An Attack on the Interlock Protocol When Used for Authentication

Bellovin, Steven Michael; Merritt, Michael

Exponential key exchange may be used to establish secure communications between two parties who do not share a private key. It fails in the presence of an active wiretap, however. Davies and Price suggest the use of Shamir and Rivest's "Interlock Protocol" to surmount this difficulty. The authors demonstrate that an active attacker can, at the cost of a timeout alarm, bypass the passwork exchange, and capture the passwords used. Furthermore, if the attack is from a terminal or workstation attempting to contact a computer, the attacker will have access before any alarm can be sounded.



Also Published In

More About This Work

Academic Units
Computer Science
Published Here
June 28, 2010


IEEE Transactions on Information Theory, vol. 40, no. 1 (January 1994), pp. 273-275.