needham-schroeder

Needham-Schroeder is a computer network authentication protocol designed for use on insecure networks (the Internet for example), invented by Needham and Schroeder. It allows individuals communicating over a network to prove their identity to each other while also preventing evesdropping or replay attacks, and provides for detection of modification and the prevention of unauthorized reading. The protocol can be specified as follows in security protocol notation, where Alice (A) is authenticating herself to Bob (B) using a server (S):

A \rightarrow S: A,B,N_A

Alice tells the server she wants to communicate with Bob.

S \rightarrow A: \{N_A, K_{AB}, B, \{K_{AB}, A\}_{K_{BS}}\}_{K_{AS}}

The server generates

{K_{AB}}

and sends a copy encrypted under

{K_{BS}}

for Alice to forward to Bob and also a copy for Alice. The nonce assures Alice that the message is fresh.

A \rightarrow B: \{K_{AB}, A\}_{K_{BS}}

Alice forwards the key to Bob.

B \rightarrow A: \{N_B\}_{K_{AB}}

Bob sends Alice a nonce encrypted under

{K_{AB}}

to show that he has the key.

A \rightarrow B: \{N_B+1\}_{K_{AB}}

Alice performs a simple operation on the nonce, re-encrypts it and sends it back verifying that she is still alive and that she holds the key.

This protocol is no longer considered secure as Bob does not know if the key is fresh. If someone obtains an old key they can perform a replay attack and convince Bob that the key they hold is Alice's current key.

Needham-schroeder

See also