Reflection attack on shortened 2-way authentication protocol

Reflection attack on shortened 2-way authentication protocol

#include<conio.h>

#include<stdio.h>

#include<graphics.h>

#include<dos.h>

struct trudy

  {

   int challenge_sent;

   int response_sent;

   int challenge_received;

   int response_received;

  }T;

struct bob

  {

   int shared_key;

   int challenge_received;

   int response_received;

   int challenge_sent;

   int response_sent;

   int challenge_remember;

  }B;

void main()

  {

   int i;

   int x1=200,x2=400,y1=170,y2=170;

   int challenge;

   int action;

   int gd,gm;

   clrscr();

   printf("\n Trudy want to send request to Bob on behalf of A");

   printf("\n");

      printf("\n To allow this action press (1.Allow 2.Dont allow) :: ");

      scanf("%d",&action);

   if(action==1)

            {

             B.shared_key=accept_key();

             T.challenge_sent=random_number();

             printf("\n the challenge generated by trudy is :: %d",T.challenge_sent);

             B.challenge_received=T.challenge_sent;

             B.response_sent=B.shared_key+B.challenge_received;

             T.response_received=B.response_sent;

             B.challenge_sent=random_number();//random number

             B.challenge_remember=B.challenge_sent;//save by bob

             T.challenge_received=B.challenge_sent;

             //new session

             B.challenge_received=T.challenge_received;

             B.response_sent=B.challenge_received+B.shared_key;

             T.response_received=B.response_sent;

             B.challenge_sent=random_number();

             T.challenge_received=B.challenge_sent;

             //old session

             B.response_received=T.response_received;

             if((B.response_received)==(B.challenge_remember+B.shared_key))

                        {

                         sound(100);

                         delay(500);

                         printf("\n Trudy is authenticated!!!");

                         nosound();

                        }

             else

                        printf("\n whats this");

       }

   else

            {

             printf("\n\n trudy does not want to hack the system!!!");

             goto label1;

            }

            getch();

            detectgraph(&gd,&gm);

            initgraph(&gd,&gm,"c:\\turboc3\\bgi");

            rectangle(150,150,200,310);

            outtextxy(152,220,"ALICE");

            rectangle(400,150,450,310);

            outtextxy(420,220,"Trudy");

            outtextxy(220,160,"1.request,challenge");

            line(395,165,400,170);

            line(395,175,400,170);

            line(200,170,400,170);//line1

            outtextxy(220,160+30,"2.response,challenge");

            line(205,195,200,200);

            line(205,205,200,200);

            line(x1,y1+30,x2,y2+30); //line2

            outtextxy(220,160+60,"3.request,challenge");

            line(395,165+30+30,400,170+30+30);

            line(395,175+30+30,400,170+30+30);

            line(x1,y1+30+30,x2,y2+30+30);        //line3

            outtextxy(220,160+90,"4.response,challenge");

            line(205,195+60,200,200+60);

            line(205,205+60,200,200+60);

            line(x1,y1+30+30+30,x2,y2+30+30+30);//line4

            outtextxy(220,160+120,"5.response");

            line(395,165+30+30+60,400,170+30+30+60);

            line(395,175+30+30+60,400,170+30+30+60);

            line(x1,y1+30+30+30+30,x2,y2+30+30+30+30);//line5

label1:

   getch();

  }

int random_number()

  {

   int a;

   a=rand()%100;

   return(a);

  }

int accept_key()

  {

   int a;

   printf("\n Enter the shared key between A and B :: ");

   scanf("%d",&a);

   return(a);

  }

OUTPUT:

 Trudy want to send request to Bob on behalf of A

 To allow this action press (1.Allow 2.Dont allow) :: 1

 Enter the shared key between A and B :: 5

 the challenge generated by trudy is :: 46

 Trudy is authenticated!!!