We describe a basic key exchange protocol using private key cryptography upon which more sophisticated protocols for key exchange are based. Encryption within the protocol is done using a private key cryptosystem (such as AES) that is considered secure. The protocol involves three parties, Alice and Bob, who wish to exchange a key, and a trusted third party Cathy. Assume that Alice has a secret key kAlice that only she and Cathy know, and Bob has a secret key kBob which only he and Cathy know. The protocol has three steps:
(i) Alice sends the trusted third party Cathy the message "request a shared key with Bob" encrypted using Alice's key kAlice.
(ii) Cathy sends back to Alice a key kAlice,Bob, which she generates, encrypted using the key kAlice, followed by this same key kAlice,Bob, encrypted using Bob's key, kBob.
(iii) Alice sends to Bob the key kAlice,Bob encrypted using kBob, known only to Bob and to Cathy.
Explain why this protocol allows Alice and Bob to share the secret key kAlice,Bob, known only to them and to Cathy.