In the described attacks it is assumend that Mallory is an active attacker, that is an entity that is able to intercept, remove or modify the messages from the communication channel (e.g. Ethernet).
In a broadcast channel such as a radio network it is almost impossible to replace one message with another.
A Key Distribution Center (KDC), usually impersonated by Trent, is the actor in charge to hold and distribute, on demand, the keys (both public and session).
Alice and Bob both share a secret key with Trent, KA and KB respectively.
Public key cryptography can be used to encrypt the whole communication traffic: Alice encrypts using Bob's public key and Bob encrypts using Alice's public key. However, encrypt traffic using PKC (public key crypto) is computationally expensive, thus an hybrid scheme is often adopted.
Public key cryptography is used to exchange a session key that will be used by a symmetric cipher to encrypt the session traffic.
The public key exchange protocol can be implemented without Trent's support. In this case Alice asks directly to Bob for his public key.
The protocol is passive to the Man in the Middle attack.
The protocol allows Alice and Bot to jointly establish a shared secret key over an insecure channel. The peculiarity of the protocol is that the two parties could have no prior knowledge of each other.
X = f(G,Asec), where Asec is secret, and sends it to Bob.
Y = f(G,Bsec), where Bsec is secret, and sends it to Alice.
Z = f(Y,Asec).
Z = f(Y,Bsec).
The protocol requirements are that:
f(f(G,Asec),Bsec) = f(f(G,Bsec),Asec).
The simplest, and original, implementation of the protocol uses the multiplicative group of integers modulo p, where p is prime and g is a primitive root modulo p. These two values are chosen in this way to ensure that the resulting shared secret can take on any value from 1 to p-1.
X = g^a mod pto Bob.
Y = g^b mod pto Alice.
Z = Y^a mod p.
Z = X^b mod p.
Unfortunately, "as-is", the protocol is vulnerable to MitM attack.
Trent sign both Alice's and Bob's public keys. When Alice and Bob receive the keys, they each verify Trent's signature. Now they know that the key belongs to the other person. Obviously, both parties must have received via a secure channel the Trent's public key to verify it's signature.
The only vulnerability in this architecture is constituted by Trent's private key. If is compromised then Mallory can sign it's own key as a key that belongs to another party, e.g. Alice.
proudly self-hosted on a cheap Raspberry Pi 2