Jump to content

Interlock protocol

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by DavidJablon (talk | contribs) at 03:02, 2 July 2005. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

In an attempt to create a cryptographically secure channel without requiring any additional out-of-band authentication factors, Davies and Price proposed the use of the Interlock Protocol of Ron Rivest and Adi Shamir (1).

Brief history

Most cryptographic protocols rely on the prior establishment of secret or public keys or passwords. However, the Diffie-Hellman key exchange protocol introduced the concept of two parties establishing a secure channel (that is, with at least some desirable security properties) without any such prior agreement. Unauthenticated Diffie-Hellman has always been known to be subject to man in the middle attack, however, the dream of the "zipless" mutually authenticated secure channel remained.

How it works

The Interlock protocol works roughly as follows: Alice encrypts her message with Bob's key, then sends half her encrypted message to Bob. Bob encrypts his message with Alice's key and sends half of his encrypted message to Alice. Alice then sends the other half of her message to Bob, who sends the other half of his. The strength of the protocol lies in the fact that half of an encrypted message cannot be decrypted. Thus, if Mallory begins his attack and intercepts Bob and Alice's keys, Mallory will be unable to decrypt Alice's half-message (encrypted using his key) and re-encrypt it using Bob's key. He must wait until both halves of the message have been received to read it, and can only succeed in duping one of the parties if he composes a completely new message.

Why it might not

An attack on the Interlock protocol, when used for authentication, was described by Bellovin & Merritt (2). A subsequent refinement was proposed by Ellison (3).

See also

References

1. R. Rivest and A. Shamir. How to Expose an Eavesdropper. CACM, Vol. 27, April 1984, pp. 393-395.

2. S. M. Bellovin and M. Merritt. An Attack on the Interlock Protocol When Used for Authentication. I.E.E.E. Transactions on Information Theory , v. 40, n. 1, January 1994, pp. 273-275.

3. C. Ellison. Establishing Identity Without Certification Authorities. Proceedings of the Sixth Annual USENIX Security Symposium, San Jose, July 1996, pp. 67-76.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Interlock_protocol&oldid=17992870"