QUESTION $1$

a$)$ What are the three assumptions that are generally made when designing and analysing cryptographic protocols?

$[3$ marks$]$

b$)$ What are naming flaws in cryptographic protocols? Analyse how the protocol below exhibits a naming flaw, and construct an attack that allows an adversary to impersonate B$.[7$ marks$]$

$(1)AB$:$N_a$

$(2)BA$:$\{N_a,N_b{\}}_{k_{ab}}$

$(3)AB$:$N_b$

c$)$ Give a critical analysis of the Otway$-$Rees protocol, reproduced below. Your answer should include descriptions of the purposes of each part of the messages, and justify why the protocol can provide authentication of the participants. Are there any known attacks on this protocol? $[10$ marks$]$

$(1)AB$:$M,A,B,\{N_a,M,A,B{\}}_{K_a}$

$(2)BS$:$M,A,B,\{N_a,M,A,B{\}}_{K_{as},}\{N_b,M,A,B{\}}_{K_{bs}}$

$(3)SB$:$M,\{N_a,K_{ab}{\}}_{K_{as},}\{N_b,K_{ab}{\}}_{K_{bs}}$

$(4)BA$:$M,\{N_a,K_{ab}{\}}_{K_{as}}$