CH3 - Protocols
From "Security Engineering" by Ross Anderson
What is a protocol?
A protocol specifies how principals (users, programs, computers, etc) communicate
The world’s payment system has dozens of protocols - between human and ATM, between ATM and bank, between banks, etc
Car key fob protocol
- Electronic car key broadcasts a serial number in cleartext to open the car
Problems:
- The serial number is only 16 bits. If you have 300 cars in parking lot, you only need to guess one of 300 serial numbers
- Serial number can be captured and played back later
- Lots of people (DMV, insurance, etc) know the serial number
Possible solutions:
- Just encrypt the serial number with some shared key. Problem - Attacker can just replay the ciphertext!
- Idea 1, but to mitigate capture/replay attacks, add a nonce
Parking garage key protocol
Say you scan a card to open a parking garage.
- Your card sends its serial number
- Then, the card sends encrypt([serial number, nonce])
Here, we concatenate the serial number and nonce and encrypt it with a card-specific key.
This note is incomplete.