This is a real scenario when a sender S is. for instance, a laptop manufacturer and wishes to send the laptop It a specific update in a secure manner, but all cryptographic material that S has is a certificate (i.e., a public key) of the TPM (trusted platform module) it had placed on-board It. Below, we give a protocol to possibly cater for this scenario.
Figure 2: Timed Public-keys Protocol II
In Figure 2. the protocol II is depicted. It is a protocol between a sender 5 (i.e.. the manufacturer in the scenario above), a receiver It (i.e., the laptop in the scenario above) and a TPM T on-board It. As we said, the aim of the protocol is that S sends securely a message to It. but S does not have It’s public key nor does it share a symmetric key with It. However, S does know the public key PubrrM of the TPM T found on board R.
The channel/communication between It and T is private (i.e., by “private” here, we just mean inaccessible to a Dolev-Vao attacker). The channel between S and R is public (i.e., accessible to a Dolev-Yao attacker).
The protocol is as follows. 5 tells R that it wishes to send a message: i.e.. “begin” is sent. It demands T to generate a pair of public and secret keys SK, PR for R. The TPM T generates
these and a ticket tc stating how long they are valid for. It then sends the public key PK, the ticket tc to R and a signature on these. Then. R sends the signature to 5. Then, 5 sends R the message in concatenated with tr, all encrypted with PK and signed by S. Upon verification of the signature. R sends the packet from 5 to T to be decrypted and verified against le. If te is correct, then R receives m back from T.
All signatures are with extraction meaning one can verify them and at the same time find the message inside
Questions
1 Model the protocol TI in Scyther Explain your modelling choices How have you modelled the private channel between T and R ? Include the Scyther model (i.e. the spdl file) as a separate file with your submission.
(10%)
2. Check the following security goals in Scyther:
– agreement on message m between S, R. and T:
– synchronisation between .S’, /?. and T;
Express these 3-party goals as best you can.
Explain your modelling and findings
[5%)
3 If you find any attack in the above, modify the protocol and check the modification does indeed stop the attack.
[5%)
4 Apart from the results of the analysis you do in Scyther. do you think the protocol II is an appropriate solution for the 3-party problem presented? Could you improve on it. from any viewpoint, security or otherwise? Explain your answer.
Here, the idea is that in Scyther you have a Dolev-Yao attacker, but there are other threat models that you have heard of in the course Can you pass your own security judgement on this protocol? E g., do you that ‘ begin” message is a good idea? What if the signature of S is forgeable’ (these are just some examples, but the idea is can you break this protocol, yourself, beyond what Scyther tells you7 If not. can you make an argument as to why?)
The post Figure 2: Timed Public-keys Protocol II In Figure 2. the protocol II is depicted. It is a protocol between a sender 5 (i.e.. the manufacturer in the scenario above), a receiver It (i.e., the laptop in the scenario above) and a TPM T on-board It. As we said, the aim of the protocol is that S sends securely a message to It. but S does not have It’s public key nor does it share a symmetric key with It. However, S does know the public key PubrrM of the TPM T found on board R. The channel/communication betwee appeared first on My Academic Papers.
