Consider the following security protocol that authenticates two parties A and B, using a trusted server S. KA is a secret ke

1. Consider the following security protocol that authenticates two parties A and B, using a trusted server S. KA is a secret key known by A and S, KB is the secret key known by B and S, N1 and N2 are nonces, generated by A and B, respectively. E[(M),K] denotes the encryption of message M with key K. || denotes concatenation of the message. Answer the following questions:

Message 1: A→ B: A || B || E[(A, B, N1), KA] Purpose of the message:

What A knows and why: What B knows and why: What S knows and why:

Message 2: B→S: A|| E[(A, B, N1), KA] || B || E[(A, B, N2), KB] Purpose of the message:

What A knows and why: What B knows and why: What S knows and why:

Message 3: S→B: E[(K-session, N2), KB] Purpose of the message:

What A knows and why: What B knows and why: What S knows and why:

Message 4: S→A: E[(K-session, N1), KA] Purpose of the message:

What A knows and why: What B knows and why: What S knows and why:

2. Suppose Alice and Bob have RSA public keys in a file on a server. They communicate regularly, using authenticated, confidential message. Eve wants to read the messages but is unable to crack the RSA private keys of Alice and Bob. However, she is able to break into the server and alter the file containing Alice’s and Bob’s public keys.

• How should Eve alter the file to so that she can read confidential messages sent between Alice and Bob, and forge messages from either?
• How might Alice and/or Bob detect Eve’s subversion of the public keys?