Question

4. Key agreement/IKE (10-5-10 points): (a) Consider the following key exchange protocol which is similar to IKE Phase 1 Aggressive Mode. p is a large prime number and g is a generator of Z*p. 1. A ? B : g^a mod p, {"Alice"}Bob, {RA}Bob 2. A ? B : g^b mod p, {"Bob"}Alice, {RB}Alice, proofB 3. A ? B : proofA where proofA = h(g^ab mod p, g^a mod p, g^b mod p, "Alice") proofB = h(g^ab mod p, g^b mod p, g^a mod p, "Bob") K = h(g^ab mod p) i) First explain if the protocol authenticates A and B, and achieves secure key agreement (discuss key control and key authentication). {m}x denotes a message m encrypted with public key of x. ii) Modify the protocol so that RA and RB can be eliminated but the protocol can mutually authenticate A and B. In your modification, no additional protocol message, secret keys or signature can be used. (b) Consider the following simplified IKE Phase 1 in Aggressive Mode. A ? B : "Alice", "Bob", g^a mod p A ? B : "Bob", "Alice", g^b mod p, [g^a mod p]B A ? B : "Alice", "Bob", [g^b mod p, g^a mod p]A [X]A denotes a signature on message X generated by A. The session key established between A and B is g^ab mod p. Show that this simplified version is insecure (allows attacker to establish a key with one of the participants while pretending to be the other participant). Hint: consider that this IPSec system has multiple users.

          4. Key agreement/IKE (10-5-10 points):
(a) Consider the following key exchange protocol which is similar to IKE Phase 1 Aggressive Mode. p is a large prime number and g is a generator of Z*p.
1. A ? B : g^a mod p, {"Alice"}Bob, {RA}Bob
2. A ? B : g^b mod p, {"Bob"}Alice, {RB}Alice, proofB
3. A ? B : proofA
where
proofA = h(g^ab mod p, g^a mod p, g^b mod p, "Alice")
proofB = h(g^ab mod p, g^b mod p, g^a mod p, "Bob")
K = h(g^ab mod p)
i) First explain if the protocol authenticates A and B, and achieves secure key agreement (discuss key control and key authentication). {m}x denotes a message m encrypted with public key of x.
ii) Modify the protocol so that RA and RB can be eliminated but the protocol can mutually authenticate A and B. In your modification, no additional protocol message, secret keys or signature can be used.
(b) Consider the following simplified IKE Phase 1 in Aggressive Mode.
A ? B : "Alice", "Bob", g^a mod p
A ? B : "Bob", "Alice", g^b mod p, [g^a mod p]B
A ? B : "Alice", "Bob", [g^b mod p, g^a mod p]A
[X]A denotes a signature on message X generated by A. The session key established between A and B is g^ab mod p. Show that this simplified version is insecure (allows attacker to establish a key with one of the participants while pretending to be the other participant). Hint: consider that this IPSec system has multiple users.

4. Key agreement/IKE (10-5-10 points):
(a) Consider the following key exchange protocol which is similar to IKE Phase 1 Aggressive Mode. p is a large prime number and g is a generator of Z*p.
1. A ? B : g^a mod p, "Alice"Bob, RABob
2. A ? B : g^b mod p, "Bob"Alice, RBAlice, proofB
3. A ? B : proofA
where
proofA = h(g^ab mod p, g^a mod p, g^b mod p, "Alice")
proofB = h(g^ab mod p, g^b mod p, g^a mod p, "Bob")
K = h(g^ab mod p)
i) First explain if the protocol authenticates A and B, and achieves secure key agreement (discuss key control and key authentication). mx denotes a message m encrypted with public key of x.
ii) Modify the protocol so that RA and RB can be eliminated but the protocol can mutually authenticate A and B. In your modification, no additional protocol message, secret keys or signature can be used.
(b) Consider the following simplified IKE Phase 1 in Aggressive Mode.
A ? B : "Alice", "Bob", g^a mod p
A ? B : "Bob", "Alice", g^b mod p, [g^a mod p]B
A ? B : "Alice", "Bob", [g^b mod p, g^a mod p]A
[X]A denotes a signature on message X generated by A. The session key established between A and B is g^ab mod p. Show that this simplified version is insecure (allows attacker to establish a key with one of the participants while pretending to be the other participant). Hint: consider that this IPSec system has multiple users.

Added by Ricardo J.

Question

Please give Ace some feedback