Connection Security

The Simple Story: Alice and Bob’s Secret Handshake

Alice and Bob want to send each other private text messages (SMS) that no one else can read, not even their phone company.

They will use a Secret Code (an AES symmetric key) to lock and unlock their messages. The hard part is agreeing on what that Secret Code is without anyone else finding out.

The “Connection Request” (Step 1)

This is how they start the secret handshake. Alice begins.

What’s Happening?

  1. Alice’s phone creates a special, unique lockbox and key. The lockbox is her Public Key (anyone can use it to lock something). The key to open it is her Private Key (she must keep this secret forever).
  2. She sends the open lockbox (Public Key) to Bob.
  3. Bob’s phone looks at this lockbox and calculates a short “Fingerprint” (a CRC16 checksum) for it. This is like describing the lockbox’s color and size (“big blue lockbox”).
  4. The Critical Check: Bob calls Alice and reads the fingerprint to her: “Hey Alice, the fingerprint is 4B2A.” Alice checks it against the fingerprint of the lockbox she sent. If it matches, Bob knows he received the correct, unaltered lockbox.

The “Connection Response” (Step 2)

Now Bob has Alice’s lockbox. It’s time to put the Secret Code inside and send it back.

What’s Happening?

  1. Bob’s phone creates the Secret Code (a random AES-192/256 key).
  2. He puts this code into Alice’s public lockbox and snaps it shut. Now, only Alice’s private key can open it. This is the Encrypted AES Key.
  3. Bob’s phone calculates a “Fingerprint” (CRC16) of this locked box.
  4. He sends the locked box to Alice.
  5. The Final Check: Bob calls Alice and reads the fingerprint of the locked box he sent. Alice receives the box, calculates its own fingerprint, and compares. If they match, she knows the box wasn’t tampered with. She then uses her private key to open it and get the Secret Code.

The Security Victory

Even if Mallory swapped the lockbox in Step 1,this step is much harder to hack. The locked box contains Bob’s secret code. To create a new locked box for Alice that has the same fingerprint, Mallory would have to guess Bob’s secret code and break the math behind the lockbox in a fraction of a second, which is practically impossible.

How Messaging Works (The SMS Part)

Now that both have the same Secret Code (AES key), they can start texting privately.

Sending a Message (Alice):

  1. Alice types a message: “Meet me at 5pm.”
  2. Her phone uses the Secret Code (AES) to scramble (encrypt) the message into gibberish like X4J8k3nD0dL1pQ9aZ2.
  3. She sends this gibberish via normal SMS.

Receiving a Message (Bob):

  1. Bob receives the gibberish SMS: X4J8k3nD0dL1pQ9aZ2.
  2. His phone uses the same Secret Code (AES) to unscramble (decrypt) it back into “Meet me at 5pm.”

Why is this secure? Even if Mallory intercepts the SMS, all she sees is the gibberish. Without the Secret Code, she cannot turn it back into the real message. The AES encryption is incredibly strong.

Overall Picture & Summary

The following sequence diagram brings the entire process together, showing the classic Man-in-the-Middle (MITM) attack vector and how the out-of-band verification thwarts it:

In a nutshell:

· Shared Secret: We use a slow, super-strong method (RSA) to safely agree on a fast, strong Secret Code (AES).
· The Handshake: The “Connection Request” and “Connection Response” are that handshake.
· The Strength: The system is designed so that if a hacker tries to mess with the handshake, you both find out during the phone call verification steps.
· The Result: Once the handshake is done, you can send endless private messages over SMS with total security.