Common validation should likewise be possible utilizing
open key cryptography. To begin with, Alice needs to get Bob's open key. In the
event that a PKI exists with an index server that, hands out authentications
for open keys, Alice can request Bob's, as appeared in Fig. 10-43 as message 1.
The answer, in message 2, is a X.509 testament containing Bob's open key. At
the point when Alice checks that the mark is right, she sends Bob a message
containing her character and a nonce.
At the point when Bob gets this message, he has no
clue whether it originated from Alice or from Trudy, yet he plays along and
approaches the registry server for Alice's open key (message 4), which he soon
gets (message 5). He then sends Alice message 6,
containing Alice
Figure 10-43. Shared validation utilizing
open key cryptography.
At the point when Alice gets message 6, she
unscrambles it utilizing her private key. She sees RA in it, which
gives her a warm feeling inside. The message more likely than not originate from
Bob, since Trudy has no chance to get of deciding RA. Moreover, it
must be new and not a replay, since she simply sent Bob RA. Alice
consents to the session by sending back message 7. At the point when Bob sees RB
encoded with the session key he just created, he knows Alice got message 6 and
confirmed RA. Bounce is presently a cheerful camper.
What can Trudy do to attempt to subvert this protocol?
She can manufacture message 3 and trap Bob into examining Alice, yet Alice will
see a RA that she didn't send and won't continue further. Trudy
can't produce message 7 back to Bob since she doesn't know RB or KS
and can't decide them without Alice's private key. She is in a tough situation.
0 comments:
Post a Comment