In a three-message authentication protocol, Alice initiates contact with Bob. Bo

Question

In a three-message authentication protocol, Alice initiates contact with Bob. Bob is a stateless server, and thus it is inconvenient for him to remember the challenges sent to Alice. Assume that Alice and Bob share a key KAliceBob and Bob also has a key KBob only known to himself. The protocol works as follows, where R1 and R2 are random numbers generated by Alice and Bob, respectively.

a.Does this protocol provide mutual authentication? If yes, why? If no, who cannot authenticate whom and why?

b.Could a third person, Trudy, impersonate Alice? Describe a possible attack scenario. If it is not possible, clearly state so and give reasons.

c.Could Trudy impersonate Bob? Describe a possible attack scenario. If it is not possible, clearly state so and give reasons.

Explanation / Answer

(a) Initially mutual authentication occurs between Bob and Alice because Bob has the KeyAliceBob. (Bob recognizes Alice)

And Alice can authenticate Bob by the random number R1 which Alice sends and receives it back from Bob.

But in case if Bob is unable to remember KeyAliceBob and R1 which was received in previous step then authentication fails at Bob site.

(b) Trudy can impersonate Alice by sending some random number R1 to Bob.

But as Bob has the KeyAliceBob which Bob sends to Trudy assuming it is Alice. Trudy can attack.

(c)   Trudy can impersonate Bob only if he gets the KeyAliceBob as well as the key KBob else he cannot.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.