02-04-2011, 10:09 AM
Presented by:
MS.T.JEEVITHA
[attachment=11525]
Step-by-Step Key and Message Exchange
Cryptographic private/public key solutions are susceptible to man-in-the-middle attacks. These attacks take a variety of forms, including eavesdropping, substitution, denial of service, and phishing. The Cryptography Next Generation (CNG) secure communication example addresses substitution, in which a third party (Mallory) inserts himself between two communication endpoints (Alice and Bob).
The following sections provide background information, illustrations, and step-by-step instructions for the five security versions discussed in the CNG example overview:
Version 1: Basic message exchange
Version 2: Unsigned key and unsigned message exchange:
Without interception
With interception
Version 3: Signed key and signed message exchange
Version 4: Signed key and signed message exchange with detection
Version 5: Signed key and signed message exchange with application termination
Version 1: Basic Message Exchange
The following illustration shows Alice and Bob sending messages without a man-in-the-middle attack. The messages are not encrypted or digitally signed. The CNG example demonstrates this procedure when you select version 1. A step-by-step description of the process is provided after the illustration.
Version 1: Basic message exchange
Version 2: Unsigned Keys and Unsigned Messages Without Interception
The following illustration shows key and message exchange without a man-in-the-middle attack. The CNG example demonstrates this procedure when you select version 2 and turn off interception by Mallory. A step-by-step description of the process is provided after the illustration.
Version 2: Unsigned Keys and Unsigned Messages with Interception
The following illustration shows key and message flow with a man-in-the-middle attack. The CNG example demonstrates this procedure when you select version 2 and enable interception by Mallory.
Version 3: Signed Keys and Signed Messages with Interception
The following illustration shows cryptographic key and message flow, a man-in-the-middle attack, and the use of digital signatures to sign keys and messages. The CNG example demonstrates this scenario when you select version 3 and enable interception by Mallory.
Version 4: Signed Keys and Signed Messages with Detection
The following illustration shows cryptographic key and message flow, a man-in-the-middle attack, and the use of digital signatures to sign keys and messages. In addition, the version 4 software detects invalid signatures. The CNG example demonstrates this scenario when you select version 4 and enable interception by Mallory.
Version 5: Signed Keys and Signed Messages with Session Termination
The following illustration shows cryptographic key and message flow, a man-in-the-middle attack, and the use of digital signatures to sign keys and messages. As in version 4, invalid signatures are detected. The CNG example demonstrates this scenario when you select version 5 and enable Interception by Mallory.