One potential weakness in WTLS is the use of CBC mode cipher encryption. The standard states that

Question:

One potential weakness in WTLS is the use of CBC mode cipher encryption. The standard states that for CBC mode block ciphers, the IV (initialization vector) for each record is calculated in the following way: record_IV = IV⊕S where IV is the original IV and S is obtained by concatenating the 2-byte sequence number of the record the needed number of times to obtain as many bytes as in IV.Thus, if the IV is 8 bytes long, the sequence number of the record is concatenated with itself four times.

Now, in CBC mode, the first block of plaintext for a record with sequence number would be encrypted as (Figure 6.4)image text in transcribed

image text in transcribed

where Ps,1 is the first block of plaintext of a record with sequence number and is the concatenated version of . Consider a terminal application (such as telnet), where each keypress is sent as an individual record. Alice enters her password into this application, and Eve captures these encrypted records. Note that the sequence number is known to Eve, because this portion of the record is not encrypted (Figure 17.17). Now somehow Eve gets hold of Alice’s channel, perhaps through an echo feature in some application. This means that Eve can present unencrypted records to the channel and view the encrypted result. Suggest a brute-force method by which Eve can guess password letters in Alice’s password. Hint: Exploit these properties of exclusive-OR: image text in transcribed

image text in transcribed

Fantastic news! We've Found the answer you've been seeking!

Step by Step Answer:

Related Book For  book-img-for-question
Question Posted: