Question

1. Show with a diagram or algorithm a man-in-the-middle attack on the Simple Secret Key Distribution Protocol.

Answer 1

In cryptography , a man-in-the-middle attack is a cyber attack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other.

Suppose Alice wishes to communicate with Bob. Meanwhile, Meg wishes to intercept the conversation to eavesdrop and optionally to deliver a false message to Bob.

First, Alice asks Bob for his public key. Meg is able to intercept it.

1. Alice sends a message to Bob, which is intercepted by Meg:

Alice "Hi Bob, it's Alice. Give me your key." → Meg( intercepted) Bob

2. Meg relays this message to Bob; Bob cannot tell it is not really from Alice:

Alice   Meg (intercepter) "Hi Bob, it's Alice. Give me your key." →   Bob

3. Bob responds with his encryption key thinking its alice:

Alice   Meg(intercepter)   ← [Bob's key] Bob

4. Meg replace Bob encryption key by her key and send to Alice claiming to be Bob

Alice ← [Bob's key]  Meg(intercepter)  Bob

5. Thinking the opposite person to be Bob, Alice Encrypt the message using Bob key and send it thinking only Bob can read it

Alice "Lets visit Library now!" [encrypted with Meg key thinking to be Bob Key] →   Meg(intercepter) Bob

6. However, because it was actually encrypted with Meg key, Meg decrypt it, read it, modify it (if desired), re-encrypt with Bob's key, and forward it to Bob:

Alice   Meg (intercepter) "Lets bunk class" [encrypted with Bob's key] →   Bob

7. Bob thinks that this message is a secure message from Alice.