Due Friday April 8, 5pm. No late assignments will be accepted.
Submit your solution using CMS. Prepare your solution as .doc, .docx, or .pdf, as follows:
Consider only Dolov-Yao attackers. You may assume that keys are unique.
Consider a variation of the key distribution protocols we discussed in lecture.
1. A --> KDC: A,B,r
2. KDC --> A: A,B, {A,r,K_AB}K_A, {B,r,K_AB}K_B
3. A --> B: A,B, {B,r,K_AB}K_B
Exhibit a man-in-the middle attack that would allow an intruder T
thereafter to understand and/or alter communications between A
and B encrypted using the "shared key"
K_AB each receives from a run of this protocol.
The following key distribution protocol was inspired by Otway-Rees; the designer was concerned with the cost of encryption and therefore eliminated the encryptions used for Otway-Rees messages 1 and 2.
1. A --> B: n,A,B,r1
2. B --> KDC: n,A,B,r1,r2
3. KDC --> B: n,{r1,r2,A,B,K_AB}K_A, {r1,r2,A,B,K_AB}K_B
4. B --> A: {r1,r2,A,B,K_AB}K_A
We are interested in knowing when the protocol terminates (with no participant crashing), what are the strongest conditions that
To illustrate the kind of answers we are seeking, here is a correct response for (i):
Here is an excerpt of the Kerberos protocols found in the course lecture notes, except the expTime field has been removed from the Tick_B message. Here is the modified protocol to access a service B intially:
A --> WkStation_A: A wishes to access service B.
WkStation_A --> KDC: A, B, TGT
KDC: invent fresh key K_AB
extract S_A from TGT found in message from WkStation_A
Tick_B := {A, B, K_AB}K_B
KDC --> WkStation_A: {B, K_AB, Tick_B}S_A
And here is the modified protocol to use the credentials obtained above.
WkStation_A --> B: Tick_B, {timeNow}K_AB
B: extract A, B, K_AB, and expTime from Tick_B (since B knows K_B)
B --> WkStation_A: {timeNow+1}K_AB
Give the details of an attack that is no longer being prevented, now that expTime
is absent.
Be sure to explain what information the attacker must have to launch the
attack and what the attacker gains.