Suppose Alice, Bob, and Carol want to use secret key technology to authenticate

Question

Suppose Alice, Bob, and Carol want to use secret key technology to authenticate each
other. If they all used the same secret key K, then Bob could impersonate Carol to Alice
(actually any of the three can impersonate the other to the third). Suppose instead that
each had their own secret key, so Alice uses KA, Bob uses KB, and Carol uses KC. This
means that each one, to prove his or her identity, responds to a challenge with a function
of his or her secret key and the challenge. Is this more secure than having them all use the
same secret key K? (Hint: what does Alice need to know in order to verify Carol

Explanation / Answer

No more secure than pervious one.

Reason: Alice need to know the secret key of Carol to verify the Carol’s answer to Alice challenge similarly it need the secret key of Bob to verify the Bob’s answer to Alice challenge (actually any of the three need others secret key for verify answer to challenge).

So, Bob could impersonate Carol to Alice as it should know the secret key of Carol to answer Carol challenge. Hence it is no more secure than having all use the same secret key.

Related Questions

Navigate

• Browse (All)
• Browse S
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.