Quizz 4 Q9 what is wrong about my reasoning?

Quizz 4 Q9 what is wrong about my reasoning?

by Noppawit Lertutsahakul -
Number of replies: 5

Hi,

I am reviewing the quiz and I don't understand what is wrong with my reasoning. (c.) is obviously true. Asymmetric encryption uses more computing power than the symmetric encryption.

But for (a.) I reason that it is harder to break. I do understand the basic that both asymmetric and symmetric encryption offers a compatible level of security if the key is only known by the authorized party. 

However, Imagine if there is a vulnerabilities in Alice computer and we use the 2nd communication method. The malicious party gain access to the shared secret. Then, the malicious party would be able to read all the previous communication of Alice and Bob (if he recorded them) and subsequent communication (if Alice didn't realize and still using the same key.)

This wouldn't happen with the 1st communication method. Malicious party gain nothing from gaining access into Alice computer. There are no shared secret to decrypt anything.

In my conclusion, 1st communication method poses 1 point of failure (Bob PC) and 2nd communication method poses 2 point of failure in series (Alice PC or Bob PC). Thus, the 1st method is more secure than the 2nd method.


In reply to Noppawit Lertutsahakul

Re: Quizz 4 Q9 what is wrong about my reasoning?

by Paolo Celati -
Hi, while vulnerabilities on someone's host would easily compromise communications, neither is secure against that. An attacker recovering the new-shared-secret is a possible scenario, Perfect Forward Secrecy makes this much more difficult and I suggest you look into it. Assuming the encryption library is well implemented, the shared secret is randomly generated and it's never written to disk. That means you need to look through RAM to get the key, but at that point you can probably get the message more easily since it's also in RAM and quite likely written to disk with 777 permissions too (that last one would be pretty crappy security). If the attacker recorded everything on the wire and somehow obtains the shared key, sure he could decrypt message. In practice though these shared keys are ephemeral (per connection) and to get the shared key you'd need to break the asymmetric crypto. There's no point in storing the shared key after a connection close either, so you're not going to find it in logs or a DB after the fact anyways. If you want to be assured of method 2's good security, that's what TLS does. Look at the "Connection Encrypted" part of a connection to Moodle if you want, and you'll see it uses RSA for the asymmetric crypto and AES for the symmetric part.
I think something to remember as well in the question is the context is specifically about whether you could recover the message with no other information than wiretapping the line. In that case no, you can't get the shared secret without Bob's private key.
In reply to Noppawit Lertutsahakul

Re: Quizz 4 Q9 what is wrong about my reasoning?

by Athina Papageorgiou Koufidou -
I also do not understand very well the answer to this question. I can see how the two methods are equally secure, but I am not sure why method 2 is more efficient. In my opinion, whether the second is more efficient than the first depends on the message Alice sends. If we are talking about a single message, rather than persistent communication using the symmetric key, Alice sending the message [key+{Hi}] is more efficient than sending the message [key+{thisisournewsecretsymmetrickey}, thisisournewsecretsymmetrickey{Hi}], isn't that the case?
In reply to Athina Papageorgiou Koufidou

Re: Quizz 4 Q9 what is wrong about my reasoning?

by Kuan Lon Vu -
I think method 2 is more efficient, especially with persistent communication, is that asymmetric encryption is more computationally expensive than symmetric encryption. Hence Alice is using the more costly asymmetric encryption to send a symmetric key since keys tend to be shorter than messages. So if Alice and Bob communicate using the new shared key using symmetric encryption for their future messages, then the communication is overall more efficient. Hence answer is c. I also thought that since Alice is sending a symmetric key to Bob, the communication between them is likely to be more than 1 message.
In reply to Kuan Lon Vu

Re: Quizz 4 Q9 what is wrong about my reasoning?

by Athina Papageorgiou Koufidou -
Yes, I totally understand how it is more efficient for persistent communication. However, the question did not mention anything Bob and Alice exchanging more than one message, hence my confusion.
In reply to Athina Papageorgiou Koufidou

Re: Quizz 4 Q9 what is wrong about my reasoning?

by Katerina Argyraki -
Folks, thank you for the nice discussion.

In retrospect, this was not a good multiple-choice question, because the answer depends on so many things. That is a challenge with the quizzes: it's hard to come up with questions that are both interesting AND have simple true/false answers.

A couple of thoughts:
- Indeed, whether method 2 is more efficient or not does depend on how much data is encrypted with the new shared key. One aspect is if the communication is persistent (as you point out). Another (related) one is simply the size of the message.
- As already well-argued, neither method is secure against end-host vulnerabilities. E.g., if we assume that Alice and Bob's computers are vulnerable in some arbitrary way, an attacker could break into Bob's computer and trick Bob into generating a weak public/private key pair, which would equally weaken both methods. (But I do see the logic in thinking that, if a method relies on 2 keys as opposed to 1 key, everything else aside, we are introducing one more attack surface.)

The only "saving grace" is that the answers were phrased as "We should expect method 1/2 to be more efficient/secure..." and not as "Method 1/2 is more efficient/secure..."

In any case. If you have such doubts during the final exam, you raise your hand and ask. Or you write down your rationale next to your choice.