16.7 THE NEEDHAM–SCHROEDER KEY DISTRIBUTION PROTOCOL [NEEDHAM AND SCHROEDER, 1998]

This paper describes a protocol for a key server to generate and deliver a session key to the pair of users User_ID[A] and User_ID[B]. Two user-authentication issues arise when a common session key is used in a session User_ID[A] ↔ User_ID[B].

    A1. Is User_ID[A] really communicating with User_ID[B]?
    A2. Is User_IDB really communicating with User_ID[A]?

This paper considers two protocols: the first for users enciphering with a symmetric key cryptosystem, the second for users enciphering with a public key cryptosystem (PKC).

16.7.1 Needham–Schroeder Using a Symmetric Key Cryptosystem

The key server is assumed to securely store

  • The (secret) key K(ID[A]) of User_ID[A] with identifier ID[A], and
  • The (secret) key K(ID[B]) of User_ID[B] with identifier ID[B].

It is assumed that

  • Only the key server and a user have knowledge of the user's secret key, and
  • It is not feasible to decipher messages without the key.

16.7.2 The Key Server Generates and Delivers a Session Key KS for a User_ID[A] ↔ User_ID[B] Session

The key exchange process is composed of the following steps:

1a.   User_ID[A] contacts the key server and requests a session key KS be generated for a User_ID[A] ↔ User_ID[B] session (Fig. 16.8). The message REQ = (ID[A], ID[B], NimageA) is transmitted in the clear to the key server by User_ID[A] ...

Get Computer Security and Cryptography now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.