16.7 THE NEEDHAM–SCHROEDER KEY DISTRIBUTION PROTOCOL [NEEDHAM AND SCHROEDER, 1998]
This paper describes a protocol for a key server to generate and deliver a session key to the pair of users User_ID[A] and User_ID[B]. Two user-authentication issues arise when a common session key is used in a session User_ID[A] ↔ User_ID[B].
A1. | Is User_ID[A] really communicating with User_ID[B]? |
A2. | Is User_IDB really communicating with User_ID[A]? |
This paper considers two protocols: the first for users enciphering with a symmetric key cryptosystem, the second for users enciphering with a public key cryptosystem (PKC).
16.7.1 Needham–Schroeder Using a Symmetric Key Cryptosystem
The key server is assumed to securely store
- The (secret) key K(ID[A]) of User_ID[A] with identifier ID[A], and
- The (secret) key K(ID[B]) of User_ID[B] with identifier ID[B].
It is assumed that
- Only the key server and a user have knowledge of the user's secret key, and
- It is not feasible to decipher messages without the key.
16.7.2 The Key Server Generates and Delivers a Session Key KS for a User_ID[A] ↔ User_ID[B] Session
The key exchange process is composed of the following steps:
1a. User_ID[A] contacts the key server and requests a session key KS be generated for a User_ID[A] ↔ User_ID[B] session (Fig. 16.8). The message REQ = (ID[A], ID[B], NA) is transmitted in the clear to the key server by User_ID[A] ...
Get Computer Security and Cryptography now with the O’Reilly learning platform.
O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.