• Announcements

    • khawk

      Download the Game Design and Indie Game Marketing Freebook   07/19/17

      GameDev.net and CRC Press have teamed up to bring a free ebook of content curated from top titles published by CRC Press. The freebook, Practices of Game Design & Indie Game Marketing, includes chapters from The Art of Game Design: A Book of Lenses, A Practical Guide to Indie Game Marketing, and An Architectural Approach to Level Design. The GameDev.net FreeBook is relevant to game designers, developers, and those interested in learning more about the challenges in game development. We know game development can be a tough discipline and business, so we picked several chapters from CRC Press titles that we thought would be of interest to you, the GameDev.net audience, in your journey to design, develop, and market your next game. The free ebook is available through CRC Press by clicking here. The Curated Books The Art of Game Design: A Book of Lenses, Second Edition, by Jesse Schell Presents 100+ sets of questions, or different lenses, for viewing a game’s design, encompassing diverse fields such as psychology, architecture, music, film, software engineering, theme park design, mathematics, anthropology, and more. Written by one of the world's top game designers, this book describes the deepest and most fundamental principles of game design, demonstrating how tactics used in board, card, and athletic games also work in video games. It provides practical instruction on creating world-class games that will be played again and again. View it here. A Practical Guide to Indie Game Marketing, by Joel Dreskin Marketing is an essential but too frequently overlooked or minimized component of the release plan for indie games. A Practical Guide to Indie Game Marketing provides you with the tools needed to build visibility and sell your indie games. With special focus on those developers with small budgets and limited staff and resources, this book is packed with tangible recommendations and techniques that you can put to use immediately. As a seasoned professional of the indie game arena, author Joel Dreskin gives you insight into practical, real-world experiences of marketing numerous successful games and also provides stories of the failures. View it here. An Architectural Approach to Level Design This is one of the first books to integrate architectural and spatial design theory with the field of level design. The book presents architectural techniques and theories for level designers to use in their own work. It connects architecture and level design in different ways that address the practical elements of how designers construct space and the experiential elements of how and why humans interact with this space. Throughout the text, readers learn skills for spatial layout, evoking emotion through gamespaces, and creating better levels through architectural theory. View it here. Learn more and download the ebook by clicking here. Did you know? GameDev.net and CRC Press also recently teamed up to bring GDNet+ Members up to a 20% discount on all CRC Press books. Learn more about this and other benefits here.
Sign in to follow this  
Followers 0
Cornstalks

Can two strangers communicate securely without a friend?

28 posts in this topic

I've been thinking about encryption this morning (and I have no clue why) and I started thinking about if it's at all possible for two strangers to establish a secure connection. I'm having my doubts, but I don't know a whole lot about encryption.

 

Today, we use SSL to try and establish a secure connection, but it relies on mutual friends of the two strangers (or in other words, certificates and certificate authorities). If the two strangers have no trusted mutual friend, then they can't validate certificates with their trusted mutual friend, and thus can't be entirely sure there isn't a man in the middle.

 

Is it even theoretically possible for two complete strangers to securely communicate without a mutual friend?

0

Share this post


Link to post
Share on other sites

isn't this what public/private key's are for?

 

they exchange their public keys, encrypt their data to be sent with that public key, then decrypt with their own private keys.

0

Share this post


Link to post
Share on other sites
Assuming "quantum cryptography" is not a consideration (does anyone have a working implementation?), no. You need a shared secret of some kind (which complete strangers do not have) or a trusted third party to authenticate parties. Without a form of authentication, it is [i]not really[/i] secure, ever. Though there exist several three-pass protocols (e.g. Shamir) which presumably let you "securely" send a message to someone else without needing to distribute or exchange keys, they're [i]still[/i] susceptible to a man-in-the-middle attack without a secret.
0

Share this post


Link to post
Share on other sites
 

isn't this what public/private key's are for?
 
they exchange their public keys, encrypt their data to be sent with that public key, then decrypt with their own private keys.

Vulnerable to man-in-the-middle.

Assume you want to contact this hot girl from the chat room and ask for her key. I intercept that key and send you mine instead. You send her your key, which I replace by my key as well. What now?

This works, reliably, if you have someone signing your keys. Not otherwise.
0

Share this post


Link to post
Share on other sites

 

isn't this what public/private key's are for?
 
they exchange their public keys, encrypt their data to be sent with that public key, then decrypt with their own private keys.

Vulnerable to man-in-the-middle.

Assume you want to contact this hot girl from the chat room and ask for her key. I intercept that key and send you mine instead. You send her your key, which I replace by my key as well. What now?

This works, reliably, if you have someone signing your keys. Not otherwise.

that is very true, didn't think about the man in the middle distributing his key instead.

0

Share this post


Link to post
Share on other sites

As an extension of the man-in-the-middle issue, how do you establish trust in the first place (i.e. how do you know who the other end is)?

 

Securely communicating with a random stranger is not useful. Since you don't know who they are, you have no idea what they are doing with your communication.

 

As a more concrete example: you find a website selling high-end laptops for $100 each. You are naturally cautious, but their order form has an SSL certificate. If the order form is secure, it must be safe to order, right?

0

Share this post


Link to post
Share on other sites

It is entirely possible to communicate securely without a friend, you should read more about cryptography. Man in the middle attacks can be detected with modern day cryptography, and it is possible to authentic that who you are talking to is indeed who you intend to talk to. Is this 100% full proof? No.

SSL is not the only way secure communication can be achieved, you could simply use a one time pad.

Edited by DevLiquidKnight
0

Share this post


Link to post
Share on other sites

As an extension of the man-in-the-middle issue, how do you establish trust in the first place (i.e. how do you know who the other end is)?

Yeah, that's basically what I was thinking about this morning. If you want to talk to a complete stranger, you can't possibly know if you're talking to the right stranger without relying on someone else telling you "Yeah, that's the right guy."
 

Securely communicating with a random stranger is not useful. Since you don't know who they are, you have no idea what they are doing with your communication.

Well, yes, if they're a complete stranger you've got no clue what they're doing with the information you're sending them. But I was more interested in whether or not the sending and receiving of messages can be secure or not.
 

As a more concrete example: you find a website selling high-end laptops for $100 each. You are naturally cautious, but their order form has an SSL certificate. If the order form is secure, it must be safe to order, right?

Seems legit. Ha, nice example.

 

It is entirely possible to communicate securely without a friend, you should read more about cryptography.

Ooo, interesting. If there's a book that is a "light read" and explains things in simple English then I'd definitely be interested, if you know of any. On the other hand, if the only books covering that stuff are full of technical and algorithmic detail I'd probably rather just have someone explain it to me like I'm 4 :)

 

Man in the middle attacks can be detected with modern day cryptography, and it is possible to authentic that who you are talking to is indeed who you intend to talk to. Is this 100% full proof? No.

Can you elaborate on what kind of attacks we're still vulnerable to?

0

Share this post


Link to post
Share on other sites

As for attacks we are vulnerable too, I imagine side-channel and implementation attacks being the primary target now of days.

And never discount good old-fashioned social engineering.

0

Share this post


Link to post
Share on other sites

Humor me on this:

There's an old story or something about how can two people exchange an item locked in a chest via a courier. 

Obviously putting a lock on the chest and sending the key with the courier allows the courier to unlock it. Likewise, sending the key along any other courier or different time still makes the transaction insecure.

So, the solution requires 3 transports in total.

1. Person A puts a lock on the chest, and send the locked chest, without the key, to person B. The key isn't sent at all, it remains with person A.

2. Person B puts a second lock on the chest, and sends the now doubly-locked chest back to person A, while keeping his own key with him at all times.

3. Person A unlocks his lock, since he's the only one that has the key, and sends person B the chest, which is now locked with the lock placed by person B only.

 

I know this isn't exactly a perfect analogy for digital communication. In digital communication, someone can observe a message before/after encryption - but I'm not encryption expert, so I'm not sure if its possible to devise a one-time algorithm to encrypt something, in a way that seeing both an encrypted and a decrypted message won't give away the key. This is the big IF that I see.

 

There's also the point that the two encryption methods used need to be compatible in a sense that decrypting a doubly-encrypted message will leave only the other encryption in place, and will then reveal the original message when the other encryption is removed. (that make sense? it's hard to word correctly)

0

Share this post


Link to post
Share on other sites

*snip*

Isn't that still susceptible to man in the middle attacks? i.e. what if the courier service doesn't deliver the package to person B, but instead puts their own lock on the chest and gives it back to person A. Person A has no idea the second lock on there is the courier's and not person B's, so they unlock their lock and send it back. The courier service now unlocks their own lock, observes the contents of the chest (changing them if they feel like it), puts their lock back on it, and sends the chest to person B. Person B doesn't know it's the courier's lock on there and not person A's, so they put their lock on it, send it back, and the courier service unlocks their own lock and returns the chest. Person B gets the chest, unlocks their own lock, and observes the contents of the chest (which now the courier service could have altered, or at least observed the secret).
0

Share this post


Link to post
Share on other sites

....

 

That is what asymmetric cryptography solves. If I understand what you are saying correctly.

Edited by DevLiquidKnight
0

Share this post


Link to post
Share on other sites

Isn't that still susceptible to man in the middle attacks [snip]

Yeah, I thought about that too, but your example makes it clear. Seems that it indeed would be.

 

That is what asymmetric cryptography solves. If I understand what you are saying correctly

My understanding of asymmetric cryptography is that you make the encryption key public, but the decryption key private, and generate those keys in a way that makes it hard to figure out the private key even if you know the public key. I was hoping that if you could keep both the encryption and decryption private you would get around that, but obviously as Cornstalks pointed out it's still quite vulnerable.

0

Share this post


Link to post
Share on other sites

Both one-time pads and Diffie-Helman Key Exchange (what Milcho is describing) are vulnerable to man-in-the-middle attacks because in both methods, information must be sent insecurely before security can be established.

 

It's technically impossible to establish security insecurely.  At some point, you just have to take a shot in the dark, or connect to an existing infrastructure that already did (e.g. SSL).

0

Share this post


Link to post
Share on other sites

*snip*

Isn't that still susceptible to man in the middle attacks? i.e. what if the courier service doesn't deliver the package to person B, but instead puts their own lock on the chest and gives it back to person A. Person A has no idea the second lock on there is the courier's and not person B's, so they unlock their lock and send it back. The courier service now unlocks their own lock, observes the contents of the chest (changing them if they feel like it), puts their lock back on it, and sends the chest to person B. Person B doesn't know it's the courier's lock on there and not person A's, so they put their lock on it, send it back, and the courier service unlocks their own lock and returns the chest. Person B gets the chest, unlocks their own lock, and observes the contents of the chest (which now the courier service could have altered, or at least observed the secret).

 

Yes. Secure communication in the classical sense (i.e. no quantum key exchange) is unconditionally impossible* without securely pre-exchanging something. The shared information can take any form - SSL certificates are exactly that, since you trust that they prove the server's identity since they cannot be forged without attacking the SSL infrastructure (which is human-controlled and thus quite reliable).

 

My understanding of asymmetric cryptography is that you make the encryption key public, but the decryption key private, and generate those keys in a way that makes it hard to figure out the private key even if you know the public key. I was hoping that if you could keep both the encryption and decryption private you would get around that, but obviously as Cornstalks pointed out it's still quite vulnerable.

 

Yes, but the challenge is making sure the public key actually arrives to its destination. If you don't securely send your public key to the recipient, anyone can intercept it, replace it with his own public key, and mount an MITM. And now you have the same problem, how to send the public key securely? This is the problem SSL certificates solve.

 

* there are ways around this but they are quite unreliable (in particular, forcing the public key operations to take very long, so that an MITM can be detected temporally... but note this technically requires you to have access to a secure time source, and so on).

0

Share this post


Link to post
Share on other sites

It is entirely possible to communicate securely without a friend, you should read more about cryptography.

Yes certainly, if you have a shared secret. Which you don't have.

Man in the middle attacks can be detected with modern day cryptography, and it is possible to authentic that who you are talking to is indeed who you intend to talk to.

Since I'm apparently lacking the cryptographic knowledge, would you care to explain how to detect MITM without a shared secret or a trusted party?

Seeing how you don't know the person you're talking to, how can you be sure that random-guy is not random-other-guy, and how can random-guy be sure that some message he receives is from you and not someone else?

Is this 100% full proof? No.

Which means no more and no less: You cannot securely communicate. Unless you re-define the word "secure" as something else. A secure scheme that is 99% secure is 0% secure.

SSL is not the only way secure communication can be achieved, you could simply use a one time pad.

Of course a one time pad is immensely useful for communicating with a stranger. It simplifies the communication greatly because you do not need logic for handling the message or its integrity. You can just write the output of [tt]rand()[/tt] to a socket, because nobody is going to decipher it anyway :)

This goes hand in hand with compressing a message of any length to 4 bytes using a CRC. :)
0

Share this post


Link to post
Share on other sites

SSL is not the only way secure communication can be achieved, you could simply use a one time pad.

The one-time-pad doesn't provide "secure communication", it provides privacy (and only privacy) against a computationally unbounded attacker (an attacker with infinite computational power) which is anyway almost never required in any sensible modern security scheme (we tend to prefer practical security bounds to protect against attackers with reasonable computational power). And you require a pretty massive key exchange in order to make it work, so it doesn't really "solve" anything.

Edited by Bacterius
0

Share this post


Link to post
Share on other sites

Since I'm apparently lacking the cryptographic knowledge, would you care to explain how to detect MITM without a shared secret or a trusted party?

Obviously a miscommunication problem here, I never said you did not need a third party to provide non-repudiation in this case. I merely stated its possible to communicate securely.

 

 

Which means no more and no less: You cannot securely communicate. Unless you re-define the word "secure" as something else. A secure scheme that is 99% secure is 0% secure.

Defining what security is, is an area of grays not black and whites. You trust your bank, its not 100% secure either. Most companies that require additional security will employ more then just cryptography.


 

Of course a one time pad is immensely useful for communicating with a stranger. It simplifies the communication greatly because you do not need logic for handling the message or its integrity. You can just write the output of rand() to a socket, because nobody is going to decipher it anyway.

I wouldn't use rand() its bound to be pseudo random.

Edited by DevLiquidKnight
0

Share this post


Link to post
Share on other sites

explain how to detect MITM without a shared secret or a trusted party?

Obviously a miscommunication problem here, I never said you did not need a third party to provide non-repudiation in this case. I merely stated its possible to communicate securely.
Man in the middle and non-repudiation are orthogonal. Please explain how to detect MITM without a shared secret or trusted party (using "modern cryptography")

Defining what security is, is an area of grays not black and whites.

It is indeed very black and very white. There is nothing in between being secure and not secure. Claiming something different, is somewhat disqualifying, if I'm allowed to say.

You trust your bank, its not 100% secure either.

A wrong analogy based on wrong assumptions. No sane person will trust a bank, not only because banks are demonstrably not secure, but more importantly because bankers are criminals. However, trusting a bank with your money is the lesser evil compared to having it in your house. The risk of losing everything is several orders of magnitude smaller (at least, in some countries).

A bank may not be perfectly safe against robbery, but the threshold is high, penalties are deterring, and there is an insurance. A communication protocol that is not perfectly safe against being tampered will be exploited the next day by every 12 year old downloading a script off the internet.

I wouldn't use rand() its bound to be pseudo random.

Any message encoded with a one time pad is as good as any other message of equal length, if you don't have the key -- since it is equivalent to every other message of equal length, depending on the key used.

Therefore, a pseudo-random message is not any worse than any other message. The unknown person you communicate with does not have the key, so gibberish remains gibberish. You can as well optimize this and use the output of [tt]rand()[/tt] or send concatenations of "1234567890abcdef" (for every arbitrary message!). It is no more and no less meaningless.
0

Share this post


Link to post
Share on other sites

Man in the middle and non-repudiation are orthogonal. Please explain how to detect MITM without a shared secret or trusted party (using "modern cryptography")

This is beyond the scope of this thread, and you are once again putting words in my mouth, if you want to understand how this works I suggest you research it yourself. Nothing I can post on this forum short of an introduction to cryptography could explain this to you.

 

It is indeed very black and very white. There is nothing in between being secure and not secure. Claiming something different, is somewhat disqualifying, if I'm allowed to say.

Seems like your practically trolling here. Nothing is secure and nothing ever will be secure, the only thing that is 100% secure would be not being born in the first place. Unless you care to provide an example of 100% perfect security.

 

A wrong analogy based on wrong assumptions. No sane person will trust abank, not only because banks are demonstrably not  secure, but more importantly because bankers are criminals. However, trusting a bank with your money is the lesser evil compared to having it in your house. The risk of losing everything is several orders of magnitude smaller (at least, in some countries).

Obviously another miscommunication problem here? By "trust your bank" I merely mean you put your money in it, and are safe with doing so knowing that it will be safe. I am not talking about investments, or any political issues regarding bankers.

Edited by DevLiquidKnight
0

Share this post


Link to post
Share on other sites

You guys seem to not be on the same wavelength - are you talking about theoretical cryptography, or real life security (which includes stuff like social engineering, trusted entities going rogue, etc..)? Clearly some things that are "secure" in one model are completely "insecure" in the other, and vice versa.

0

Share this post


Link to post
Share on other sites

The answer is yes and no.

 

The third "friend" makes things a lot simplier. But it's not really needed.

You want to establish a secure connection between John & Jane? Make John meet Jane in a public bar (or make one go to the other's home/office), make them exchange USB keys with their public keys. Go back home.

 

Congratulations, now you can establish secure connections with your buddy.

It's not a joke. That's how it works really. "Third party friends" like Verizon are actually doing this, Jane (having a server) asks Verizon to sign his certificate, and Verizon asks for Jane proof of her identity (how strong the proof they ask may depend on the company); then agrees to sign it.

 

And you blindly believe in the root certificates that were installed in your system, which often you get them when installing your OS (i.e. Windows), because you blindly trust Microsoft. (I'm not using "blind trust" in a derogatory form).

This is why they advice not to install Windows OS downloaded from torrents (whether cracked/pirated or with a legit key). Because the root certificates (among other things) may have been tampered, and you will blindly believing in the root certificates that you downloaded from a torrent; you didn't get them from a Microsoft-approved store.

 

Trust is delicate issue. In our original example of John & Jane; if Jane convinced John she's a bank employee, do you really trust her? Exchanging usb with public keys will ensure a "secure connection" but it doesn't guarantee she's telling the truth.

Did you phone your bank to check Jane works there? Did you ensure your phone line was not tampered and routed to a fake bank? Did you visit the bank personally to verify this? Did you check with the Federal Government that the Bank has a valid license to operate? Are you sure this isn't a government conspiracy against you?

You have to draw the line somewhere; when are you willing to start trusting or not.

 

 

Is it even theoretically possible for two complete strangers to securely communicate without a mutual friend?

Yes, absolutely! Just exchange your keys in a private way (i.e. John & Jane example). The connection will be encrypted and no one else will see it. It's troublesome though, to do this every time with every person you expect to meet.

However if "Harold" already exchanged w/ Jane, and Jane tells John he's of trust, John & Harold may communicate securely too, providing John trusts Jane. This is what "mutual friend" firms do, they do all the hassle for us by making it a business & living of it.

 

 

If the two strangers have no trusted mutual friend, then they can't validate certificates with their trusted mutual friend, and thus can't be entirely sure there isn't a man in the middle.

That problem goes around a deeper problem not much related with code, but rather more philosophical: "what is trust?"

Edited by Matias Goldberg
0

Share this post


Link to post
Share on other sites

I wouldn't use rand() its bound to be pseudo random.

Any message encoded with a one time pad is as good as any other message of equal length, if you don't have the key -- since it is equivalent to every other message of equal length, depending on the key used.

Therefore, a pseudo-random message is not any worse than any other message. The unknown person you communicate with does not have the key, so gibberish remains gibberish. You can as well optimize this and use the output of [tt]rand()[/tt] or send concatenations of "1234567890abcdef" (for every arbitrary message!). It is no more and no less meaningless.

The whole strength of a onetime pad is that it is only used once.
The longer the message is, the more data you'll need, and the more rand() will repeat, making the communication (or multiple communication over months and years) more and more vulnerable.

What's needed is something that's constantly changing, and never repeating. Pi, if it wasn't so well known, is a good example. The static background noise from radiowaves in space is also good and unless someone else recorded in the exact same direction as you, at the exact same time, with the exact same level of equipment, nobody else will ever have that key.

However, if you don't need perfection, I'd just grab two dozen DVDs and use the video and audio as bytedata, multiplying them by each other and tossing the bytedata of Google Image results over that as well. You could even make the DVD name be your 'key' (whispered in-person to the other party). The Complete Bluray disc set of Planet Earth would make a large enough block of data. laugh.png But, like pi, it'd be a key that is publicly available and your only security in that situation would be obscurity, which is only the illusion of security.

0

Share this post


Link to post
Share on other sites

Arn't one time ciphers secure for one time communication if you and your friend have both agreeded upon a cipher sure you can communicate securely, but that pre-supposes you already communicated before hand and was that secure? Who knows.. This is immune to man in the middle and most statistical analysis attacks.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0