[Cryptography] Public-key auth as envisaged by first-year science students

Thu Aug 11 16:10:28 EDT 2016

On 11 Aug 2016 09:56 -0400, from leichter at lrw.com (Jerry Leichter):
> The devil is, of course, in the details. You need to work the
> numbers to see how predictable the timing on legitimate exchanges
> is, and how quickly an attacker might be able to complete the MITM
> exchange.

One thing that strikes me about the scenario you describe (low
powered, point-to-point radio links over short distances perhaps using
omnidirectional antennas) is that the link budget would be appropriate
for the initial link distance (because to begin with, we assume no
MITM of any kind is present). Hence, two devices 100 meters apart have
a link budget that is appropriate for communication over 100 meters
plus change. Call these two initial devices talking to each other
Alice and Bob.

If someone injects a MITM, call it Mallory, in between Alice and Bob,
on a wireless network, then wouldn't Alice and Bob _still be able to
communicate directly_? Unless Mallory is doubly active (not only
functioning as a MITM attacker to intercept and handle communication
supposedly being passed between Alice and Bob, but also disrupting
attempts at direct communication between Alice and Bob), Alice should
still hear Bob's transmissions and Bob should still hear Alice's. So
if Alice sends a message to Bob, which Mallory is able to MITM and
where Mallory responds back to Alice, then _at the very least_ Alice
should also hear _Bob's_ response presumably with a slight delay
compared to that from Mallory, _and_ it's possible that Bob would hear
_Mallory's_ response.

Even if Mallory detects Alice transmitting to Bob the _instant_ the
source and target station IDs (in whatever form) passes Mallory, and
_instantly_ starts jamming that transmission in such a way that
Mallory can still receive what Alice is transmitting, in that case at
the very least Bob will get _tons_ of garbled data over the wireless
network, which is easy to check for. And technology isn't instant;
even more so if it needs to be field re-programmable.

It's not like, the way it can be done with a cable splice, Mallory can
_selectively drop_ traffic originally intended by Alice to be sent to
Bob, or vice versa. The radio waves don't really care that Mallory is
listening; Alice's radio transmission will happily barge on toward Bob
while Mallory is processing and responding to it back to Alice. So
even if Mallory beats Bob to responding to Alice's request, Bob _too_
will respond in the same way.

I'm not sure if this can be exploited, but intuitively, it seems like
**it should be possible to at least _detect_ Mallory's presence in a
scenario similar to what you describe simply by the fact that messages
are _consistently_ responded to twice.** At that point, obviously
Mallory is already a part of the network, but this kind of
abnormalities in the message-passing could be enough to sound the
well-famed intruder alert. Especially in a controlled environment, if
a node that you _should_ hear suddenly goes silent, or starts
responding twice to everything you pass to it, that _in itself_ could
be interesting information for a monitoring station _even if_ it isn't
necessarily caused by any malicious party at all. It wouldn't be very
hard to stretch this out to _all_ nodes on the network monitoring the
traffic that they can hear, and sounding the alarm if they hear nodes
consistently starting to respond twice to the same message.

-- 
Michael Kjörling • https://michael.kjorling.se • michael at kjorling.se
                 “People who think they know everything really annoy
                 those of us who know we don’t.” (Bjarne Stroustrup)