Yahalom (protocol)

Yahalom is an authentication and secure key-sharing protocol designed for use on an insecure network such as the Internet. Yahalom uses a trusted arbitrator to distribute a shared key between two people. This protocol can be considered as an improved version of Wide Mouth Frog protocol (with additional protection against man-in-the-middle attack), but less secure than Needham-Schroeder.

Protocol description

If Alice (A) initiates the communication to Bob (B) with S is a server trusted by both parties, the protocol can be specified as follows using security protocol notation:

A and B are identities of Alice and Bob respectively
$K_{AS}$ is a symmetric key known only to A and S
$K_{BS}$ is a symmetric key known only to B and S
$N_A$ and $N_B$ are nonces generated by A and B respectively
$K_{AB}$ is a symmetric, generated key, which will be the session key of the session between A and B

$A \rightarrow B: A, N_A$

Alice sends a message to Bob requesting communication.

$B \rightarrow S: B,\{A, N_A, N_B\}_{K_{BS}}$

Bob sends a message to the Server encrypted under

K_{BS}

$S \rightarrow A: \{B, K_{AB}, N_A, N_B\}_{K_{AS}}, \{A, K_{AB}\}_{K_{BS}}$

The Server sends to Alice a message containing the generated session key

K_{AB}

and a message to be forwarded to Bob.

$A \rightarrow B: \{A, K_{AB}\}_{K_{BS}}, \{N_B\}_{K_{AB}}$

Alice forwards the message to Bob and verifies

N_A

has not changed. Bob will verify

N_B

has not changed when he receives the message.

References

Schneier, Bruce (1996). Applied Cryptography. John Wiley & Sons. pp. 57–58. ISBN 0-471-12845-7.
M. Burrows, M. Abadi, R. Needham A Logic of Authentication, Research Report 39, Digital Equipment Corp. Systems Research Center, Feb. 1989
M. Burrows, M. Abadi, R. Needham A Logic of Authentication. ACM Transactions on Computer Systems, v. 8, n. 1, Feb. 1990, pp. 18—36

Yahalom (protocol)

Protocol description

See also

References