Shared Key Authentication Simplification

0
votes

SO-

I have this question in my homework, and I have a lot of ideas about why its not true, but I can't put my finger on it precisely...

Here we assume Alice and Bob have a secret key. Consider these 5 steps:

  1. Alice sends bob "ID_a" to start authentication
  2. Bob responds with "R_b" (which I think is a random number or timestamp or other nonce)
  3. Alice Replies with K_a,b(R_b), which establishes her identity to Bob
  4. Alice sends "R_a" to Bob
  5. Bob sends K_a,b(R_a) to Alice, to verify his identity

All makes perfect sense, but the question is "Can steps 3 and 4 be combined?" I see no reason why Alice couldn't encrypt her nonce R_a as well, but I remember hearing in class how things like this were done to prevent replay attacks from an evesdropper. How is this? An attacker wouldn't be able to replay an encrypted version of K_a,b(R_anything) because the R_a or b is chose randomly and unique right? Can steps 3 and 4 be combined?

1
encryptioncryptographyprivate-key

1 Answers

1
votes

Since you have given a go at it first by providing your thinking, I'll give you my thinking. First, you said a "replay attack", but I think you meant a "man in the middle" attack. Second, if one connection is comprised, then that is true for 2 connections made between two entities. Since Alice is sending information to Bob, I see no reason to establish a second connection to Bob to send different information (unless that connection was via a different means). Therefore, yes, steps 3 and 4 can be combined.

Now, in terms of furthering your knowledge, this protocol seems to be a takeoff of the "Secure Remote Password" protocol, so you may want to read up on that. There's a rather technical paper with some simple interpretations at http://srp.stanford.edu/ndss.html#SECTION00032200000000000000 (look for the Carol/Steve dialog). You will note in that dialog that the arrows alternate back and forth between Carol & Steve and that no two consecutive interactions from one person to the other are in the same direction.