Cryptography Reference
In-Depth Information
r
B
||
It's Bob, are you OK?
Alice
Bob
E
K
(
r
B
||
Bob
||
Yes, I'm OK
)
Figure 9.6.
Protocol 4
PROTOCOL ASSUMPTIONS
These are identical to Protocol 1, expect that we assume that Alice and Bob have
agreed on the use of a strong symmetric encryption algorithm
E
(rather than a
MAC). Note that, just as for the previous protocols, this assumption does not
specify precisely how this encryption algorithm should be substantiated. Thus it
could, for example, be either a stream cipher or a block cipher. If it is a block
cipher then it could be using any mode of operation. We will see shortly that this
ambiguity might lead to problems.
PROTOCOL DESCRIPTION
The description of Protocol 4 is exactly as for Protocol 1, except that:
• Instead of computing a MAC on the reply text, Alice uses
E
to encrypt the reply
text using key
K
.
• Alice does not send the reply text to Bob.
• Instead of computing and comparing the received MAC on the reply text, Bob
simply decrypts the received encrypted reply text.
PROTOCOL ANALYSIS
The analysis of Protocol 4 is exactly as for Protocol 1, except for the issue of data
origin authentication of Alice's reply. We need to consider whether encryption
can be used in this context to provide data origin authentication. There are two
arguments:
The case against
. This is perhaps the purist's viewpoint. Protocol 4 does
not provide data origin authentication because encryption does not, in
general, provide data origin authentication. We presented this argument in
Section 6.3.1. A key management purist might also choose to point out there
is inherent danger in using encryption to provide data origin authentication
