Cryptography Reference
In-Depth Information
T
B
||
It's Bob, are you OK?
Alice
Bob
T
B
||
Bob
||
Yes, I'm OK
MAC
K
(
T
B
||
Bob
||
Yes, I'm OK
)
Figure 9.7.
Protocol 5
PROTOCOL ANALYSIS
The analysis of Protocol 5 is similar to Protocol 1.
Data origin authentication of Alice's reply
. As for Protocol 1.
Freshness of Alice's reply
. The reply text includes the timestamp
T
B
, which Bob
generated at the start of the protocol. Thus, by the principles discussed in
Section 8.2.1, the reply is fresh.
Assurance that Alice's reply corresponds to Bob's request
. There are two pieces
of evidence in the reply that provide this:
1. The reply contains the timestamp
T
B
, which Bob generated for this run of the
protocol. Assuming that the timestamp is of sufficient granularity that it is not
possible for Bob to have issued the same timestamp for different protocol runs
(or that it includes a unique session identifier), the presence of
T
B
indicates that
the reply matches the request.
2. The reply contains the identifier
Bob
, preventing reflection attacks.
Thus Protocol 5 meets the three security goals.
REMARKS
Protocol 5 can be thought of as the 'clock-based' analogue of Protocol 1. Many
cryptographic protocols come in two different 'flavours' such as Protocol 1 and
Protocol 5, depending on the type of freshness mechanism preferred.
Note that there is no need for Alice to share a synchronised clock with Bob for
Protocol 5 to work. This is because only Bob requires freshness, hence it suffices
that Alice includes Bob's timestamp without Alice necessarily being able to 'make
sense' of, let alone verify, it.
One consequence of this is that it is important that
T
B
is integrity-protected.
To see this, suppose that
T
B
just consists of the time on Bob's clock, represented
