Combustibles gaseosos alternativos

2. ESTADO DEL ARTE

2.4. Combustibles

2.4.2. Combustibles gaseosos alternativos

PREMISE Alice and Trent share key KAT; Bob and Trent share

key KBT.

GOAL Alice and Bob want to establish a new and shared

secret key K.

Alice generates K at random, creates {K}KAT, and sends to Trent: Alice, Bob,

{K}KAT; 1.

Trent finds keys KAT, KBT, decrypts {K}KAT to reveal K, creates {K}KBT and sends

to Bob: Alice, Bob, {K}KBT; 2.

Bob decrypts {K}KBT to reveal K, forms and sends to Alice: {Hello Alice, I'm Bob!}K.

Before investigating whether Protocol "From Alice To Bob" contains any security flaw we should comment on a design feature of it. The protocol lets Alice generate a session key to be shared with Bob. Will Bob be happy about this? If it turns out that the session key generated by Alice is not sufficiently random (a cryptographic key should be random to make it difficult to be

determined by guessing), then Bob's security can be compromised since the key is a shared one. Maybe Alice does not care whether the session key is strong, or maybe she just wants the key to be easily memorable. So long as Bob does not trust Alice (may not even know her prior to a protocol run), he should not feel comfortable accepting a session key generated by her and sharing with her. We shall modify this protocol by removing this design feature and discuss security issues of the modified protocol.

• Table of Contents

Modern Cryptography: Theory and Practice By Wenbo Mao Hewlett-Packard Company

Publisher: Prentice Hall PTR Pub Date: July 25, 2003

ISBN: 0-13-066943-1 Pages: 648

Many cryptographic schemes and protocols, especially those based on public-keycryptography, have basic or so-called "textbook crypto" versions, as these versionsare usually the subjects for many textbooks on cryptography. This book takes adifferent approach to introducing

cryptography: it pays much more attention tofit-for-application aspects of cryptography. It explains why "textbook crypto" isonly good in an ideal world where data are random and bad guys behave nicely.It reveals the general unfitness of "textbook crypto" for the real world by demonstratingnumerous attacks on such schemes, protocols and systems under variousreal- world application scenarios. This book chooses to introduce a set of practicalcryptographic schemes, protocols and systems, many of them standards or de factoones, studies them closely, explains their working principles, discusses their practicalusages, and examines their strong (i.e., fit-for-application) security properties, oftenwith security evidence formally established. The book also includes self-containedtheoretical background material that is the foundation for modern cryptography.

Since Trent is trusted by both client principals, he should be trusted to be able to properly generate the session key. Prot 2.1 is thus modified to Prot 2.2. It starts with Alice sending to Trent the identities of herself and Bob, the two principals who intend to share a session key for secure communications between them. Upon receipt of Alice's request, Trent shall find from his database the respective keys of the two principals, shall generate a new session key to be shared between the two principals and shall encrypt the session key under each of the principals' keys. Trent should then send the encrypted session key material back to Alice. Alice shall process her own part and shall relay to Bob the part intended for him. Finally, Bob shall process his share of the protocol which ends by sending out an acknowledgement for the receipt of the session key. We shall name the modified Protocol "Session Key From Trent.

With the session key K being encrypted under the perfect encryption scheme, a passive

eavesdropper, upon seeing the communications in a run of Protocol "Session Key From Trent and without the encryption keys KAT and KBT, will not gain anything about the session key K since it

may only be read by the legitimate recipients via decryption using the respective keys they have.

2.6.2 Attack, Fix, Attack, Fix …

We now illustrate a standard scene of this book, that is, attack, fix, attack, fix …

2.6.2.1 An Attack

However, Protocol "Session Key From Trent is flawed. The problem with the protocol is that the information about who should get the session key is not protected. An attack is shown in Attack 2.1. In the attack, Malice intercepts some messages transmitted over the network, modifies them and sends them to some principals by impersonating some other principals. In the attack shown in Attack 2.1 we write

Alice sends to Malice("Trent"): …

to denote Malice's action of intercepting Alice's message intended for Trent, and we use Malice("Alice") sends to Trent: …

to denote Malice's action of sending message to Trent by impersonating Alice. We should note that according to the Dolev-Yao threat model for our protocol environment that we have agreed to in §2.3, Malice is assumed to have the entire control of the vulnerable network. So Malice is capable of performing the above malicious actions. We can imagine that the symbol

("principal_name") is a mask worn by Malice when he is manipulating protocol messages passing along the network. In §12.2 we shall see technically how Malice could manipulate messages transmitted over the network this way.

• Table of Contents

Modern Cryptography: Theory and Practice By Wenbo Mao Hewlett-Packard Company

Publisher: Prentice Hall PTR Pub Date: July 25, 2003

ISBN: 0-13-066943-1 Pages: 648

In document Caracterización del proceso de combustión de gas de síntesis en bombas de combustión a volumen constante para su utilización en motores de combustión interna alternativos (página 34-39)