Woo–Lam

In cryptography, Woo–Lam refers to various computer network authentication protocols designed by Simon S. Lam and Thomas Woo.^[1]^[2] The protocols enable two communicating parties to authenticate each other's identity and to exchange session keys, and involve the use of a trusted key distribution center (KDC) to negotiate between the parties. Both symmetric-key and public-key variants have been described. However, the protocols suffer from various security flaws, and in part have been described as being inefficient compared to alternative authentication protocols.^[3]

Public-key protocol [edit]

Notation [edit]

The following notation is used to describe the algorithm:

$A,B$ - network nodes.

$KU_x$ - public key of node $x$ .

$KR_x$ - private key of $x$ .

$N_x$ - nonce chosen by $x$ .

$ID_x$ - unique identifier of $x$ .

$E_k$ - public-key encryption using key $k$ .

$S_k$ - digital signature using key $k$ .

$K$ - random session key chosen by the KDC.

$||$ - concatenation.

It is assumed that all parties know the KDC's public key.

Message exchange [edit]

$1) A \rightarrow KDC : ID_A || ID_B$

$2) KDC \rightarrow : S_{KR_{KDC}}[ID_B||KU_B]$

$3) A \rightarrow B : E_{KU_B}[N_A||ID_A]$

$4) B \rightarrow KDC: ID_B||ID_A||E_{KU_{KDC}}[N_A]$

$5) KDC \rightarrow B : S_{KR_{KDC}}[ID_A||KU_A]||E_{KU_B}[S_{KR_{KDC}}[N_A||K||ID_B||ID_A]]$

$6) B \rightarrow A : E_{KU_A}[S_{KR_{KDC}}[N_A || K || ID_A || ID_B ] || N_B]]$

$7) A \rightarrow B : E_{K}[N_B]$

The original version of the protocol^[4] had the identifier $ID_A$ omitted from lines 5 and 6, which did not account for the fact that $N_A$ is unique only among nonces generated by A and not by other parties. The protocol was revised after the authors themselves spotted a flaw in the algorithm.^[1]^[3]

References [edit]

^ ^a ^b T.Y.C. Woo, S.S. Lam (March 1992). "Authentication Revisited". Computer (IEEE) 25 (3). doi:10.1109/2.121502.
^ Colin Boyd, Anish Mathuria (2003). Protocols for authentication and key establishment. Springer. p. 78 and 99. ISBN 978-3-540-43107-7.
^ ^a ^b Stallings, William (2005). Cryptography and Network Security Principles and Practices, Fourth Edition. Prentice Hall. p. 387. ISBN 0-13-187316-4.
^ Thomas Y.C. Woo, Simon S. Lam (January 1992). Authentication for Distributed Systems 25 (1). IEEE. pp. 39–52. doi:10.1109/2.108052.

This cryptography-related article is a stub. You can help Wikipedia by expanding it.

[woo-lam-2-1] T.Y.C. Woo, S.S. Lam (March 1992). "Authentication Revisited". Computer (IEEE) 25 (3). doi:10.1109/2.121502.

[boyd-mathuria-2] Colin Boyd, Anish Mathuria (2003). Protocols for authentication and key establishment. Springer. p. 78 and 99. ISBN 978-3-540-43107-7.

[stallings-3] Stallings, William (2005). Cryptography and Network Security Principles and Practices, Fourth Edition. Prentice Hall. p. 387. ISBN 0-13-187316-4.

[woo-lam-1-4] Thomas Y.C. Woo, Simon S. Lam (January 1992). Authentication for Distributed Systems 25 (1). IEEE. pp. 39–52. doi:10.1109/2.108052.

[1]

[2]

[3]

[4]

Woo–Lam

Contents

Public-key protocol [edit]

Notation [edit]

Message exchange [edit]

See also [edit]

References [edit]

Navigation menu

Personal tools

Namespaces

Variants

Views

Actions

Search

Navigation

Interaction

Toolbox

Print/export

Languages