Cryptography Reference
In-Depth Information
ID
S
||
It's Bob, are you OK ?
Alice
Bob
ID
S
||
Bob
||
Yes, I'm OK
MAC
K
(
T
A
||
ID
S
||
Bob
||
Yes, I'm OK
)
Figure 9.9.
Protocol 7
9.3.8
Protocol 7
Our seventh protocol variant is closely related to Protocol 6, and is depicted in
Figure 9.9.
PROTOCOL ASSUMPTIONS
These are the same as the assumptions for Protocol 6.
PROTOCOL DESCRIPTION
The description of Protocol 7 is almost the same as Protocol 6. The only differences
are:
• Bob includes a unique session identifier
ID
S
in the request, which Alice includes
in the reply text. This identifier is not necessarily randomly generated (unlike the
nonces that were used in some of the previous variants).
• The reply text that is sent in the clear by Alice differs from the reply text on
which Alice computes the MAC. The difference is that
T
A
is included in the latter,
but not the former.
PROTOCOL ANALYSIS
The analysis of Protocol 7 is similar to Protocol 6. The inclusion of the session
identifier
ID
S
is intended to remove the concerns about linking the reply to the
request. The omission of
T
A
from the reply text that is sent in the clear at first just
looks like a saving in bandwidth, since:
• Alice and Bob have synchronised clocks, by our assumptions,
• it is not strictly necessary that the data on which the MAC is computed matches
the reply text, so long as Bob receives all the critical data that he needs to
check the MAC.
