10.7.5 Authentication Using Public-Key Cryptography

Common validation should likewise be possible utilizing open key cryptography. To begin with, Alice needs to get Bob's open key. In the event that a PKI exists with an index server that, hands out authentications for open keys, Alice can request Bob's, as appeared in Fig. 10-43 as message 1. The answer, in message 2, is a X.509 testament containing Bob's open key. At the point when Alice checks that the mark is right, she sends Bob a message containing her character and a nonce.

At the point when Bob gets this message, he has no clue whether it originated from Alice or from Trudy, yet he plays along and approaches the registry server for Alice's open key (message 4), which he soon gets (message 5). He then sends Alice message 6, containing Alice's R_A , his own nonce, R_B , and a proposed session key, K_S.

Figure 10-43. Shared validation utilizing open key cryptography.

At the point when Alice gets message 6, she unscrambles it utilizing her private key. She sees R_A in it, which gives her a warm feeling inside. The message more likely than not originate from Bob, since Trudy has no chance to get of deciding R_A. Moreover, it must be new and not a replay, since she simply sent Bob R_A. Alice consents to the session by sending back message 7. At the point when Bob sees R_B encoded with the session key he just created, he knows Alice got message 6 and confirmed R_A. Bounce is presently a cheerful camper.

What can Trudy do to attempt to subvert this protocol? She can manufacture message 3 and trap Bob into examining Alice, yet Alice will see a R_A that she didn't send and won't continue further. Trudy can't produce message 7 back to Bob since she doesn't know R_B or KS and can't decide them without Alice's private key. She is in a tough situation.