[Cryptography] Public-key auth as envisaged by first-year science students

Jerry Leichter leichter at lrw.com
Thu Aug 11 09:56:07 EDT 2016 

>> Location-limited channels: Detect how long it takes for messages to go back
>> and forth, the MITM will introduce delays.
> 
> You would have to know in advance how long the connection should take
> and during bad internet weather you wouldn't be able to authenticate at
> all. Not very useful.
Beware of gross over-generalizations.  Not all communications is long range or over a general-purpose network.  There are plenty of potential applications where the delays for legitimate communications are predictably short.  Within a data center, say.

Or consider a bunch of sensor nodes scattered over an area that need to set up secure communications among themselves, without allowing an attacker into the network.  There's plenty of work on this problem that rely on "continuity of identity":  Each node initially does a DH exchange of some sort with nearby neighbors (on the assumption that no attacker is likely to be nearby when it first arrives), then uses the agreed-upon keys to make sure that it's continuing to talk to the same neighbors.

Typically, we expect that each node should only communicate with nodes no further from it than, say, 100 meters.  One implicit part of the protocol is the use of very low power radio, on the assumption that if there are any attackers, they are probably far enough away during initial configuration that they won't even hear the setup communication.  (Later, they can detect it - or detect a higher-power "call home" uplink - but by then it's too late to join the network.)  But maybe the attacker has already seeded some nodes nearby.  Adding a check of expected round-trip times might be a good additional security measure:  We know what the devices involved are and how long they should take to complete their part of the exchange.

The devil is, of course, in the details.  You need to work the numbers to see how predictable the timing on legitimate exchanges is, and how quickly an attacker might be able to complete the MITM exchange.
                                                        -- Jerry

More information about the cryptography mailing list