I'll show you mine if you show me, er, mine

R.A. Hettinga rah at shipwright.com
Wed Feb 23 07:51:30 EST 2005 

<http://www.theregister.co.uk/2005/02/21/crypto_wireless/print.html>

The Register


 Biting the hand that feeds IT

The Register » Security » Identity »

 Original URL: http://www.theregister.co.uk/2005/02/21/crypto_wireless/

I'll show you mine if you show me, er, mine
By Lucy Sherriff (lucy.sherriff at theregister.co.uk)
Published Monday 21st February 2005 17:11 GMT

Security researchers have developed a new cryptographic technique they say
will prevent so-called stealth attacks against networks.

A stealth attack is one where the attacker acts remotely, is very hard to
trace, and where the victim may not even know he was attacked. The
researchers say this kind of attack is particularly easy to mount against a
wireless network.

The so-called "delayed password disclosure" protocol was developed by
Jakobsson and Steve Myers of Indiana University. The protocol allows two
devices or network nodes to identify themselves to each other without ever
divulging passwords.

The protocol could help secure wireless networks against fraud and identity
theft, and protect sensitive user data. The technique will be particularly
useful in ad-hoc networks, where two or more devices or network nodes need
to verify each others' identity simultaneously.

Briefly, it works like this: point A transmits an encrypted message to
point B. Point B can decrypt this, if it knows the password. The decrypted
text is then sent back to point A, which can verify the decryption, and
confirm that point B really does know point A's password. Point A then
sends the password to point B to confirm that it really is point A, and
knows its own password.

The researchers say that this will prevent consumers connecting to fake
wireless hubs at airports, or in coffee shops. It could also be used to
notify a user about phishing attacks, scam emails that try to trick a user
into handing over their account details and passwords to faked sites,
provide authentication between two wireless devices, and make it more
difficult for criminals to launder money through large numbers of online
bank accounts.

Jakobsson is hoping to have beta code available for Windows and Mac by the
spring, and code for common mobile phone platforms later in 2005.

More info available here (http://www.stealth-attacks.info). ®

Related stories

Hotspot paranoia: try to stay calm
(http://www.theregister.co.uk/2005/01/24/wi_fi_hotspot_security/)
Crypto researchers break SHA-1
(http://www.theregister.co.uk/2005/02/17/sha1_hashing_broken/)
Cyberpunk authors get the girls
(http://www.theregister.co.uk/2005/02/17/cyberpunk/)

© Copyright 2005

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list