4.2 WHO GOES THERE? BOB? IS THAT YOU?

EXERCISE 4.2: WHO GOES THERE? BOB? IS THAT YOU?

Assume the role of Eve and imagine that you know everything about Alice’s and Bob’s operation except the private key. That is, suppose you know about the classified ads, the carrier penguins, and even the encryption program. \(^5\) Their scheme is strengthened by using asymmetric encryption, but is still vulnerable to a MITM (man-in-the-middle) attack. How can Eve position herself such that she can trick Alice into sending messages that Eve can decrypt, and Bob into receiving only false messages from Eve instead of Alice?

\(^5\) Remember Kerckhoff’s principle? Here it is again!

---

Well, Eve can generate her own keys (lets suppose they are stored in the files eve_private_key.txt and eve_public_key.txt). Then she advertises her public key (eve_public_key.txt) as if it is Bob’s public key.

Alice will use Eve’s public key (thinking she is using the correct Bob’s public key) , encrypt her messages and sends them off. Eve being the MITM, will intercept this message and decrypt it (she can do this because it is encrypted by her public key).

Then Eve can edit the message sent by Alice, and re-encrypt the edited message by using Bob’s public key. She then sends this ciphertext to Bob as if it came from Alice.