Question: Consider the following protocol, designed to let A and B decide on a fresh, shared session key K AB . We assume that they already
Consider the following protocol, designed to let A and B decide on a fresh, shared session key K′AB. We assume that they already share a long-term key KAB.![1. AB:A, NA. 2. BA:E(KAB, [NA, KAB]) 3. AB:E(KAB, NA)](https://dsd5zvtm8ll6.cloudfront.net/images/question_images/1705/8/3/2/31265acef7895af51705832310227.jpg)
a. We first try to understand the protocol designer’s reasoning:
—Why would A and B believe after the protocol ran that they share K′AB. with the other party?
—Why would they believe that this shared key is fresh?
In both cases, you should explain both the reasons of both A and B, so your answer should complete the sentences A believes that she shares with K′AB B since...
B believes that he shares with K′AB B since...
A believes that K′AB is fresh since...
B believes that K′AB is fresh since...
b. Assume now that A starts a run of this protocol with B. However, the connection is intercepted by the adversary C. Show how C can start a new run of the protocol using reflection, causing A to believe that she has agreed on a fresh key with B (in spite of the fact that she has only been communicating with C).Thus, in particular, the belief in (a) is false.
c. Propose a modification of the protocol that prevents this attack.
1. AB:A, NA. 2. BA:E(KAB, [NA, KAB]) 3. AB:E(KAB, NA)
Step by Step Solution
3.30 Rating (153 Votes )
There are 3 Steps involved in it
a A believes that she shares K AB with B since her nonce came back in message 2 encrypted with a key ... View full answer
Get step-by-step solutions from verified subject matter experts
Study Help