The authenticated Diffie-Hellman key agreement protocol, or Station-to-Station (STS) protocol, was developed by Diffie, van Oorschot, and Wiener in 1992 [DVW92] to defeat the middleperson attack on the Diffie-Hellman key agreement protocol (see Question 24). The immunity is achieved by allowing the two parties to authenticate themselves to each other by the use of digital signatures (see Question 3) and public-key certificates (see Question 123).
Roughly speaking, the basic idea is as follows: Before the protocol, the two parties Alice and Bob each possess a public/private key pair and a certificate for the public key. During the protocol, Alice computes a signature on certain messages and sends Bob the public value ga mod p together with her signature and her public-key certificate. Bob also proceeds a in a similar way. Even though Carol is still able to intercept messages between Alice and Bob, she cannot forge signatures without Alice's private key and Bob's private key. Hence, the enhanced protocol defeats the middleperson attack.
| Question 26 |