下面是Attack 和Fix之间不断反复的例子(以认证的密钥建立协议为例 Protocols for Authenticated Key Establishment Using Encryption)
Prot2.1: Protocol “From Alice to Bob”
- Alice generates K at random, creates {K}KAT, and sends to Trent: Alice, Bob, {K}KAT;
- Trent finds keys KAT, KBT, decrypts {K}KAT to reveal K, creates {K}KBT and sends to Bob: Alice, Bob, {K}KBT;
- Bob decrypts {K}KBT to reveal K, forms and sends to Alice: {Hello Alice, I'm Bob!}K.
由于Alice所产生的K可能不够安全,不能取得Bob的信任,所以改为由Trent来生成K
Prot2.2: Protocol “Session Key from Trent”
- Alice sends to Trent: Alice, Bob;
- Trent finds keys KAT, KBT, generates K at random and sends to Alice: {K}KAT, {K}KBT;
- Alice decrypts {K}KAT, and sends to Bob: Trent, Alice, {K}KBT;
- Bob decrypts {K}KBT to reveal K, forms and sends to Alice: {Hello, I'm Bob!}K.
Attack2.2: An attack on Prot2.2
Alice -> Malice(“Trent”): Alice, Bob;
Malice(“Alice”)->Trent: Alice, Malice;
Trent finds KAT, KMT, generates KAM, ->Alice: {KAM}KAT, {KAM}KMT;
Alice decrypts{KAM}KMT, ->Malice(“Bob”): Trent, Alice, {KAM}KMT;
Malice(“Bob”)->Alice : {Hello, Im Bob!}KAM;