Republic of Iraq

Ministry of Higher Education and

Scientific Research
Al-Furat Al-Awsat Technical University
Engineering Technical College/Najaf
Al Najaf Al Ashraf, 31001. Iraq.

Communication Security
Lecture 3

Fourth Year lecture notes

Communication Techniques Engineering Dept
Engineering Technical College/ NAJAF 2019-2020
Lecturer: Dhurgham Al-Khaffaf

2/22/2020 Al-Furat Al-Awsat Technical University 1

 Man-in-the-middle Attack
(Modification – data integrity) [1]
Wi-Fi is a wireless technology that provides
simple broadband access using your laptop
and an access point to which the laptop has
authenticated itself.

Suppose you have a modified Wi-Fi card

designed to intercept data. All information
coming from the access points within wireless
range can be read.

2/22/2020 Al-Furat Al-Awsat Technical University 2

 Man-in-the-middle Attack
(Modification – data integrity) [2]
Suppose an attacker wishes to authenticate to a
corporate access point they should not be able to use.
One approach would be to set up a bogus access point:
– The bogus access point identifies a real corporate access
point in advance.
– When a corporate laptop sees the bogus access point and
tries to associate to it the bogus access point copies all the
messages it receives to the valid corporate access point,
substituting its own Medium Access Control (MAC)
address.
– The bogus access point copies all the messages received
from the valid access point back to the mobile device. This
intervention is possible even when the data is encrypted
and without the enemy knowing the secret keys.

2/22/2020 Al-Furat Al-Awsat Technical University 3

 Man-in-the-middle Attack
(Modification – data integrity) [3]
If the message content is encrypted very little can
be achieved without some knowledge of the
contents of the messages before they were
encrypted.
More can be achieved if the attacker is allowed to
replay captured messages.
In particular, if a simple challenge response scheme
were used for authentication by replaying
captured messages the bogus access point could
associate itself to the corporate access point.

2/22/2020 Al-Furat Al-Awsat Technical University 4

 Man-in-the-middle Attack
(Modification – data integrity) [4]
The security method for Wi-Fi called Wireless Protected
Access (WPA) is resilient to such attacks.
– It requires mutual authentication between the corporate
user and the access point and has built in protection
against replay attacks.
One interesting problem arising with wireless challenge
response protocols is that an attacker could know that
a wireless device was in a certain area by getting a
response to a challenge they issued to it. Consequently,
many modern systems authenticate the challenge as
well as the response.

2/22/2020 Al-Furat Al-Awsat Technical University 5

 (Encryption) Key Management (1)
The protocols discussed so far have largely been for
authenticating a principal.
Another class of protocols that is extremely
important is the encryption key management
protocols.
Authentication protocols are now widely used in
distributed systems for general key management
purposes.
– The authentication protocols of Wi-Fi Protected
Access (WPA) and Robust Security Network (RSN) are
important examples.

2/22/2020 Al-Furat Al-Awsat Technical University 6

 (Encryption) Key Management (2)
To enable transmission of encrypted information
communicating parties must enter into a keying
relationship where they share common data,
known as keying material.
In a secret key cryptosystem, the same key is used
for both encryption and decryption. Thus if two
users wish to communicate securely, they must
first exchange a secret key securely.
The methods used to enable keying relationships
form what is known as key management.

2/22/2020 Al-Furat Al-Awsat Technical University 7

 (Encryption) Key Management (3)
Key management includes all aspects of the keying
relationships:
– User initialisation
– Generation and distribution of keying material
– Controlling key material use
– Backing up
– Archiving and updating keying material.
Usually the least frequently changed keys must be manually
distributed under strict security.
These keys form the basis for the construction of other keys in
a hierarchy consisting of several levels with the keys used
for encrypting data changed as frequently as once per
message.

2/22/2020 Al-Furat Al-Awsat Technical University 8

 (Encryption) Key Management (4)
The basic concept underlying key distribution
protocols is that of the trusted third party (often
called Trent in the security literature).
If symmetric key cryptography is to be used to
encrypt messages between two principals the
simplest form of key management is to use a Key
Distribution Centre (KDC).
When a principal registers with a KDC it must prove
its identity, in the case of a subject, by visiting the
KDC and proving identification in the form of a
passport etc.

2/22/2020 Al-Furat Al-Awsat Technical University 9

 (Encryption) Key Management (5)
The KDC provides each registered principal with a unique
encryption key in a secure manner so that it may
communicate with the KDC in a secure way, in the case
of a subject often by physical exchange.
If two principals, Alice and Bob, registered with the same
KDC want to communicate in a secure manner one of
the principals, say Alice, uses the encryption key (KA) it
shares with the KDC to securely ask it to send an
encryption key (KAB ) to both it and Bob.
The KDC uses the key it shares with Alice (KA) to securely
send Alice the key Alice asked for and the key it shares
with Bob (KB) to securely send Bob the key.

2/22/2020 Al-Furat Al-Awsat Technical University 10

 Needham-Schroeder Protocol (1)
Developed in 1978 by Roger Needham and Mike
Schroeder, it is an elaboration of the basic
protocol for key distribution described in this
lecture and many later key distribution
protocols were based on it.

2/22/2020 Al-Furat Al-Awsat Technical University 11

 Needham-Schroeder Protocol (2)
If Alice and Bob the communicating parties are
denoted by A and B, the trusted third party Trent
by T and a nonce provided by party X by NX, the
protocol is described as:
Message 1:
Message 2:
Message 3:
Message 4:
Message 5:

2/22/2020 Al-Furat Al-Awsat Technical University 12

 Needham-Schroeder Protocol (3)
The first extra element is in the opening message where
Alice sends her random nonce so Trent can be sure her
message is not a replay attack.
In the second message Trent includes her nonce in
encrypted form so Alice can be sure Trent’s message is
not a replay and an encrypted message to send to Bob
which is sent to Bob in message 3.
Bob then does a challenge-response to be sure Alice is
present and expecting a message from him.

2/22/2020 Al-Furat Al-Awsat Technical University 13

 Needham-Schroeder Protocol (4)
There is a problem with this protocol and the previous
one:
Suppose David steals Alice’s key KA and sends messages to
Trent pretending to be Alice asking for keys to talk to
Michael and Jane, David can impersonate Alice to
Michael and Jane.
The problem is when Alice realises her key KA has been
stolen she must ask Trent to send a message to
everyone she has ever been issued a key to talk to by
Trent revoking the key they were sent.
Alice cannot do key revocation herself.

2/22/2020 Al-Furat Al-Awsat Technical University 14

 Needham-Schroeder Protocol (5)
Kerberos is an important development of the
Needham-Schroeder protocol that gets
around this problem by using timestamps
rather than nonces and is covered later in the
course.

2/22/2020 Al-Furat Al-Awsat Technical University 15

 Home work
• Wi-Fi Protected Access (WPA)
• Robust Security Network (RSN)
• symmetric key cryptography
• public key cryptography

2/22/2020 Al-Furat Al-Awsat Technical University 16

 Thank you for your listening

2/22/2020 Al-Furat Al-Awsat Technical University 17