16.7 THE NEEDHAM–SCHROEDER KEY DISTRIBUTION PROTOCOL [NEEDHAM AND SCHROEDER, 1998]
This paper describes a protocol for a key server to generate and deliver a session key to the pair of users User_ID[A] and User_ID[B]. Two user-authentication issues arise when a common session key is used in a session User_ID[A] ↔ User_ID[B].
| A1. | Is User_ID[A] really communicating with User_ID[B]? |
| A2. | Is User_IDB really communicating with User_ID[A]? |
This paper considers two protocols: the first for users enciphering with a symmetric key cryptosystem, the second for users enciphering with a public key cryptosystem (PKC).
16.7.1 Needham–Schroeder Using a Symmetric Key Cryptosystem
The key server is assumed to securely store
- The (secret) key K(ID[A]) of User_ID[A] with identifier ID[A], and
- The (secret) key K(ID[B]) of User_ID[B] with identifier ID[B].
It is assumed that
- Only the key server and a user have knowledge of the user's secret key, and
- It is not feasible to decipher messages without the key.
16.7.2 The Key Server Generates and Delivers a Session Key KS for a User_ID[A] ↔ User_ID[B] Session
The key exchange process is composed of the following steps:
1a. User_ID[A] contacts the key server and requests a session key KS be generated for a User_ID[A] ↔ User_ID[B] session (Fig. 16.8). The message REQ = (ID[A], ID[B], N
A) is transmitted in the clear to the key server by User_ID[A] ...
Get Computer Security and Cryptography now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
