Scribd Logo
Upload

Welcome to Scribd!

  • The Needham-Schroeder Protocol

    Uploaded by

    supreeth Athreyas
    2 views2 pages
    The Needham-Schroeder protocol aims to provide mutual authentication through challenge-response messages but is susceptible to impersonation attacks. An insider attacker can intercept messages between parties to obtain their session key, allowing the attacker to impersonate the intended recipient. The protocol is updated to include the recipient's identity in the encrypted ticket from the KDC to prevent this attack by confirming the intended communication parties. Impersonation can also arise from replay or compromised long-term key attacks for any security protocol.

    Original Description:

    Computer security and networking assignments

    Original Title

    Cns assg

    Copyright

    © © All Rights Reserved

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The Needham-Schroeder protocol aims to provide mutual authentication through challenge-response messages but is susceptible to impersonation attacks. An insider attacker can intercept messages between parties to obtain their session key, allowing the attacker to impersonate the intended recipient. The protocol is updated to include the recipient's identity in the encrypted ticket from the KDC to prevent this attack by confirming the intended communication parties. Impersonation can also arise from replay or compromised long-term key attacks for any security protocol.

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as doc, pdf, or txt
    2 views2 pages

    The Needham-Schroeder Protocol

    Uploaded by

    supreeth Athreyas
    The Needham-Schroeder protocol aims to provide mutual authentication through challenge-response messages but is susceptible to impersonation attacks. An insider attacker can intercept messages between parties to obtain their session key, allowing the attacker to impersonate the intended recipient. The protocol is updated to include the recipient's identity in the encrypted ticket from the KDC to prevent this attack by confirming the intended communication parties. Impersonation can also arise from replay or compromised long-term key attacks for any security protocol.

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as doc, pdf, or txt
    of 2

    THE NEEDHAM-SCHROEDER PROTOCOL

    Figure 12 2(a) enhances the protocol of Fig. 12.1 to provide mutual authentication by including a
    challenge-response phase (Messages 3. 4. and 5). Here, both sides proceed to challenge to prove
    knowledge of the session key, KAB. The challenge is a nonce. The response involves decrementing the
    nonce and encrypting the nonce with the session key, K AB. In addition, the KDC encloses the ticket to B
    in its message to A (Message 2). A 21. A then forward the ticket together with her challenge to B in
    Message 3.

    Preliminary Version 1 & Man-in-the-middle :-

    The protocol in Fig. 12 2(a) is susceptible to an impersonation attack shown in Fig. 12.2(b). The attacker,
    X, is an insider who shares a long-term key with the KDC

    1)The attacker,X, intercepts Message 1, substitutes "B" for "X" and sends the modified message to the
    KDC

    2)In response, the KDC creates a ticket encrypted with X's long-term key and sends it to in Message 2

    3)Now X intercepts Message 3. He decrypes the ticket using the long-term secret he shares with the
    KDC.He thus obtains the session key, KAX.

    4) Message 3 also contains A's challenge R1. X uses the session key, K AX to decrypt the part of the
    message containing A's challenge. He successfully responds to A's challenge in Message 4.

    Thus, X successfully impersonates B to A

    A fix to the protocol is to include B's identity in the encrypted message from the KDC A Message 2. The
    modified message is
    EA { KAB, "B", EB, {"A", KAB }}

    Now, after A recieves and decrypt Message 2, she checks whether B's identity is contained inside the
    message. The presence of B's identity confirms to A that the KDC knows that A wishes to communicate
    with B. The modified protocol is shown in Fig 12.3(a).

    The previous attempt at impersonation involves a man-in-the-middle attack. Impersonation also be a


    consequence of replay attacks in senarios involving compromised passwords or long-term keys. Trivially,
    a compromised key opens the door to impersonation attacks. Any security protocol is susceptible to
    such attacks, not just the current one.

    SUPREETH S ATHREYAS

    1JT17CS048

    You might also like