Problem: Consider the following protocol used by two parties A (Alice) and B (Bo

Question

Problem: Consider the following protocol used by two parties A (Alice) and B (Bob) to send a message from A to B.

        1.   A    to   B   : M1 = M (XOR) NA where NA is A’s nonce (a randomly selected number)

         2. B    to   A   : M2 = M1 (XOR) NB where NB is B’s nonce

         3.   A    to   B   : M3 = M2 (XOR) NA

a) Show that how B can recover M.

b) Is the system secure? Try whether someone with knowledge of M1, M2, and M3 can retrieve M. Defend your answer. (Note: The notation A   to    B means A sends to B) [Cryptographic Protocol from Applied Cryptography]

Explanation / Answer

B receives M3 = M2 (XOR) NA . So B knows M2 and M3 both so B can find out NA.
Once B has NA then, B knows M1

M1 = M (XOR) NA

From here, M can be found out since both M1 and NA are known.

The system is NOT secure because knowing M1, M2 and M3, the attacker can find out NA and NB by bruteforce and once NA and NB are known, it is very easy to figure out M.

M3 = M2 (XOR) NA

so attacker gets NA

M2 = M1 (XOR) NB

so attacker gets NB

Now attacker has both NA and NB, so system is not secured.

Related Questions

Navigate

• Browse (All)
• Browse P
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.