Jump to content

  • Log In with Google      Sign In   
  • Create Account

We're offering banner ads on our site from just $5!

1. Details HERE. 2. GDNet+ Subscriptions HERE. 3. Ad upload HERE.


Don't forget to read Tuesday's email newsletter for your chance to win a free copy of Construct 2!


Can two strangers communicate securely without a friend?


Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.

  • You cannot reply to this topic
32 replies to this topic

#21 DevLiquidKnight   Members   -  Reputation: 834

Posted 06 February 2013 - 12:49 PM

Man in the middle and non-repudiation are orthogonal. Please explain how to detect MITM without a shared secret or trusted party (using "modern cryptography")

This is beyond the scope of this thread, and you are once again putting words in my mouth, if you want to understand how this works I suggest you research it yourself. Nothing I can post on this forum short of an introduction to cryptography could explain this to you.

 

It is indeed very black and very white. There is nothing in between being secure and not secure. Claiming something different, is somewhat disqualifying, if I'm allowed to say.

Seems like your practically trolling here. Nothing is secure and nothing ever will be secure, the only thing that is 100% secure would be not being born in the first place. Unless you care to provide an example of 100% perfect security.

 

A wrong analogy based on wrong assumptions. No sane person will trust abank, not only because banks are demonstrably not  secure, but more importantly because bankers are criminals. However, trusting a bank with your money is the lesser evil compared to having it in your house. The risk of losing everything is several orders of magnitude smaller (at least, in some countries).

Obviously another miscommunication problem here? By "trust your bank" I merely mean you put your money in it, and are safe with doing so knowing that it will be safe. I am not talking about investments, or any political issues regarding bankers.


Edited by DevLiquidKnight, 06 February 2013 - 12:50 PM.


Sponsor:

#22 Bacterius   Crossbones+   -  Reputation: 9066

Posted 06 February 2013 - 12:56 PM

You guys seem to not be on the same wavelength - are you talking about theoretical cryptography, or real life security (which includes stuff like social engineering, trusted entities going rogue, etc..)? Clearly some things that are "secure" in one model are completely "insecure" in the other, and vice versa.


The slowsort algorithm is a perfect illustration of the multiply and surrender paradigm, which is perhaps the single most important paradigm in the development of reluctant algorithms. The basic multiply and surrender strategy consists in replacing the problem at hand by two or more subproblems, each slightly simpler than the original, and continue multiplying subproblems and subsubproblems recursively in this fashion as long as possible. At some point the subproblems will all become so simple that their solution can no longer be postponed, and we will have to surrender. Experience shows that, in most cases, by the time this point is reached the total work will be substantially higher than what could have been wasted by a more direct approach.

 

- Pessimal Algorithms and Simplexity Analysis


#23 Matias Goldberg   Crossbones+   -  Reputation: 3570

Posted 06 February 2013 - 01:16 PM

The answer is yes and no.

 

The third "friend" makes things a lot simplier. But it's not really needed.

You want to establish a secure connection between John & Jane? Make John meet Jane in a public bar (or make one go to the other's home/office), make them exchange USB keys with their public keys. Go back home.

 

Congratulations, now you can establish secure connections with your buddy.

It's not a joke. That's how it works really. "Third party friends" like Verizon are actually doing this, Jane (having a server) asks Verizon to sign his certificate, and Verizon asks for Jane proof of her identity (how strong the proof they ask may depend on the company); then agrees to sign it.

 

And you blindly believe in the root certificates that were installed in your system, which often you get them when installing your OS (i.e. Windows), because you blindly trust Microsoft. (I'm not using "blind trust" in a derogatory form).

This is why they advice not to install Windows OS downloaded from torrents (whether cracked/pirated or with a legit key). Because the root certificates (among other things) may have been tampered, and you will blindly believing in the root certificates that you downloaded from a torrent; you didn't get them from a Microsoft-approved store.

 

Trust is delicate issue. In our original example of John & Jane; if Jane convinced John she's a bank employee, do you really trust her? Exchanging usb with public keys will ensure a "secure connection" but it doesn't guarantee she's telling the truth.

Did you phone your bank to check Jane works there? Did you ensure your phone line was not tampered and routed to a fake bank? Did you visit the bank personally to verify this? Did you check with the Federal Government that the Bank has a valid license to operate? Are you sure this isn't a government conspiracy against you?

You have to draw the line somewhere; when are you willing to start trusting or not.

 

 

Is it even theoretically possible for two complete strangers to securely communicate without a mutual friend?

Yes, absolutely! Just exchange your keys in a private way (i.e. John & Jane example). The connection will be encrypted and no one else will see it. It's troublesome though, to do this every time with every person you expect to meet.

However if "Harold" already exchanged w/ Jane, and Jane tells John he's of trust, John & Harold may communicate securely too, providing John trusts Jane. This is what "mutual friend" firms do, they do all the hassle for us by making it a business & living of it.

 

 

If the two strangers have no trusted mutual friend, then they can't validate certificates with their trusted mutual friend, and thus can't be entirely sure there isn't a man in the middle.

That problem goes around a deeper problem not much related with code, but rather more philosophical: "what is trust?"


Edited by Matias Goldberg, 06 February 2013 - 01:22 PM.


#24 Servant of the Lord   Crossbones+   -  Reputation: 20348

Posted 06 February 2013 - 03:36 PM

I wouldn't use rand() its bound to be pseudo random.

Any message encoded with a one time pad is as good as any other message of equal length, if you don't have the key -- since it is equivalent to every other message of equal length, depending on the key used.

Therefore, a pseudo-random message is not any worse than any other message. The unknown person you communicate with does not have the key, so gibberish remains gibberish. You can as well optimize this and use the output of rand() or send concatenations of "1234567890abcdef" (for every arbitrary message!). It is no more and no less meaningless.

The whole strength of a onetime pad is that it is only used once.
The longer the message is, the more data you'll need, and the more rand() will repeat, making the communication (or multiple communication over months and years) more and more vulnerable.

What's needed is something that's constantly changing, and never repeating. Pi, if it wasn't so well known, is a good example. The static background noise from radiowaves in space is also good and unless someone else recorded in the exact same direction as you, at the exact same time, with the exact same level of equipment, nobody else will ever have that key.

However, if you don't need perfection, I'd just grab two dozen DVDs and use the video and audio as bytedata, multiplying them by each other and tossing the bytedata of Google Image results over that as well. You could even make the DVD name be your 'key' (whispered in-person to the other party). The Complete Bluray disc set of Planet Earth would make a large enough block of data. laugh.png But, like pi, it'd be a key that is publicly available and your only security in that situation would be obscurity, which is only the illusion of security.


It's perfectly fine to abbreviate my username to 'Servant' rather than copy+pasting it all the time.
All glory be to the Man at the right hand... On David's throne the King will reign, and the Government will rest upon His shoulders. All the earth will see the salvation of God.
Of Stranger Flames - [indie turn-based rpg set in a para-historical French colony] | Indie RPG development journal

[Fly with me on Twitter] [Google+] [My broken website]

[Need web hosting? I personally like A Small Orange]


#25 ddn3   Members   -  Reputation: 1307

Posted 06 February 2013 - 04:56 PM

Arn't one time ciphers secure for one time communication if you and your friend have both agreeded upon a cipher sure you can communicate securely, but that pre-supposes you already communicated before hand and was that secure? Who knows.. This is immune to man in the middle and most statistical analysis attacks.



#26 Hodgman   Moderators   -  Reputation: 31076

Posted 06 February 2013 - 06:29 PM

if you and your friend have both agreeded upon a cipher sure you can communicate securely, but that pre-supposes you already communicated before hand and was that secure?

So if the answer is "no, you need a trusted friend or a common secret", then I guess the real question of the thread is what are some practical ways of establishing a common secret or friend with a stranger?

 

If you're physically nearby, you can meet in person and be in close enough proximity that you can privately share some information without a MITM being able to intercept it. If that's not practical, are there other 'challenges' you can make which only the intended recipient can complete? e.g. something where the MITM would have to travel to the physical location of either party to know the answer, etc...?

 

you are once again putting words in my mouth

You missed the fact that the OP is asking about situations where you don't have a trusted 3rd party or a shared secret.
Samoth is putting words in your mouth because you're making suggestions that do require a shared secret, and he's assuming that you think these are valid in the OP's situation.
 
To decode Samoth's jab at you: One-time-pads are a shared secret. The OP's situation requires no shared secrets. Therefore sending a message encrypted with a one-time-pad is the same as sending random jibberish -- the recipient cannot possibly decode either.
 
@Samoth, stop picking at him, he obviously missed the bit where the OP wants to communicate without a shared secret, or alternatively, be more direct with your critique tongue.png 
 

The static background noise from radiowaves in space is also good and unless someone else recorded in the exact same direction as you, at the exact same time, with the exact same level of equipment, nobody else will ever have that key.

When I worked on gambling machines, this is what we used in order to ensure that no one could possibly guess the outcome of the games (along with ambient temperature, radiation, etc...). It's a genuine random number generator, instead of a PRNG.
It's impossible for someone outside the cabinet to take the exact same measurements, and the cabinet itself is secured with a pre-shared key -- literally, the government regulator is given a physical key in person.


Edited by Hodgman, 06 February 2013 - 06:44 PM.


#27 swiftcoder   Senior Moderators   -  Reputation: 10238

Posted 06 February 2013 - 09:39 PM

If you're physically nearby, you can meet in person and be in close enough proximity that you can privately share some information without a MITM being able to intercept it.

It is still very hard to guarantee that the person you are meeting is, in fact, the person you intended to meet, and not a skilled impersonator.

 

Unless you known this person already, or are introduced (in person) by a trusted 3rd party, the man-in-the-middle vector remains...


Tristam MacDonald - Software Engineer @Amazon - [swiftcoding]


#28 Hodgman   Moderators   -  Reputation: 31076

Posted 06 February 2013 - 10:00 PM

If you're physically nearby, you can meet in person and be in close enough proximity that you can privately share some information without a MITM being able to intercept it.

It is still very hard to guarantee that the person you are meeting is, in fact, the person you intended to meet, and not a skilled impersonator.

 

Unless you known this person already, or are introduced (in person) by a trusted 3rd party, the man-in-the-middle vector remains...

Huh, yeah... if you ask someone to meet you at the town square to exchange keys, a MITM could intercept the message and change it to say that you want to meet at starbucks. They then meet you at the town-square, and meet 'the stranger' at starbucks, exchanging their own key with both of you, and gathering both of your own keys... They can then continue to act as a MITM, forwarding your messages to 'the stranger' via themselves.



#29 Servant of the Lord   Crossbones+   -  Reputation: 20348

Posted 07 February 2013 - 12:13 AM

The static background noise from radiowaves in space is also good and unless someone else recorded in the exact same direction as you, at the exact same time, with the exact same level of equipment, nobody else will ever have that key.

When I worked on gambling machines, this is what we used in order to ensure that no one could possibly guess the outcome of the games (along with ambient temperature, radiation, etc...). It's a genuine random number generator, instead of a PRNG.

I think I got that from Bruce Schneier's 'Secrets and Lies' book, which was an interesting read for a layman like myself.

 

It is still very hard to guarantee that the person you are meeting is, in fact, the person you intended to meet, and not a skilled impersonator.
 
Unless you known this person already, or are introduced (in person) by a trusted 3rd party, the man-in-the-middle vector remains...

Huh, yeah... if you ask someone to meet you at the town square to exchange keys, a MITM could intercept the message and change it to say that you want to meet at starbucks. They then meet you at the town-square, and meet 'the stranger' at starbucks, exchanging their own key with both of you, and gathering both of your own keys... They can then continue to act as a MITM, forwarding your messages to 'the stranger' via themselves.

That happened in Mission Impossible: Ghost Protocol. rolleyes.gif


It's perfectly fine to abbreviate my username to 'Servant' rather than copy+pasting it all the time.
All glory be to the Man at the right hand... On David's throne the King will reign, and the Government will rest upon His shoulders. All the earth will see the salvation of God.
Of Stranger Flames - [indie turn-based rpg set in a para-historical French colony] | Indie RPG development journal

[Fly with me on Twitter] [Google+] [My broken website]

[Need web hosting? I personally like A Small Orange]


#30 Cornstalks   Crossbones+   -  Reputation: 6991

Posted 07 February 2013 - 12:22 AM

Guys (and gals?), this has been an awesome thread to read. I'm wishing I hadn't posted it in the Lounge so that I could give upvotes galore! I just wanted to say thanks. Carry on :)


[ I was ninja'd 71 times before I stopped counting a long time ago ] [ f.k.a. MikeTacular ] [ My Blog ] [ SWFer: Gaplessly looped MP3s in your Flash games ]

#31 Net Gnome   Members   -  Reputation: 773

Posted 07 February 2013 - 04:29 AM

Yea, the Two General's Problem has no perfect solution and I believe was proven to be impossible to solve, so only pragmatic mitigations exist: accept that you will never have security, and mitigate that as much as possible


Edited by Net Gnome, 07 February 2013 - 04:35 AM.


#32 Bregma   Crossbones+   -  Reputation: 5248

Posted 07 February 2013 - 08:00 AM

I've been thinking about encryption this morning (and I have no clue why) and I started thinking about if it's at all possible for two strangers to establish a secure connection. I'm having my doubts, but I don't know a whole lot about encryption.

Yes.  There are several well-known algorithms that can be used to establish an encrypted communication channel without the cleartext exchange of secret keys.  A classic example is the use of Diffie-Hellman, in which a large number is agreed upon (exchanged in the clear) and then each party chooses a relatively prime factor and exchange some information using those factors to discover a mutually common secret key without actually revealing their secrets.  Very cunning.

 

Establishing an encrypted channel between two parties is a relatively simple and straightforward solved problem.

 

Where you might run into trouble is in mutual authentication.  This is an entirely different problem from encrypted communication, although many authentication solutions rely on the establishment of encrypted communication to be effective.  Almost all authentication mechanisms rely on a trusted third party somewhere along the line.

 

Security is a feeling, not a science.  Pretty much anything useful has some sort of security vulnerability, at least potentially.


Stephen M. Webb
Professional Free Software Developer

#33 Bacterius   Crossbones+   -  Reputation: 9066

Posted 07 February 2013 - 03:00 PM

Where you might run into trouble is in mutual authentication.  This is an entirely different problem from encrypted communication, although many authentication solutions rely on the establishment of encrypted communication to be effective.  Almost all authentication mechanisms rely on a trusted third party somewhere along the line.

But the underlying problem is that encrypted communication is absolutely useless without mutual authentication - and integrity - because you have no guarantee that what you send will be received intact (or at all) by the other party and you don't know (and cannot detect) if someone is impersonating the party you are communicating with. So you really have no privacy nor integrity, in the technical sense, without authentication. DH does not "establish an encrypted communication channel" at all, it permits secure key exchange on an insecure channel if and only if the two parties can authenticate each other. Without this condition it does not provide any security at all and you cannot communicate securely on said insecure channel.

 

In the theoretical sense, anyway, but an MITM is really not that difficult to mount if you really wanted to.


The slowsort algorithm is a perfect illustration of the multiply and surrender paradigm, which is perhaps the single most important paradigm in the development of reluctant algorithms. The basic multiply and surrender strategy consists in replacing the problem at hand by two or more subproblems, each slightly simpler than the original, and continue multiplying subproblems and subsubproblems recursively in this fashion as long as possible. At some point the subproblems will all become so simple that their solution can no longer be postponed, and we will have to surrender. Experience shows that, in most cases, by the time this point is reached the total work will be substantially higher than what could have been wasted by a more direct approach.

 

- Pessimal Algorithms and Simplexity Analysis





Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.



PARTNERS