[messaging] MITM-safe communication w/o authentication possible?

David Lazar lazard at csail.mit.edu
Sun Nov 29 18:46:18 PST 2015


"U.Mutlu" <for-gmane at mutluit.com> writes:

> I wonder if it can be possible, at least theoretically, to have a
> MITM-secure internet channel without the use of PKI and/or
> persistent password (ie. w/o authentication, like in the telephone network)?
> Of course the communication must be encrypted against passive MITM,
> and must also detect active MITM.
> Does anybody know of such a protocol, info, papers etc.?

This paper seems relevant:

https://eprint.iacr.org/2013/410.pdf

The abstract says:

"PnP-IPsec builds on Self-validated Public Data Distribution (SvPDD), a
protocol that we present to establish secure connections between remote
peers/networks, without depending on pre-distributed keys or
certification infrastructure. Instead, SvPDD uses available anonymous
communication infrastructures such as Tor, which we show to allow
detection of MitM attacker interfering with communication. SvPDD may
also be used in other scenarios lacking secure public key distribution,
such as the initial connection to an SSH server."

Cheers,
David


More information about the Messaging mailing list