Homework Sourse115 Suppose we are using a three message mutual authenticati
(11.5) Suppose we are using a three message mutual authentication protocol, and Alice initiates contact with Bob. Suppose we wish Bob to be a stateless server, and therefore it is inconvenient to require him to remember the challenge he sent to Alice. Let\'s modify the exchange so that Alice sends the challenge back to Bob, along with the encrypted challenge. Is the following protocol secure?
I\'m AliceSolution
No,the protocol is not secure.It is liable to the replay attack.The supervisor can replay Alice’s messages at any time. If Bob learns to know his current challenge, he won’t know that the response is to a previous challenge.
We can make it secure by Bob sending timestamps as the challenge assuming the attacker cannot replay the messages fast enough so that the timestamp in the message is acceptable to Bob.
