Cryptography Reference
In-Depth Information
The protocol messages
. The protocol goals are not necessarily met if the content
of the two messages is changed in any way. For example, we will see in
Protocol 3 what happens if the identifier Bob is omitted from the reply text.
The protocol actions
. The protocol goals are not met if any of the actions are
not undertaken. For example, if Bob fails to check that the MAC on the reply
text matches the received MAC then he has no guarantee of the origin of
the reply.
Informal assurance that Alice is indeed alive comes from the fact that a validMAC
is produced on a message that includes a newly generated nonce. Only Alice could
have generated theMAC and, because she includes the nonce, she must have done
this after Bob made his request. However, such informal arguments have no place
in cryptographic analysis because it is the details that are important. We will later
examine several protocols that appear to satisfy a similar informal analysis, but
which fail to meet the security goals.
REMARKS
We have seen that Protocol 1 meets the security goals and hence is a suitable
protocol to use in our simple application. We will use Protocol 1 as a 'bench-
mark' protocol against which later protocols will be compared. We have described
Protocol 1 in greater detail than we intend to treat later protocols. By doing so,
we have hopefully clarified notation and how to interpret the figures indicating
protocol messages and flow.
9.3.3
Protocol 2
Figure 9.3 shows the protocol flow andmessages of our second candidate protocol.
r
B
||
It's Bob, are you OK?
Alice
Bob
r
B
||
Bob
||
Yes, I'm OK
Sig
A
(
r
B
||
Bob
||
Yes, I'm OK
)
Figure 9.3.
Protocol 2
