-------------------------------------------------------------------------------
Mohamed Gouda							CS 386 S
Spring 2008							Quiz#5
-------------------------------------------------------------------------------

The third step in the Transport Login Protocol TLP is as follows:

	3a) C --> S :	H(H^2(1,n,P,S), SN) <BN, H(1,n,P,S), H^2(1,n',P,S)>,
			H(BN, SN) <n', H(0,n',P,S)>

Show that TLP becomes less secure if this step is changed to become as follows:

	3b) C --> S :	SN <BN, H(1,n,P,S), H^2(1,n',P,S)>,
			H(BN, SN) <n', H(0,n',P,S)>

(Hint: give a scenario where an adversary succeeds in attacking TLP when the
third step is changed, and argue that the same attack fails when the third 
step remains unchanged.)

-------------------------------------------------------------------------------

Assume that adversary knows subtuple (C,n,H(0,n,P,S)).

From this knowledge and msg 2, adversary knows SN.

From SN and msg 3, adversary knows BN.

From SN and BN, adversary can launch an eavesdropping attack. This attack 
could not have occurred if we use 3a instead of 3b.