Answered step by step
Verified Expert Solution
Question
1 Approved Answer
This is a real scenario when a sender S is, for instance, a laptop manufacturer and wishes to send the laptop R a specific update
This is a real scenario when a sender S is, for instance, a laptop manufacturer and wishes to send the laptop R a specific update in a secure manner, but all cryptographic material that S has is a certificate (i.e., a public key) of the TPM (trusted platform module) it had placed on-board R. Below, we give a protocol to possibly cater for this scenario. In Figure 1 , the protocol is depicted. It is a protocol between a sender S (i.e., the manufacturer in the scenario above), a receiver R (i.e., the laptop in the scenario above) and a TPM T on-board R. As we said, the aim of the protocol is that S sends securely a message to R, but S does not have R 's public key nor does it share a symmetric key with R. However, S does know the public key PubTPM of the TPM T found on board R. The channel/communication between R and T is "private", i.e., inaccessible to a Dolev-Yao attacker. The channel between S and R is public (i.e., accessible to a Dolev-Yao attacker). The protocol is as follows. S tells R that it wishes to send a message: i.e., "begin" is sent. R demands T to generate a pair of public and secret keys SK,PK for R. The TPM T generates these and a ticket te stating how long they are valid for. It then sends the public key PK, the ticket te to R and a signature on these. Then, R sends the signature to S. Then, S sends R the message m concatenated with te, all encrypted with PK and signed by S. Upon verification of the signature, R sends the packet from S to T to be decrypted and verified against te. If te is correct, then R receives m back from T. All signatures are with extraction: meaning one can verify them and at the same time find 2. Check the following security goals in Scyther: - agreement on message m between S,R, and T; - synchronisation between S,R, and T; Express these 3-party goals as best you can. Explain your modelling and findings. [13\%] 3. If you find any attack in the above, modify the protocol and check the modification does indeed stop the attack. [10\%] 4. Apart from the results of the analysis you do in Scyther (i.e., beside the Dolev-Yao model), do you think the protocol is an appropriate solution for the 3-party problem presented? Could you improve on it, from any viewpoint, security or otherwise? Explain your answer. - Can you pass a general-security judgement on this protocol? E.g., do you think that "begin" message is a good idea? What if the signature of S is forgeable? (these are just some examples, but the idea is can you break this protocol, yourself, beyond what Scyther tells you? If not, can you make an argument as to why?)
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started