Question 3 Security Protocols (a) Do you consider the Dolev-Yao attacker model appropriate for security protocols that require a physical proximity between the agents (e.g., Bluetooth). Briefly argue either way. (4 marks) (b) Consider the following protocol: Step 1: A+B: {N, A}pk(B) Step 2: B + A: {{NA}pk(A), {NB}pk(A)}inv(pk(B)) Step 3: A + B : {NB}pk(B) (i) Briefly explain whether this protocol is secure (i.e., establishes a mutually authenticated and secure channel) or not. If it is secure, give an informal justification why it is secure. If an attack is possible, explain the attack, i.e., how it works and why it is possible. (6 marks) (ii) What is the minimal initial knowledge set for the agents A and B that ensures that the protocol is executable? (5 marks) (c) Consider the following intruder knowledge: M = {{mla(n) 44 (m)} a(n) {n}a (pha) {m}, n1, n2, pk(a), pk(b), pk(i), inv(pk(i)), {secret }pk()} {{\secret}nc1mBmx) Biny(pk(a)} where g and h are functions (i.e., g, he and, in particular, g is a public function: h e Sp). Prove formally that the intruder can learn the message "secret". (15 marks) (Total 30 marks)