3
$\begingroup$

Given:

  • We have a principal $A$ that believes that $fresh(K_A)$ and $fresh(K_A^{-1})$, where $K_A$ and $K_A^{-1}$ are a public and private key pair generated by $A$.

  • $A\ believes\ B\ said\ \{X\}_{K_A}$

Is it possible to derive that $X$ is also fresh, and if so, how ?

Thank you.

1 Answers 1

1

I don't think so. Someone could have said $X$ a long time ago. Then an eavesdropper could have replayed $X$, encrypting it with the public key $K_A$.

I think all you can conclude that $\{X\}_{K_A}$ is fresh.

In treatments I've seen it's messages that are fresh, not keys, and they are usually proven fresh by the inclusion of timestamps or the like. Keys are considered to be secure (or not) for communications with principals. Does your formulation of BAN logic have some rule in it about what you can conclude when you know that a key is fresh?