Neil Agarwal

1) Trust establishment is often the most challenging part of designing
a security protocol: making sure you are talking to the correct
person. Give two examples of different approaches in the literature for establishing
trust and explain their caveats.

1. Key Fingerprint Verification and Public Key Directories are examples of approaches in literatures for establishing trust. Key Fingerprint Verification requires users to verify a representation of a cryptographic hash of their partners’ public keys out of band. While this would handle much of the security properties, this approach introduces a number of usability issues – the user must perform manual verification before communicating with a new partner. Considering that the most widely adopted systems are those with high usability ratings, this approach is not very practical. Public Key Directories involve using an ‘authority’ entity to verify the identity of the participants in the conversation – this is common in a number of heavily adopted messaging applications such as Apple iMessage. This approach excels in usability but requires a large trust to be placed on the third party authority. Therefore, the third party can execute MITM attacks.