Academic Commons

Articles

An Attack on the Interlock Protocol When Used for Authentication

Bellovin, Steven Michael; Merritt, Michael

Exponential key exchange may be used to establish secure communications between two parties who do not share a private key. It fails in the presence of an active wiretap, however. Davies and Price suggest the use of Shamir and Rivest's "Interlock Protocol" to surmount this difficulty. The authors demonstrate that an active attacker can, at the cost of a timeout alarm, bypass the passwork exchange, and capture the passwords used. Furthermore, if the attack is from a terminal or workstation attempting to contact a computer, the attacker will have access before any alarm can be sounded.

Subjects

Files

Also Published In

More About This Work

Academic Units
Computer Science
Published Here
June 28, 2010

Notes

IEEE Transactions on Information Theory, vol. 40, no. 1 (January 1994), pp. 273-275.

Academic Commons provides global access to research and scholarship produced at Columbia University, Barnard College, Teachers College, Union Theological Seminary and Jewish Theological Seminary. Academic Commons is managed by the Columbia University Libraries.