Denning-Sacco protocol

Implement this first 4 steps on Scyther. Run all the claims and check the potential attacks.

Alice sends a message to Trent with her identity and Bobs identity

Trent sends Alice Bobs public key, BPUB, and Bobs identity signed with Trents private key (TPRIV). Trent also sends Alice her own public key, APUB, and Alices identity signed with his private key.

Alice sends Bob a random session key K and a timestamp TA, signed in her private key and encrypted in Bobs public key, along with both signed public keys.

Bob decrypts Alices message. Bob verifies Alices signature. He checks to make sure the timestamp is still valid.

Later, Bob does the following:

Bob sends his name and Carols name to Trent.

Trent sends Bob both Bobs and Carols signed public keys.

Bob sends Carol the signed session key K and timestamp he previously received from Alice and signed by Alice. He encrypts it with Carols public key, He sends it to Carol along with Alices certificate and Carols certificate.

Carol decrypts Alices message. Carol verifies Alices signature. She checks to make sure the timestamp is still valid.

About the previous algorithm, if the time stamp is still valid, what type of attack happened above? Please explain. (You may use a picture to help you explain this attack.)

How could you enhance the protocol to prevent this attack?