Yahalom is an authentication and secure key-sharing protocol designed for use on an insecure network such as the Internet. Yahalom uses a trusted arbitrator to distribute a shared key between two people. This protocol can be considered as an improved version of

Wide Mouth Frog protocol The Wide-Mouth Frog protocol is a computer network authentication protocol designed for use on insecure networks (the Internet for example). It allows individuals communicating over a network to prove their identity to each other while also preventi ...

(with additional protection against

man-in-the-middle attack In cryptography and computer security, a man-in-the-middle, monster-in-the-middle, machine-in-the-middle, monkey-in-the-middle, meddler-in-the-middle, manipulator-in-the-middle (MITM), person-in-the-middle (PITM) or adversary-in-the-middle (AiTM) ...

), but less secure than the

Needham–Schroeder protocol The Needham–Schroeder protocol is one of the two key transport protocols intended for use over an insecure network, both proposed by Roger Needham and Michael Schroeder. These are: * The ''Needham–Schroeder Symmetric Key Protocol'', based on ...

Protocol description

If Alice (A) initiates the communication to Bob (B) with S is a server trusted by both parties, the protocol can be specified as follows using

security protocol notation In cryptography, security (engineering) protocol notation, also known as protocol narrations and Alice & Bob notation, is a way of expressing a protocol of correspondence between entities of a dynamic system, such as a computer network. In the cont ...

: * A and B are identities of Alice and Bob respectively *

K_

is a

symmetric key Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext. The keys may be identical, or there may be a simple transformation to go between t ...

known only to A and S *

K_

is a symmetric key known only to B and S *

N_A

and

N_B

are nonces generated by A and B respectively *

K_

is a symmetric, generated key, which will be the

session key A session key is a single-use symmetric key used for encrypting all messages in one communication session. A closely related term is content encryption key (CEK), traffic encryption key (TEK), or multicast key which refers to any key used for en ...

of the session between A and B

A \rightarrow B: A, N_A

:Alice sends a message to Bob requesting communication.

B \rightarrow S: B,\_

:Bob sends a message to the Server encrypted under

K_

S \rightarrow A: \_, \_

:The Server sends to Alice a message containing the generated session key

K_

and a message to be forwarded to Bob.

A \rightarrow B: \_, \_

:Alice forwards the message to Bob and verifies

N_A

has not changed. Bob will verify

N_B

has not changed when he receives the message.

BAN-Yahalom

Burrows􏰂, Abadi􏰂 and Needham proposed a variant of this protocol in their 1989 paper as follows:Paul Syverson
A taxonomy of replay attacks
In ''Proceedings of the 7th IEEE Computer Security Foundations Workshop'', pages 131􏰀–136. IEEE Computer Society Press, 1994.

A \rightarrow B: A, N_A

B \rightarrow S: B, N_B, \_

S \rightarrow A: N_B, \_, \_

A \rightarrow B: \_, \_

In 1994, Paul Syverson demonstrated two attacks on this protocol.

References

* * M. Burrows, M. Abadi, R. Needha
A Logic of Authentication
Research Report 39, Digital Equipment Corp. Systems Research Center, Feb. 1989 * M. Burrows, M. Abadi, R. Needha
A Logic of Authentication
ACM Transactions on Computer Systems, v. 8, n. 1, Feb. 1990, pp. 18—36 Cryptographic protocols Computer access control protocols {{crypto-stub

Protocol description

BAN-Yahalom

See also

References