# Woo–Lam

(Redirected from Woo Lam 92 (protocol))

In cryptography, Woo–Lam refers to various computer network authentication protocols designed by Simon S. Lam and Thomas Woo.[1][2] The protocols enable two communicating parties to authenticate each other's identity and to exchange session keys, and involve the use of a trusted key distribution center (KDC) to negotiate between the parties. Both symmetric-key and public-key variants have been described. However, the protocols suffer from various security flaws, and in part have been described as being inefficient compared to alternative authentication protocols.[3]

## Public-key protocol

### Notation

The following notation is used to describe the algorithm:

$A,B$ - network nodes.
$KU_x$ - public key of node $x$.
$KR_x$ - private key of $x$.
$N_x$ - nonce chosen by $x$.
$ID_x$ - unique identifier of $x$.
$E_k$ - public-key encryption using key $k$.
$S_k$ - digital signature using key $k$.
$K$ - random session key chosen by the KDC.
$||$ - concatenation.

It is assumed that all parties know the KDC's public key.

### Message exchange

$1) A \rightarrow KDC : ID_A || ID_B$
$2) KDC \rightarrow A : S_{KR_{KDC}}[ID_B||KU_B]$
$3) A \rightarrow B : E_{KU_B}[N_A||ID_A]$
$4) B \rightarrow KDC: ID_B||ID_A||E_{KU_{KDC}}[N_A]$
$5) KDC \rightarrow B : S_{KR_{KDC}}[ID_A||KU_A]||E_{KU_B}[S_{KR_{KDC}}[N_A||K||ID_B||ID_A]]$
$6) B \rightarrow A : E_{KU_A}[S_{KR_{KDC}}[N_A || K || ] || N_B]]$
$7) A \rightarrow B : E_{K}[N_B]$

The original version of the protocol[4] had the identifier $ID_A$ omitted from lines 5 and 6, which did not account for the fact that $N_A$ is unique only among nonces generated by A and not by other parties. The protocol was revised after the authors themselves spotted a flaw in the algorithm.[1][3]