Misplaced Pages

Woo–Lam

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
(Redirected from Woo Lam 92 (protocol))

In cryptography, Woo–Lam refers to various computer network authentication protocols designed by Simon S. Lam and Thomas Woo. The protocols enable two communicating parties to authenticate each other's identity and to exchange session keys, and involve the use of a trusted key distribution center (KDC) to negotiate between the parties. Both symmetric-key and public-key variants have been described. However, the protocols suffer from various security flaws, and in part have been described as being inefficient compared to alternative authentication protocols.

Public-key protocol

Notation

The following notation is used to describe the algorithm:

A , B {\displaystyle A,B} - network nodes.
K U x {\displaystyle KU_{x}} - public key of node x {\displaystyle x} .
K R x {\displaystyle KR_{x}} - private key of x {\displaystyle x} .
N x {\displaystyle N_{x}} - nonce chosen by x {\displaystyle x} .
I D x {\displaystyle ID_{x}} - unique identifier of x {\displaystyle x} .
E k {\displaystyle E_{k}} - public-key encryption using key k {\displaystyle k} .
S k {\displaystyle S_{k}} - digital signature using key k {\displaystyle k} .
K {\displaystyle K} - random session key chosen by the KDC.
| | {\displaystyle ||} - concatenation.

It is assumed that all parties know the KDC's public key.

Message exchange

1 ) A K D C : I D A | | I D B {\displaystyle 1)A\rightarrow KDC:ID_{A}||ID_{B}}
2 ) K D C A : S K R K D C [ I D B | | K U B ] {\displaystyle 2)KDC\rightarrow A:S_{KR_{KDC}}}
3 ) A B : E K U B [ N A | | I D A ] {\displaystyle 3)A\rightarrow B:E_{KU_{B}}}
4 ) B K D C : I D B | | I D A | | E K U K D C [ N A ] {\displaystyle 4)B\rightarrow KDC:ID_{B}||ID_{A}||E_{KU_{KDC}}}
5 ) K D C B : S K R K D C [ I D A | | K U A ] | | E K U B [ S K R K D C [ N A | | K | | I D B | | I D A ] ] {\displaystyle 5)KDC\rightarrow B:S_{KR_{KDC}}||E_{KU_{B}}]}
6 ) B A : E K U A [ S K R K D C [ N A | | K ] | | N B ] {\displaystyle 6)B\rightarrow A:E_{KU_{A}}||N_{B}]}
7 ) A B : E K [ N B ] {\displaystyle 7)A\rightarrow B:E_{K}}

The original version of the protocol had the identifier I D A {\displaystyle ID_{A}} omitted from lines 5 and 6, which did not account for the fact that N A {\displaystyle N_{A}} is unique only among nonces generated by A and not by other parties. The protocol was revised after the authors themselves spotted a flaw in the algorithm.

See also

References

  1. ^ T.Y.C. Woo; S.S. Lam (March 1992). "Authentication Revisited". Computer. 25 (3): 10. doi:10.1109/2.121502.
  2. Colin Boyd; Anish Mathuria (2003). Protocols for authentication and key establishment. Springer. p. 78 and 99. ISBN 978-3-540-43107-7.
  3. ^ Stallings, William (2005). Cryptography and Network Security Principles and Practices, Fourth Edition. Prentice Hall. p. 387. ISBN 978-0-13-187316-2.
  4. Thomas Y.C. Woo; Simon S. Lam (January 1992). "Authentication for Distributed Systems". Computer. 25 (1): 39–52. CiteSeerX 10.1.1.38.9374. doi:10.1109/2.108052.
Authentication
Authentication
APIs
Authentication
protocols


Stub icon

This cryptography-related article is a stub. You can help Misplaced Pages by expanding it.

Categories: