Consider the following protocol for \"a secret-key exchange\" between two users

Question

Consider the following protocol for "a secret-key exchange" between two users A and B that involves a trusted party, say C User A sends a message "A, B" to the trusted party C. In response, the trusted party sends A the following message: "EpRe (B,PUB), EPRe (A, PUA)". A decrypts the message with C's public key (EpUc) and finds out B's and his public keys. Then A chooses a secret key (K) for communication with B and sends the following message to B: "EpU(EPRA(K)), EPRC (B.PUB, EPR(A,PUA)" When B receives this message, he decrypts it using his private key and then verifies A signatures using A's public key. Then he is sure of the secrecy of the key (K) and the idenitity of the A 1. Show that after these steps are completed, B can impersonate as A to some other user (That is, B can use some information in these steps to convince another user that B is 2. Suggest a fix for the problem.

Explanation / Answer

GIVEN: User A sends a message "A, B" to the trusted party C. • In response TO THAT the trusted party sends A the following message: "EpRe(B,PUB), EPRc(A,PUA)"

Related Questions

Navigate

• Browse (All)
• Browse C
• Subjects

---