Needham and Schroeder suggest the following variant of their protocol:1. Alice → Bob : Alice2. Bob→ Alice: {Alice rand3}kBob3. Alice → Cathy : {Alice Bob rand₁|{Alice rand3}kBob}4. Cathy → Alice: {Alice Bob rand₁|ksession|{Alice rand3|ksession}KBob}KAlice5. Alice → Bob: {Alice rand3|ksession}kBob6. Bob→ Alice: {rand2}ksession7. Alice → Bob: {rand2-1}ksessionShow that this protocol solves the problem of replay as a result of stolen session keys.Hint: Consider two cases, one in which the attacker does not send an initial message to Bob and one in whichthe attacker does.

Answered: Needham and Schroeder suggest the…

Database System Concepts

7th Edition

ISBN:9780078022159

Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan

Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan

Chapter1: Introduction

Section: Chapter Questions

Problem 1PE

See similar textbooks

Related questions

Concept explainers

Question

Needham and Schroeder suggest the following variant of their protocol:
1. Alice → Bob : Alice
2. Bob→ Alice: {Alice rand3}kBob
3. Alice → Cathy : {Alice Bob rand₁|{Alice rand3}kBob}
4. Cathy → Alice: {Alice Bob rand₁|ksession|{Alice rand3|ksession}KBob}KAlice
5. Alice → Bob: {Alice rand3|ksession}kBob
6. Bob→ Alice: {rand2}ksession
7. Alice → Bob: {rand2-1}ksession
Show that this protocol solves the problem of replay as a result of stolen session keys.
Hint: Consider two cases, one in which the attacker does not send an initial message to Bob and one in which
the attacker does.

Expert Solution

Step 1

Stolen Session key:-

In the field of computer science, session hijacking, also referred to as cookie hijacking, is the use of a legitimate computer session, also known as a session key, to obtain unauthorized access to data or services in a computer system. The theft of a magic cookie, which is used to authenticate a user to a remote service, is specifically mentioned. It is especially pertinent to web developers since many websites employ HTTP cookies to maintain sessions, which can be readily taken by an attacker using a third-party computer or with access to the victim's computer's saved cookies (see HTTP cookie theft).

Step by step

Solved in 2 steps

SEE SOLUTION Check out a sample Q&A here

Knowledge Booster

Learn more about

Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.

Similar questions