mutual authentication in STS protocol

STS Protocol is like this:

1. $A \rightarrow B:~ g^x$
2. $A \leftarrow B:~ g^y, E_K(S_B(g^y, g^x))$
3. $A \rightarrow B:~ E_K(S_A(g^x, g^y))$

My question is why do we say in STS we have mutual authentication? For example:

1. $A \rightarrow C: g^x$
2. $C \rightarrow B: g^x$
3. $C \leftarrow B: g^y, E_K(S_B(g^y, g^x))$
4. $A \leftarrow C: g^y, E_K(S_B(g^y, g^x))$

so A will authenticate C instead of B!

The main problem in this question is the role of C.
Here C is not doing anything other than transferring the data. so it somehow acts like a wire. so it won't be counted in the protocol.

The question (with the specific "attack") has been answered in detail in Sec 1.5.6, Attack/ Figure 1.6 .

Essentially, it depends on the specific definition of "mutual authentication", or more generally, authentication goals. In the cited work, the definition of "mutual authentication" (Def. 14 below) is reached, since both parties can verify that the messages originate from the respective party. For example, A knows that the message $g^y, E_K(S_B(g^y, g^x))$ come from B by verifying $S_B$, and thus that B has knowledge of the content.

However, the definition of "strong entity authentication" (see Def. 13 below) is not met, since "A would be wrong to conclude, after a successful run, that B wishes to communicate with her." Sec 1.5.6

"Definition 13. Strong entity authentication of A to B is provided if B has a fresh assurance that A has knowledge of B as her peer entity" Def 13., Strong Entity Authentication

"Definition 14. Mutual authentication occurs if both entities are authenticated to each other in the same protocol. Unilateral authentication (sometimes called one-way au- thentication) occurs if only one entity is authenticated to the other." Def 14., Mutual Authentication

Let’s say servent, In a server-client model both sides must be identified. During the authentication phase of the key with authentication, the client Ci is identified with the evaluation of MACk (IDCi, TCi, R, R), while the server with the evaluation of MACk = (IDCi, TCi, L), respectively. An attacker can not create a valid session if he does not know the real identity of the client, and calculate the commonly calculated value R and the correct k = H3 (IDCi, TCi, R, R).

Resistance to de-synchronized attack,

Creating a new AID requires a modern calculation for both sides. If the client does not receive the message from the server, it may not be able to connect to it. So it's a reasonable assumption that mutual authentication with a key exchange protocol is just the beginning of the session, followed by a secure message exchange. During this exchange, an important process for the protocol takes place. If the server does not receive a message after the mutual authentication, the server will know that the client may not receive the messages and stop updating the AID with a new value.