Score:1

Revoke key without communication between the party who revoked it and the party who is validating

ru flag

I received a very weird question from someone. I feel there is no solution, It would be great if you guys share your views.

There are three people Alice, Bob and Sam and they all work for a high-security facility. Alice is the gatekeeper, Bob is a scientist and Sam is their manager.

Sam has issued an entry pass to Bob which is signed. Alice can verify the entry pass by using public-key cryptography (she knows Sam's public key).

One day when Sam is in another city he realizes that Bob is working for the enemy. Now he needs to make sure that Bob can not gain entry to the high-security facility. immediately.

How can he do so if the below conditions are implied:-

  1. He cannot communicate with Alice. Messengers are untrusted so he can not communicate with anyone else too.
  2. He cannot snatch Bob's Id card because he is not physically there & even if he is able to snatch it, The id card is easily reproducible.

So Sam has to revoke his signature on Bob's id card, but he cannot communicate with Alice.

Can Sam do anything here?

In my opinion, sam cannot do anything else other than to go back to Alice and tell her that Bob cannot gain entry anymore. But until he reaches there, there is nothing stopping Bob to enter the building.

poncho avatar
my flag
"He cannot communicate with Alice"; can he communicate with anyone else?
Chygo Runner avatar
ru flag
@poncho No he cannot send a messenger in any way too.
Score:2
in flag

We need not trust the messenger to allow revocation. A public broadcast is usually sufficient. Obviously some communication is necessary between the revoker and the verifier but it need not be over a secure channel.

The common way is having CRLs, a revocation is also signed and posted somewhere. And the gatekeeper checks it every time/periodically. A revocation can not be forged.

If the attacker can jam communication he may be able to block the post or prevent the verifier from seeing it. We could require periodic timestamped lifesigns signing the previous CRL. Thus if we interfere with communication it is detected. However then what? go on lock down? that is an option but opens up possible DOS attacks.

Chygo Runner avatar
ru flag
Thanks, The dos attack threat is real, I Will wait for some time for a better answer before marking this answer accepted.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.