Reader small image

You're reading from  TLS Cryptography In-Depth

Product typeBook
Published inJan 2024
PublisherPackt
ISBN-139781804611951
Edition1st Edition
Concepts
Right arrow
Authors (2):
Dr. Paul Duplys
Dr. Paul Duplys
author image
Dr. Paul Duplys

Dr. Paul Duplys is chief expert for cybersecurity at the department for technical strategies and enabling within the Mobility sector of Robert Bosch GmbH, a Tier-1 automotive supplier and manufacturer of industrial, residential, and consumer goods. Previous to this position, he spent over 12 years with Bosch Corporate Research, where he led the security and privacy research program and conducted applied research in various fields of information security. Paul's research interests include security automation, software security, security economics, software engineering, and AI. Paul holds a PhD degree in computer science from the University of Tuebingen, Germany.
Read more about Dr. Paul Duplys

Dr. Roland Schmitz
Dr. Roland Schmitz
author image
Dr. Roland Schmitz

Dr. Roland Schmitz has been a professor of internet security at the Stuttgart Media University (HdM) since 2001. Prior to joining HdM, from 1995 to 2001, he worked as a research engineer at Deutsche Telekom, with a focus on mobile security and digital signature standardization. At HdM, Roland teaches courses on internet security, system security, security engineering, digital rights management, theoretical computer science, discrete mathematics, and game physics. He has published numerous scientific papers in the fields of internet and multimedia security. Moreover, he has authored and co-authored several books. Roland holds a PhD degree in mathematics from Technical University Braunschweig, Germany.
Read more about Dr. Roland Schmitz

View More author details
Right arrow

5.3 Message authentication versus entity authentication

What happens if message authentication or entity authentication fails? We can answer this question by looking at Figure 5.2 again. There are two ways in which Eve can manipulate messages sent from Bob to Alice. Eve’s first option, illustrated on the left-hand side in Figure 5.2, is to break the message authentication of the communication between Alice and Bob by suppressing the original messages, changing them, or replacing them with messages of her own. Eve’s other option, shown on the right-hand side in Figure 5.2, is simply to replace Bob in the communication and receive Alice’s messages instead of Bob, or send Alice any message of Eve’s choice, thereby breaking entity authentication.

The difference between entity authentication and message authentication is further illustrated by the notorious email-based phishing attacks you are all familiar with. In this case, an attacker sends you...

lock icon
The rest of the page is locked
Previous PageNext Page
You have been reading a chapter from
TLS Cryptography In-Depth
Published in: Jan 2024Publisher: PacktISBN-13: 9781804611951

Authors (2)

author image
Dr. Paul Duplys

Dr. Paul Duplys is chief expert for cybersecurity at the department for technical strategies and enabling within the Mobility sector of Robert Bosch GmbH, a Tier-1 automotive supplier and manufacturer of industrial, residential, and consumer goods. Previous to this position, he spent over 12 years with Bosch Corporate Research, where he led the security and privacy research program and conducted applied research in various fields of information security. Paul's research interests include security automation, software security, security economics, software engineering, and AI. Paul holds a PhD degree in computer science from the University of Tuebingen, Germany.
Read more about Dr. Paul Duplys

author image
Dr. Roland Schmitz

Dr. Roland Schmitz has been a professor of internet security at the Stuttgart Media University (HdM) since 2001. Prior to joining HdM, from 1995 to 2001, he worked as a research engineer at Deutsche Telekom, with a focus on mobile security and digital signature standardization. At HdM, Roland teaches courses on internet security, system security, security engineering, digital rights management, theoretical computer science, discrete mathematics, and game physics. He has published numerous scientific papers in the fields of internet and multimedia security. Moreover, he has authored and co-authored several books. Roland holds a PhD degree in mathematics from Technical University Braunschweig, Germany.
Read more about Dr. Roland Schmitz