Authenication and Key Exchange Consider the following protocol for \"a secret-ke

Question

Authenication and Key Exchange Consider the following protocol for "a secret-key exchange" between two users A and B that involves a trusted party, say C e User A sends a message "A, B" to the trusted party C. In response, the trusted party sends A the following message: "EPR (B,PUB), EPRe (A,PUA)" . A decrypts the message with C's public key (EPUc) and finds out B's and his public keys. Then A chooses a secret key (K) for communication with B and sends the following message to B: "EPU (EPRA (K)), EPRe (B,PUB), EPR (A,PUA)". . When B receives this message, he decrypts it using his private key and then verifies A signatures using A's public key. Then he is sure of the secrecy of the key (K) and the idenitity of the A 1. Show that after these steps are completed, B can impersonate as A to some other user (That is, B can use some information in these steps to convince another user that B is 2. Suggest a fix for the problem

Explanation / Answer

In step 3, B obtains the key encrypted with private key of A. This would enable B to pass itself off as A using this data.

To eliminate this when there should be a small finite timeout associated with the key K after which it cannot be reused. Another way of ensuring non-impersonation is if EPuB(EPrA(K)) needstoo be necessarily encrypted by the private key of the sender first ,i.e. EPrA(EPuB(K))  

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.