Question

Authentication Protocol:

3 Marks] Q4 (Authentication Protocol) The following mutual authentication protocol is proposed based on a symmetric-key cryptography algorithm. We assume that the cryptography algorithm that is used here is secure. Given that the following protocol does not provide mutual authentication. Give two different attack scenarios where Trudy can convince Bob that she is Alice. Briefly explain each attack scenario performed by Trudy with proper diagram which on the protocol. "Alice",R E(R, KAB E(R+1, KAB) Alice Bob [Hints: You need to show two attack scenarios performed by Trudy with proper diagram on the protocol. Additionally, provide brief explanation of attacks to justify Page 5 of 6 your answer. Refer to attack scenarios on mutual authentication protocols that were discussed during the Lecture-7 and Tutorial-7.]

Answer 1

Two attack scenarios can happen here

1. Trudy acts as a middle man in between and Alice and Bob does not know that. Man in the middle attack.

Here Trudy gets the secret messages from Alice and may edit it. Also Bob sends the message to Trudy thinking its Alice. Trudy thus cheats the communication being a middle man

Bob Alice am Alice Trudy

2.Trudy can act in between due to lack of security. So silently trudy sees all messages. Including the password shared by Alice.

l am Alice, passwor OK l am Alice password OK

3. The next attack scenarion includes that Alice always sends message from an IP address and Bob verifies that IP for authentication. So its easy for an intruder to come in between using that IP address. Its actually IP spoofing.

Bob Alice I am Alice, Alice's IP addr Trudy