has com 1 Trying to calculate a more complex one way function of the exponential doesn t help; the attacker can simply try 2 24 random secret values until he or she finds one that results in the right output function. mitted to its own ....

Ronald L. Rivest and Adi Shamir. How to expose an eavesdropper. Communications of the ACM, 27(4):393--395, 1984.

....coin generates transcripts for fresh coins, which he is able to deposit. ffl Eavesdropping of coins or pseudonyms: A passive attacker eavesdrops the communication at withdrawal, payment or deposit in order to obtain spendable coins. An active eavesdropper might also act as man in the middle [RiSh84] and modify the protocol data. The same strategy is applicable at registration to obtain signed pseudonyms. ffl Theft or extortion of coins from the user: An attacker either steals coin transcripts from the user s device or forces him to withdraw coins from his account and to transfer them to ....

R.L.Rivest, A.Shamir, "How to expose an Eavesdropper", Comm. of the ACM, Vol. 27, (1984), pp. 393--395.

....entities are not authenticated. Due to this, encrypted channels created using Diffie Hellman key exchanges are vulnerable to man in the middle attacks. Though there are techniques for secure transmission of authentication information while using this algorithm (based on the Interlock Protocol [RS84] BM92] BM93] all of them require prior transmission of authenticated data. A promising development is the use of X.509 certificates, RSA digital signatures, and Secure DNS resource records to authenticate DH public keys. This would facilitate the secure use of Diffie Hellman. 2.3.4 X.509 ....

....server (steld) which is a standalone daemon running with superuser privileges. STEL is intended to act as a surrogate replacement for telnetd, rlogind and rshd. The session keys used for encryption are de40 rived from a Diffie Hellman(DH) key exchange procedure. STEL uses the Interlock Protocol [RS84] to defeat man in the middle attacks on the DH key exchange. Upon establishing a secure channel, the user has a variety of methods (SecurID, S Key and standard UNIX passwords) to authenticate himself. For encryption, currently STEL supports the DES, 3 DES and IDEA algorithms. An interesting ....

R.L. Rivest and A. Shamir. "How To Expose An Eavesdropper". Communications of the ACM, Vol. 27, no. 4:393--395, April 1984.

....EKE can defend against it (and ensure the privacy of the call) by rendering a phone useless if a PIN has not been entered. Since the PIN is not stored within the phone, it is not possible to retrieve one from a stolen unit. EKE also provides a replacement for Rivest and Shamir s Interlock Protocol [18]. This protocol is designed to detect active eavesdroppers. If the interlock protocol is used for authentication, as suggested by Davies and Price [19, page 222] certain attacks are possible, as we have shown elsewhere [20] Our attack does not succeed against EKE. From a general perspective, EKE ....

R. L. Rivest and A. Shamir, "How to expose an eavesdropper," Communications of the ACM, vol. 27, no. 4, pp. 393--395, 1984.

....that a protocol is invulnerable to this style of attack. Dolev and Yao [67] pioneered this style of proof; additional work was performed by Dolev, Even, and Karp [66] Yao [185] and Even and Goldreich [70] In other cases a modification of the protocol can eliminate or alleviate the danger; see [152] as an example of this approach against the danger of an adversary inserting himself into the middle of a public key exchange protocol. 10.3.5 Multiparty Protocols When Most Parties are Honest Goldreich, Micali, and Wigderson [84] have shown how to compile a protocol designed for honest ....

R. L. Rivest and A. Shamir. How to expose an eavesdropper. Communications of the ACM, 27:393--395, April 1984.

....that a protocol is invulnerable to this style of attack. Dolev and Yao [57] pioneered this style of proof; additional work was performed by Dolev, Even, and Karp [56] Yao [162] and Even and Goldreich [61] In other cases a modi cation of the protocol can eliminate or alleviate the danger; see [136] as an example of this approach against the danger of an adversary inserting himself into the middle of a public key exchange protocol. 10.3 Multiparty Protocols When Most Parties are Honest Goldreich, Micali, and Wigderson [76] have shown how to compile a protocol designed for honest ....

R. L. Rivest and A. Shamir. How to expose an eavesdropper. Communcations of the ACM, 27:393-395, April 1984.

....that a protocol is invulnerable to this style of attack. Dolev and Yao [57] pioneered this style of proof; additional work was performed by Dolev, Even, and Karp [56] Yao [162] and Even and Goldreich [61] In other cases a modification of the protocol can eliminate or alleviate the danger; see [136] as an example of this approach against the danger of an adversary inserting himself into the middle of a public key exchange protocol. 10.3 Multiparty Protocols When Most Parties are Honest Goldreich, Micali, and Wigderson [76] have shown how to compile a protocol designed for honest ....

R. L. Rivest and A. Shamir. How to expose an eavesdropper. Communcations of the ACM, 27:393--395, April 1984.

No context found.

Rivest, R. L., and Shamir, A. How to expose an eavesdropper. Commununications of ACM 27, 4 (1984), 393--394.

No context found.

R. L. Rivest and A. Shamir. How to expose an eavesdropper. Communications of the ACM, 27(4):393-- 395, 1984.

No context found.

Ronald L. Rivest and Adi Shamir. How to expose an eavesdropper. Communications of the ACM, 27(4):393--395, April 1984.

No context found.

R. L. Rivest and A. Shamir. How to expose an eavesdropper. Comm. ACM, 27(4):393--394, 1984.

No context found.

R.L. Rivest and A. Shamir, "How to expose an eavesdropper", Comm. ACM 27 No.4 (Apr.1984), 393-395.

No context found.

R. Rivest and A.Shamir, How to expose an Eavesdropper, Communication of the ACM, v.27, n.4, Apr. 1984, pp. 393--395

No context found.

Rivest, R., and Shamir, A., "How to expose an eavesdropper", Communications of the ACM, Volume 27, Number 4, April 1984, pp. 393-395.

No context found.

R. Rivest and A. Shamir, "How to Expose an Eavesdropper, " Communications of the ACM, v.21, n. 2, Feb 1978, pp. 120--126.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC