Misplaced Pages

Yahalom (protocol)

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
This article includes a list of references, related reading, or external links, but its sources remain unclear because it lacks inline citations. Please help improve this article by introducing more precise citations. (June 2013) (Learn how and when to remove this message)

Yahalom is an authentication and secure key-sharing protocol designed for use on an insecure network such as the Internet. Yahalom uses a trusted arbitrator to distribute a shared key between two people. This protocol can be considered as an improved version of Wide Mouth Frog protocol (with additional protection against man-in-the-middle attack), but less secure than the Needham–Schroeder protocol.

Protocol description

If Alice (A) initiates the communication to Bob (B) with S is a server trusted by both parties, the protocol can be specified as follows using security protocol notation:

  • A and B are identities of Alice and Bob respectively
  • K A S {\displaystyle K_{AS}} is a symmetric key known only to A and S
  • K B S {\displaystyle K_{BS}} is a symmetric key known only to B and S
  • N A {\displaystyle N_{A}} and N B {\displaystyle N_{B}} are nonces generated by A and B respectively
  • K A B {\displaystyle K_{AB}} is a symmetric, generated key, which will be the session key of the session between A and B

A B : A , N A {\displaystyle A\rightarrow B:A,N_{A}}

Alice sends a message to Bob requesting communication.

B S : B , { A , N A , N B } K B S {\displaystyle B\rightarrow S:B,\{A,N_{A},N_{B}\}_{K_{BS}}}

Bob sends a message to the Server encrypted under K B S {\displaystyle K_{BS}} .

S A : { B , K A B , N A , N B } K A S , { A , K A B } K B S {\displaystyle S\rightarrow A:\{B,K_{AB},N_{A},N_{B}\}_{K_{AS}},\{A,K_{AB}\}_{K_{BS}}}

The Server sends to Alice a message containing the generated session key K A B {\displaystyle K_{AB}} and a message to be forwarded to Bob.

A B : { A , K A B } K B S , { N B } K A B {\displaystyle A\rightarrow B:\{A,K_{AB}\}_{K_{BS}},\{N_{B}\}_{K_{AB}}}

Alice forwards the message to Bob and verifies N A {\displaystyle N_{A}} has not changed. Bob will verify N B {\displaystyle N_{B}} has not changed when he receives the message.

BAN-Yahalom

Burrows􏰂, Abadi􏰂 and Needham proposed a variant of this protocol in their 1989 paper as follows:

A B : A , N A {\displaystyle A\rightarrow B:A,N_{A}}
B S : B , N B , { A , N A } K B S {\displaystyle B\rightarrow S:B,N_{B},\{A,N_{A}\}_{K_{BS}}}
S A : N B , { B , K A B , N A } K A S , { A , K A B , N B } K B S {\displaystyle S\rightarrow A:N_{B},\{B,K_{AB},N_{A}\}_{K_{AS}},\{A,K_{AB},N_{B}\}_{K_{BS}}}
A B : { A , K A B , N B } K B S , { N B } K A B {\displaystyle A\rightarrow B:\{A,K_{AB},N_{B}\}_{K_{BS}},\{N_{B}\}_{K_{AB}}}

In 1994, Paul Syverson demonstrated two attacks on this protocol.

See also

References

  1. ^ Paul Syverson. A taxonomy of replay attacks. In Proceedings of the 7th IEEE Computer Security Foundations Workshop, pages 131􏰀–136. IEEE Computer Society Press, 1994.
Stub icon

This cryptography-related article is a stub. You can help Misplaced Pages by expanding it.

Categories: