Okay this is how I understood it according to this:
- Alice A establishes a connection to KDC and prepares for session key Exchange R1
- A encrypts the request with her key kA(A, B) meaning "need a session key to communicate with Bob B"
- KDC decrypts the message, genereates kA(R1, kB(A, R1)) and sends it to A
- A decrypts the messages and got now R1 the session key and the other part kB(A, R1) she cannot decrypt (only B kan due to kB).
- A forwards the kB(A, R1) message to B
- B decrypts kB(A, R1) and now knows he is talking to A over the key R1
Now ... in my slides there is an attack described - the Key Confirmation Attack - which does look like this:
The thing here is now that I am not sure how this is supposed to work. This could only work if RQST(ID_A, ID_B) (I'm sorry for the diverse notation) was not encrypted. This attack cannot work if the Request was encrypted by Alice in the first place.
So are there a few things mixed up or what am I missing?
Oscar cannot produce kA(A, O) (the requesting message to generate a session key for communication A to O) since he does not have the key of Alice.
Aucun commentaire:
Enregistrer un commentaire