Design a security protocol that will allow a Mutually Agreed Session key (Kabc) to be established between three entities A, B and C. This key can then be used to secure a chat between the three entities.

I want you to develop your own design based on the conditions below.
Note: The session key should NOT be known to the Chat Server (S) and the Chat Server (S) can only forward the encrypted messages to A, B and C and S cannot read the messages.

The secure chat between entities A, B and C must use the Chat Server (S) and session key Kabc as below: (refer image)
i.e. A, B and C Do NOT communicate directly.

The following conditions apply to your protocol design.
1. A, B and C Never communicate directly.

2. Each entity (A, B, C and S) have a Public Key Certificate, ie. CA<<A>>, CA<<B>>, CA<<C>> and CA<<S>>.

3. The Chat Server, S, has access to all Entity Certificates that use its service and can provide these Certificate to its service users if requested to do so.

4. Challenge – Response process is to be used to establish freshness of communications between A, B and C.

5. Each step in establishing the Session key (Kabc) must provide an Authenticated Integrity check of the data transferred. You must show both sides of this in your protocol description, i.e. its generation and how it is checked.

6. Each Entity must Authenticate itself to the Server S before it is allowed to use its service.

7. For each of the steps where you use CIA (Confidentiality, Integrity or Authentication) please state the algorithm you would use to perform that function. This is to be provided in the description you will provide for the protocol.

You must provide a legend to describe your notation and a full description of each step in the protocol that is used to establish the shared key Kabc.

Transcribed Image Text:

Chat Server (S) {M2}Kabc {M1}Kabc {M3}Kabc {M1}Kabc {M2}Kaby/ {M1}Kabc {M3}Kabc {M3}Kabx A {M2}Kabc B.