Professional Documents
Culture Documents
Needham-Schroeder Protocol
1. Alice Cathy : { Alice || Bob || rand1} 2. Cathy Alice : {Alice || Bob || rand1||ksession , {Alice || ksession} kBob } kAlice 3. Alice Bob : {Alice || ksession} kBob 4. Bob Alice : {rand2} ksession 5. Alice Bob : {rand2 - 1} ksession
Needham-Schroeder Protocol
In this protocol, rand1 and rand2 are two numbers generated at random and are called Nonces When Bob receives 3rd message and deciphers it he sees that the message names Alice. He deciphers with the key he shares only with Cathy This assures that Cathy is vouching that she generated ksession so that Bob can communicate with Alice.
Needham-Schroeder Protocol
Bob trusts that Cathy sent the message to Alice and Alice forwarded it to him Now, Alice need to convince that she is talking with Bob. This is done in the following way: When Alice receives second message from Cathy, she deciphers it and checks { Alice || Bob || rand1} are present. This assures that Cathy have sent the message and it was response to first message (as rand1 is present)
NS Protocol - Drawback
NS Protocol assumes that all cryptographic keys are secure In practice session keys are generated pseudorandomly Depending on the algorithm used, it may be possible to predict such keys.
NS Protocol - Drawback
Assuming NS protocol is used with insecure session key and random function, the scenario will be: 1. Eve Bob : {Alice || ksession} kBob (replay) 2. Bob Alice : {rand3} ksession (intercepted by Eve) 3. Eve Bob : {rand3 - 1} ksession
NS Protocol
This leads to a new protocol named Denning and Sacco Protocol using timestamps enabling Bob to detect this replay
Kerboros Protocol
Uses Needham Schroeder Protocol as modified by Denning and Sacco If Alice wants to use server S, Kerboros needs her to use two servers to obtain a credential that will authenticate her to S Two Servers are 1. Authentication Server 2. Ticket Granting Server
kAlice, Barnum = Session Key that Alice and Barnum shares kt = alternative session key generation time = time in which authenticator was created
Kerboros Protocol
Alice generates an authenticator whenever she sends a ticket She sends both ticket and authenticator in the same message
TAlice,
Barnum validates the request by comparing data in authenticator with data in the ticket
Kerboros Protocol-Drawbacks
Kerboros relies on clocks being synchronized In Kerboros 5, authenticators are valid for 5 minutes, so tickets and authenticators can be replayed Because the tickets have some fixed fields a dictionary attack can be used to determine keys shared by services or users and the ticket granting service or authentication service