16.7 THE NEEDHAM–SCHROEDER KEY DISTRIBUTION PROTOCOL [NEEDHAM AND SCHROEDER, 1998]
This paper describes a protocol for a key server to generate and deliver a session key to the pair of users User_ID[A] and User_ID[B]. Two user-authentication issues arise when a common session key is used in a session User_ID[A] ↔ User_ID[B].
|A1.||Is User_ID[A] really communicating with User_ID[B]?|
|A2.||Is User_IDB really communicating with User_ID[A]?|
This paper considers two protocols: the first for users enciphering with a symmetric key cryptosystem, the second for users enciphering with a public key cryptosystem (PKC).
16.7.1 Needham–Schroeder Using a Symmetric Key Cryptosystem
The key server is assumed to securely store
- The (secret) key K(ID[A]) of User_ID[A] with identifier ID[A], and
- The (secret) key K(ID[B]) of User_ID[B] with identifier ID[B].
It is assumed that
- Only the key server and a user have knowledge of the user's secret key, and
- It is not feasible to decipher messages without the key.
16.7.2 The Key Server Generates and Delivers a Session Key KS for a User_ID[A] ↔ User_ID[B] Session
The key exchange process is composed of the following steps:
1a. User_ID[A] contacts the key server and requests a session key KS be generated for a User_ID[A] ↔ User_ID[B] session (Fig. 16.8). The message REQ = (ID[A], ID[B], NA) is transmitted in the clear to the key server by User_ID[A] ...