You may have heard of something called a “trusted third party” before while using a web browser. This is usually used in reference to security certificates. This might seem confusing at first but it’s actually very simple.

The situation:
Alice and Bob have come up with a nearly fool proof way to stop people from eavesdropping on them. The last thing they need to do is get Alice’s public key to Bob through Mallory without Mallory modifying the key or replacing it.

To do this they use Trent. Trent has started his own business of securely transmitting public keys for people.

The idea is that everyone already has Trent’s public key. Alice simply needs to securely send her public key over to Trent and he’ll sign it with his public key and send it out to anyone who asks for it. This way Bob doesn’t need to have Alice’s public key ahead of time just to be able to create an encrypted connection with her.

Continuing my explanation of how encrypted communications work, here’s how public/private key cryptography works: First Alice creates a special file called a “private key” using a public/private key algorithm (like this one) and then uses that file to generate a “public key”.

She gives the public key away to anyone she can and keeps the private key private (sort of like a password except that it’s too big to memorize and is therefore stored in a file). She can use the private key to encrypt a message in such a way that only the public key can decrypt it.

This is pretty useless for encryption since anyone who has the PUBLIC key can decrypt it; however it does solve our problem of detecting someone modifying our message.

Mallory can’t replace our message because if she does she will have to encrypt it with Alice’s private key (which she does not have), and Bob will know it wasn’t encrypted with Alice’s private key because it does not decrypt correctly. She also can’t modify Alice’s messages because that would logically mean making an entirely new message. This is called a “digital signature”.

Now Alice and Bob can exchange keys without Mallory being able to eavesdrop on them so long as Alice encrypts the number that she sends with her private key. Bob does not need to have a private key as he can actually encrypt the number he sends using Alice’s public key in such a way that only Alice’s private key can be used to decrypt it.

They can now communicate with each other safe from both Mallory and Eve; however this method requires “prior secrets”. In other words this method requires that Bob already have Alice’s public key. Alice can’t simply transmit her public key to Bob over the Internet because then Mallory could just replace it with her own. She also can’t sign her public key with her private key (creating a “self-signed certificate”) because Bob doesn’t have Alice’s public key to verify it with.

This is where “trusted third parties” come from.

In an earlier post I linked to a video from Khan Academy that talked about how encrypted communication works. Unfortunately that video series left out a very important thing to be aware of about encryption, and that’s man in the middle attacks.
If you haven’t watched that video series I would recommend watching it again. Here‘s the link to the video again just in case you need it.

The story:
Now that Alice and Bob have figured out the Diffie-Hellman key exchange they are now safe from Eve’s eavesdropping; however Eve doesn’t give up easily and so she calls in her big sister Mallory. You see Alice and Bob are communicating over the Internet. When messages travel through the Internet they don’t just jump from point A to point B. Instead they jump from one computer to another until they reach their destination. Mallory in this analogy is one of the computers that their messages have to pass through.

Mallory can do some things that Eve can’t do. Eve could only read their messages; however all messages have to go through Mallory and thus she has the following abilities:
*Refuse to carry a given message (AKA “dropping packets”),
*Modify a message before delivering it,
*Create a message where she pretends to be Alice or Bob,
*and read the messages being sent through.

Since Mallory has these abilities she can do a “man in the middle attack”. Here’s how it works:
First Alice tries to do a Diffie-Hellman key exchange with Bob.

Alice begins her part of the key exchange thinking that she’s establishing an encrypted connection with Bob when in reality she’s forming an encrypted connection with Mallory and Bob does the same.
Now Mallory has an encrypted connection with Alice and Bob, and can eavesdrop on them by decrypting messages sent by Alice, reading them, encrypting them, and sending them to Bob.

To stop this from happening we need to find some way to either stop Mallory from altering/replacing the messages or detect when she does this.

Unfortunately it’s impossible to stop her from altering/replacing the message so instead we’ll have to detect her tampering with public/private key cryptography. I will go over public/private key encryption in the next post.

Here‘s a Khan Academy video series that goes over how encrypted communications work.