Assume a server-assisted mutual authentication and key establishment protocol. Suppose that Alice and the Server share the pairwise symmetric key KAS; however Bob and Server share a pairwise symmetric key KBS. During the protocol, trusted Server produces a fresh, random session key K and distributes it to both Alice and Bob as follows:

1) Alice → Bob. A, NA where NA is fresh and random
2) Bob → Server. B, encKBS (A,NA,NB) where NB is fresh and random
3) Server → Alice. encKAS (B,NA,K),encKBS (A,K), NB where K is a fresh session key
4) Alice → Bob. ????

Goal of the protocol is to:

a) Establish a key which is only known to the Alice and Bob

b) Alice and Bob are confident they are talking to each other (not someone else).

i) What message must Alice send to Bob in step 4 of the protocol? Describe why your solution leads to a protocol which has the above two properties.

ii) Suppose these condmessage of the protocol (fromBobtoServer) is changed to B, encKBS(A,NA),NB. In other words, Bobs nonce NB is not encrypted. Is the protocol still secure? Discuss.

iii) Suppose the third message of the protocol (fromServertoAlice) is changed to B, encKAS(NA,K), encKBS(A,K),NB. In other words, Bobs identity B is not encrypted. Is the protocol still secure? Discuss.