I am working on the exercise below which ask about whether it is possible to attack the following key exchange protocol on sharing session key $K_s$ between user $X$ and $Y$:
$X \rightarrow Y : X \| r$
$Y \rightarrow X : E (r \| K_s, K_{xy})$
$X \rightarrow Y : E (r, K_s)$
where $K_{xy}$ is a pre-shared secret key between user $X$ and $Y$, $K_s$ is a session key, $E(m, k)$ is symmetric key encryption on message $m$, with key $k$
It appears to me that it is secure. Could any one can give me a hand or some hints on possible attack ?