FREE Trial

Consider the following protocol, designed to let A and B decide on a fresh, shared session key,

Fantastic news! We've Found the answer you've been seeking!

Question:

Consider the following protocol, designed to let A and B decide on a fresh, shared session key, Ks. We assume that they already share a long-term key, KAB.

1. A -> B: A, NA
2. B -> A: E(KAB, [NA, Ks])
3. A -> B: E(Ks, NA)

(a) First try to understand the protocol by explaining: why would A and B believe that after a protocol run, they share Ks with the other party? Why would they believe that this shared key is fresh?
(b) Assume now that A starts a run of this protocol with B. However, the connection is intercepted by the adversary C. Show how C can start a new run of the protocol using reflection, causing A to believe that she has agreed on a fresh key with B (in spite of the fact that she has only been communicating with C). Thus, in particular, the belief in (a) is false.
(c) Propose a modification of the protocol that prevents this attack.

Expert Answer:

Answer rating: 100% (QA)

aA thinks that it shares Ks with B because hisher nonce came back in message two encrypted with a ke... View the full answer


answer-question-section
Related Book For  answer-question
Introduction to Real Analysis

Introduction to Real Analysis

ISBN: 978-0471433316

4th edition

Authors: Robert G. Bartle, Donald R. Sherbert

See More Books
Posted Date:
See More Questions

Students also viewed these mathematics questions

Work Design Occupational Ergonomics 7th Edition - ISBN: 1890871796 - Free Book