Secure Communication Using Two Pairs of Public/Private Keys
Let’s say I want to create a protocol to securely communicate between two endpoints – each of the two endpoints know the other’s public key and all data exchanged is encryted using one’s public key and decrypted using the recipient’s private key. Aside from man in the middle attack which can be avoid by using a PKI(?), what other kinds of attack is this protocol vulnerable to? And how is it compared to SSL as we have removed the initial handshake step?
This protocol is vulnerable to a replay attack.
A -> I_B: {m}_PK(B)
I_A -> B: {m}_PK(B)
I_A -> B: {m}_PK(B)
If m
was a message saying loan me $10
and B
was a little naive …
This protocol is also vulnerable to message reordering attacks e.g.
A -> I_B: {m}_PK(B)
A -> I_B: {m'}_PK(B)
I_A -> B: {m'}_PK(B)
I_A -> B: {m}_PK(B)
If we assume RSA, then if there is no padding then such a protocol would be weak to homomorphic encryption attacks.
Various other attacks are obvious but uninteresting (such as denial-of-service by the intruder blocking all messages, dictionary attacks letting the attacker verify a guess at the message, dictionary attacks letting the attacker detect repeat messages, message truncation attacks etc.)