Consider X.509 3-way authentication protocol. It is argued that timestamps are not needed in this protocol. In such a case, the essence of the protocol becomes as the following (In the notation used below, X{M} means M is signed by entity X). A B: B A: A B: A{rA, IDB} B{rs, ID, r;} A{rb} However there is a potential attack in this case as explained below in detail. Suppose the opponent C has intercepted and stored previous set of protocol messages shown above. The opponent C can impersonate A to B as follows. First, C replays the first message above to B as the first message of a new protocol run: C B: A{r^, IDB} B responds, thinking it is talking to A but is actually talking to C: B C: B{r's, IDA, PA} Meanwhile, C, by some means, causes A to start a new run of the protocol with C. In order to start this new protocol run, A sends C the following message: A C: A{r', ID} As the response of this message, C sends the message (2nd message of protocol) in which it includes the same nonce provided to C by B (that is rs): C A: C{r's, ID, r'} In turn, A responds with: A C: A{r'b} This message is exactly what C needs to convince B that it is talking to A, so C relays this message to B: C B: A{r'}} After B receives this message, it will believe that it is talking to A, whereas it is actually talking to C. Now the question comes. Suggest a simple solution to the abovementioned attack. Briefly explain your reasoning in the solution. You are not allowed to use timestamps in the solution. Moreover, do not increase the number of messages in the protocol