[CST-2] Security: 2000 P9 Q6

[Andrei Legostaev]

http://www.cl.cam.ac.uk/tripos/y2000p9q6.pdf

Has anybody got interesting ideas on this question?

There seems to be one small problem and one obvious attack on 
the original protocol -
    
    Problem: The sender (A) is not stated in plain text, so we don't
    know whose public key to use to decrypt the inner message.

    Attack: The parties sharing the key are not stated in the inner
    message, so B can masquerade as A by forwarding the inner 
    message to C and so fooling him into using K(AB).

OK, I can see how this can be drawn out into a 6-mark answer...

But then comes the second part, where the change to the protocol
has addressed neither the "problem" nor the attack.  What can be
written for 12 marks?

Help!

A