[go: up one dir, main page]
Scribd
Upload
7 views6 pages

NSKDC

The Needham-Schroeder protocol facilitates secure communication between Alice and Bob through a Key Distribution Center (KDC) that generates unique shared keys for each pair. The protocol involves a series of steps where nonce values are used to verify identities and establish secure keys. Additionally, Kerberos is introduced as a network authentication protocol that centralizes authentication through a trusted third party, allowing for mutual authentication and secure access to services.

Uploaded by

deysarnabhahope
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
7 views6 pages

NSKDC

The Needham-Schroeder protocol facilitates secure communication between Alice and Bob through a Key Distribution Center (KDC) that generates unique shared keys for each pair. The protocol involves a series of steps where nonce values are used to verify identities and establish secure keys. Additionally, Kerberos is introduced as a network authentication protocol that centralizes authentication through a trusted third party, allowing for mutual authentication and secure access to services.

Uploaded by

deysarnabhahope
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

NEEDHAM SCHROEDER ( CHALLENGE RESPONSE )

• Authentication protocol

• Here Key distribution center (KDC) uses separate share key for each sender/receiver.

• If ALICE and BOB want to communicate with each other they should first communicate
with Key distribution center (KDC). KDC generates a new share key for ALICE and BOB.
NEEDHAM SCHROEDER ( CHALLENGE RESPONSE )

CREATES
RANDOM CREATES
1. KDC{ALICE, BOB, NA}KAT 3. BOB{K,ALICE}KBT RANDOM
NA
NB
4. {I AM BOB, NB}K
KDC ALICE BOB

2. ALICE{NA,K, BOB, {K,ALICE}KBT}KAT 5. {I AM ALICE, NB}K

• ALICE and KDC share a key KAT


• BOB and KDC share a key KBT

STEP 1 : Alice create random NA and send to KDC : {ALICE, BOB,NA}

STEP 2 : KDC generates K at random and send to ALICE : {NA,K, BOB{K,ALICE}KBT}KAT

STEP 3 : ALICE decrypts and check her known NA, After checking BOB’s identity
she send the remaining part to BOB : {K,ALICE}KBT

STEP 4 : BOB decrypts and check ALICE identity and creates random NB and send to ALICE :
{I AM BOB/ NB}K
STEP 5 : ALICE send the confirmation as : {I AM ALICE/ NB}K
NEEDHAM SCHROEDER ( CHALLENGE RESPONSE )

CREATES
RANDOM CREATES
1. KDC{ALICE, BOB, NA}KAT 3. BOB{K,ALICE}KBT RANDOM
NA
NB
4. {I AM BOB, NB}K
KDC ALICE BOB

2. ALICE{NA,K, BOB, {K,ALICE}KBT}KAT 5. {I AM ALICE, NB}K

• Here we assume ALICE and BOB already have secure symmetric communication with KDC using
Keys KAT and KBT

• Here NA and NB are nonce (number used once ) , randomly generated value

• There is no way to know that k is currently generated. If attacker somehow know that k, he may
Use it anytime with BOB.
(it can be overcome by using timestamp in the message which requires synchronized clocks)-
NEEDHAM SCHROEDER ( PUBLIC KEY AUTHENTICATION PROTOCOL )

1. {ALICE, BOB}KDC
CREATES
RANDOM
NA
2. {KB, BOB}KA
ALICE KDC
3. {NA, ALICE}KB

4. {BOB, ALICE}KDC
6. {NA, NB}KA

BOB
5. {KA, ALICE}KB
CREATES
7. {NB}KB RANDOM
NB
KERBEROS

• network authentication protocol

• designed to provide strong authentication for client/server applications


by using secret key cryptography

• characteristics :
1. secure
2. only a single login is required per session
3. Concept depends on a trusted third party KDS
4. Perform mutual authentication

• Rather than building in elaborate authentication protocols at each server, KERBEROS provides a
centralized Authentication Server (AS).
Whose function is to authenticate users to server and vice versa.

• AS shares unique secret key with each server

• Kerberos introduced : -> TICKET GRANTING SERVER (TGS)

A client that wishes to use a service has to receive a ticket (a time limited cryptographic message)
Which gives it access to server

• KEY DISTRIBUTION CENTER(KDC) = AS + TGS


KERBEROS

1. {ALICE}
AUTHENTICATION
2. {KS, {ALICE, KS }KTGS }KA SERVER
A
L 3. {ALICE, KS }KTGS, {BOB, T}KS
TICKET GRANTING
I 4. {BOB, KAB }KS, {A, KAB}KB SERVER
C
E 5. {ALICE, KAB}KB, {T}KAB
BOB
6. {T+1}KAB

KS = ALICE AND TGS SESSION KEY

KAB = ALICE AND BOB SESSION KEY

T = TIMESTAMP (NONCE)

You might also like