Computer Security Question
Q. Consider the following method that establishes a secret session key k for use by Alice and Bob. Alice and Bob already share a secret key Kab for encryption.
i) Alice sends a random value NA to Bob along with her id, A.
ii) Bob sends encrypted message EKab(NA), NB to Alice, where NB is a random value
chosen by Bob.
iii) Alice sends back EKab(NB).
iv) Bob generates session key k and sends EKab(k) to Alice.
v) Now Alice and Bob exchange messages encrypted with the new session key
Suppose that the random values and the keys have the same number of bits.
Describe a possible attack for this authentication method. Can we make the
method more secure by lifting the assumption that the random values and the
keys have the same number of bits? Explain.