Yahalom (protocol)
This article includes a list of references, related reading, or external links, but its sources remain unclear because it lacks inline citations. (June 2013) |
Yahalom is an authentication and secure key-sharing protocol designed for use on an insecure network such as the Internet. Yahalom uses a trusted arbitrator to distribute a shared key between two people. This protocol can be considered as an improved version of Wide Mouth Frog protocol (with additional protection against man-in-the-middle attack), but less secure than the Needham–Schroeder protocol.
Protocol description
[edit]If Alice (A) initiates the communication to Bob (B) with S is a server trusted by both parties, the protocol can be specified as follows using security protocol notation:
- A and B are identities of Alice and Bob respectively
- is a symmetric key known only to A and S
- is a symmetric key known only to B and S
- and are nonces generated by A and B respectively
- is a symmetric, generated key, which will be the session key of the session between A and B
- Alice sends a message to Bob requesting communication.
- Bob sends a message to the Server encrypted under .
- The Server sends to Alice a message containing the generated session key and a message to be forwarded to Bob.
- Alice forwards the message to Bob and verifies has not changed. Bob will verify has not changed when he receives the message.
BAN-Yahalom
[edit]Burrows, Abadi and Needham proposed a variant of this protocol in their 1989 paper as follows:[1]
In 1994, Paul Syverson demonstrated two attacks on this protocol.[1]
See also
[edit]References
[edit]- ^ a b Paul Syverson. A taxonomy of replay attacks. In Proceedings of the 7th IEEE Computer Security Foundations Workshop, pages 131–136. IEEE Computer Society Press, 1994.
- Schneier, Bruce (1996). Applied Cryptography. John Wiley & Sons. pp. 57–58. ISBN 0-471-12845-7.
- M. Burrows, M. Abadi, R. Needham A Logic of Authentication, Research Report 39, Digital Equipment Corp. Systems Research Center, Feb. 1989
- M. Burrows, M. Abadi, R. Needham A Logic of Authentication. ACM Transactions on Computer Systems, v. 8, n. 1, Feb. 1990, pp. 18—36