Q. Consider the following method that establishes a secret
session key k for use by Alice and Bob. Alice and Bob already share a secret
key Kab for encryption.
i) Alice sends a random value NA to Bob along with her id,
A.
ii) Bob sends encrypted message EKab(NA), NB to Alice, where
NB is a random value
chosen by Bob.
iii) Alice sends back EKab(NB).
iv) Bob generates session key k and sends EKab(k) to Alice.
v) Now Alice and Bob exchange messages encrypted with the
new session key
k.
Suppose that the random values and the keys have the same
number of bits.
Describe a possible attack for this authentication method.
Can we make the
method more secure by lifting the assumption that the random
values and the
keys have the same number of bits? Explain.
0 comments:
Post a Comment