Replay Attacks

On Monday, Alice uses trusted third party Cathy to establish a secure communication session with Bob. The attached file homework5.pdf contains three slides that show three different ways to establish a shared key. Slide 1 is the simplest key exchange and shows all messages exchanged. Slide 2 and Slide 3 each show a variation of how Alice and Bob establish a shared secret key. For brevity, Slide 2 and Slide 3 focus on the key exchange and do not show the messages exchanged after Alice requests the iPhoneX. You may assume the messages exchanged after Alice requests the iPhoneX are identical regardless of whether the key exchange follows Slide1,2, or 3.

Eve observes and records all the messages exchanged. Eve also observes that a package arrived at Alice's house the next day and suspects the message exchange caused the package to be delivered. Eve knows Alice going on vacation Friday and Eve could easily pick up any package left at Alice's door. On Saturday, Eve attempts a replay attack.

Question 1A: Using the message exchange shown in Slide 1, can Eve launch a successful replay attack? If yes, draw a picture similar to Slide that shows all the messages exchanged. If no, explain why.

Question 1B: As part of the replay attack, does Eve learn Alice's credit number?

Question 2A: If Alice instead uses the key exchange shown in Slide 2, can Eve launch a successful replay attack? If yes, draw a picture similar to Slide that shows all the messages exchanged. If no, explain why.

Question 2B: If Alice uses the key exchange shown in Slide 2 and Eve has obtained session key Ks, can Eve launch a successful replay attack? If yes, draw a picture similar to Slide that shows all the messages exchanged. If no, explain why.

Question 3: If Alice uses the key exchange shown in Slide 3 and Eve has obtained session key Ks, can Eve launch a successful replay attack? If yes, draw a picture similar to Slide that shows all the messages exchanged. If no, explain why.

1. request for session key to Bob kA Cathy Cathy Bob Alice Alice Alice Charge an iPhone X to my credit card 12345678 { I placed your order and it will arrive tomorrowy ks { Thanks. This session is now complete.) ks Acknowledged. I'm discarding key ks) ks Notation: msg) kB indicates "msg" was encrypted with key kB and have it delivered to my house) Ks Bob Alice Bob Alice Bob 1. request for session key to Bob kA Cathy Cathy Bob Alice Alice Alice Charge an iPhone X to my credit card 12345678 { I placed your order and it will arrive tomorrowy ks { Thanks. This session is now complete.) ks Acknowledged. I'm discarding key ks) ks Notation: msg) kB indicates "msg" was encrypted with key kB and have it delivered to my house) Ks Bob Alice Bob Alice Bob