Cryptography Reference
In-Depth Information
A good example is the suite of authentication and key establishment protocols
standardised in ISO11770. Many of the protocols proposed in part 2 of ISO11770,
which is concerned with symmetric techniques, have public-key analogues in
part 3 of the standard.
9.3.4 Protocol 3
From Figure 9.4 it should be clear that the protocol flow and messages of our third
candidate protocol are almost identical to Protocol 1.
PROTOCOL ASSUMPTIONS
These are identical to Protocol 1.
PROTOCOL DESCRIPTION
This is identical to Protocol 1, except that in Protocol 3 the identifier Bob is
omitted from the reply text.
PROTOCOL ANALYSIS
This is identical to Protocol 1, except for:
Assurance that Alice's reply corresponds to Bob's request . As argued for
Protocol 1, the inclusion of the nonce r B in the reply appears, superficially,
to provide this assurance since r B is in some sense a unique identifier of Bob's
request. However, there is an attack that can be launched against Protocol 3
in certain environments which shows that this is not always true. Since the
attacker plays the role of a 'mirror', we call this a reflection attack against
Protocol 3. The attack is depicted in Figure 9.5.
r B || It's Bob, are you OK?
Alice
Bob
r B || Yes, I'm OK
MAC K ( r B || Yes, I'm OK )
Figure 9.4. Protocol 3
 
 
Search WWH ::




Custom Search