|
|
| Line 1: |
Line 1: |
| In [[cryptography]], '''Woo–Lam''' refers to various computer network [[authentication]] protocols designed by [[Simon S. Lam]] and Thomas Woo.<ref name="woo-lam-2"/><ref name="boyd-mathuria">{{cite book|authors=Colin Boyd, Anish Mathuria|title=Protocols for authentication and key establishment|year=2003|publisher=Springer|isbn=978-3-540-43107-7|page=78 and 99}}</ref> The protocols enable two communicating parties to authenticate each other's identity and to exchange session keys, and involve the use of a trusted [[key distribution center]] (KDC) to negotiate between the parties. Both symmetric-key and public-key variants have been described. However, the protocols suffer from various security flaws, and in part have been described as being inefficient compared to alternative authentication protocols.<ref name="stallings">{{cite book|last=Stallings|first=William|title=Cryptography and Network Security Principles and Practices, Fourth Edition|year=2005|publisher=Prentice Hall|isbn=0-13-187316-4|page=387}}</ref>
| | Hі! <br>My namе is Niamh аnd І'm a 29 years old boy from France.<br><br>Loօk аt my web site ... [http://danelleodonovan.soup.io/?sessid=6a716dab8c5dfe15139d9b3c1f1825b0 cosmetic surgery in miami florida] |
| | |
| == Public-key protocol ==
| |
| | |
| === Notation ===
| |
| | |
| The following notation is used to describe the algorithm:
| |
| :<math>A,B</math> - network nodes.
| |
| :<math>KU_x</math> - public key of node <math>x</math>.
| |
| :<math>KR_x</math> - private key of <math>x</math>.
| |
| :<math>N_x</math> - [[Cryptographic nonce|nonce]] chosen by <math>x</math>.
| |
| :<math>ID_x</math> - unique identifier of <math>x</math>.
| |
| :<math>E_k</math> - [[public-key encryption]] using key <math>k</math>.
| |
| :<math>S_k</math> - [[digital signature]] using key <math>k</math>.
| |
| :<math>K</math> - random session key chosen by the KDC.
| |
| :<math>||</math> - concatenation.
| |
| | |
| It is assumed that all parties know the KDC's public key.
| |
| | |
| === Message exchange ===
| |
| | |
| :<math>1) A \rightarrow KDC : ID_A || ID_B </math>
| |
| | |
| :<math>2) KDC \rightarrow : S_{KR_{KDC}}[ID_B||KU_B] </math>
| |
| | |
| :<math>3) A \rightarrow B : E_{KU_B}[N_A||ID_A] </math>
| |
| | |
| :<math>4) B \rightarrow KDC: ID_B||ID_A||E_{KU_{KDC}}[N_A]</math>
| |
| | |
| :<math>5) KDC \rightarrow B : S_{KR_{KDC}}[ID_A||KU_A]||E_{KU_B}[S_{KR_{KDC}}[N_A||K||ID_B||ID_A]] </math>
| |
| | |
| :<math>6) B \rightarrow A : E_{KU_A}[S_{KR_{KDC}}[N_A || K || ID_A || ID_B ] || N_B]]</math>
| |
| | |
| :<math>7) A \rightarrow B : E_{K}[N_B]</math>
| |
| | |
| The original version of the protocol<ref name="woo-lam-1">{{cite journal|authors=Thomas Y.C. Woo, Simon S. Lam|title=Authentication for Distributed Systems|date=January 1992|volume=25|issue=1|pages=39–52|publisher=IEEE|url=http://www.computer.org/portal/web/csdl/doi/10.1109/2.108052|doi=10.1109/2.108052}}</ref> had the identifier <math>ID_A</math> omitted from lines 5 and 6, which did not account for the fact that <math>N_A</math> is unique only among nonces generated by A and not by other parties. The protocol was revised after the authors themselves spotted a flaw in the algorithm.<ref name="woo-lam-2">{{cite journal|authors=T.Y.C. Woo, S.S. Lam|title=Authentication Revisited|journal=Computer|date=March 1992|volume=25|issue=3|publisher=IEEE|url=http://www.computer.org/portal/web/csdl/doi/10.1109/2.121502|doi=10.1109/2.121502}}</ref><ref name="stallings"/>
| |
| | |
| == See also ==
| |
| {{Portal|Cryptography}}
| |
| * [[Kerberos (protocol)|Kerberos]]
| |
| * [[Needham-Schroeder]]
| |
| * [[Otway-Rees]]
| |
| | |
| == References ==
| |
| | |
| {{Reflist}}
| |
| | |
| {{DEFAULTSORT:Woo-Lam}}
| |
| [[Category:Computer network security]]
| |
| [[Category:Authentication methods]]
| |
| | |
| | |
| {{Crypto-stub}}
| |
Hі!
My namе is Niamh аnd І'm a 29 years old boy from France.
Loօk аt my web site ... cosmetic surgery in miami florida