22:
1333:
89:
is an authentication and secure key-sharing protocol designed for use on an insecure network such as the
Internet. Yahalom uses a trusted arbitrator to distribute a shared key between two people. This protocol can be considered as an improved version of
1101:
603:
1221:
746:
946:
425:
859:
332:
636:
458:
280:
188:
152:
803:
776:
244:
217:
951:
466:
1106:
51:
644:
1394:
114:(A) initiates the communication to Bob (B) with S is a server trusted by both parties, the protocol can be specified as follows using
864:
343:
1370:
1303:
73:
44:
1389:
1295:
1244:
99:
819:
292:
1399:
1285:
115:
1363:
34:
814:
BurrowsôŹ°‚, AbadiôŹ°‚ and
Needham proposed a variant of this protocol in their 1989 paper as follows:
95:
91:
38:
30:
1239:
55:
1313:
1344:
1096:{\displaystyle S\rightarrow A:N_{B},\{B,K_{AB},N_{A}\}_{K_{AS}},\{A,K_{AB},N_{B}\}_{K_{BS}}}
611:
433:
255:
163:
127:
1356:
1291:
781:
754:
222:
195:
8:
1234:
247:
1266:
598:{\displaystyle S\rightarrow A:\{B,K_{AB},N_{A},N_{B}\}_{K_{AS}},\{A,K_{AB}\}_{K_{BS}}}
1299:
1316:, Research Report 39, Digital Equipment Corp. Systems Research Center, Feb. 1989
1340:
1281:
1320:
1383:
1216:{\displaystyle A\rightarrow B:\{A,K_{AB},N_{B}\}_{K_{BS}},\{N_{B}\}_{K_{AB}}}
155:
111:
608:
The Server sends to Alice a message containing the generated session key
283:
1323:. ACM Transactions on Computer Systems, v. 8, n. 1, Feb. 1990, pp. 18—36
741:{\displaystyle A\rightarrow B:\{A,K_{AB}\}_{K_{BS}},\{N_{B}\}_{K_{AB}}}
1271:
Proceedings of the 7th IEEE Computer
Security Foundations Workshop
1225:
In 1994, Paul
Syverson demonstrated two attacks on this protocol.
1332:
941:{\displaystyle B\rightarrow S:B,N_{B},\{A,N_{A}\}_{K_{BS}}}
420:{\displaystyle B\rightarrow S:B,\{A,N_{A},N_{B}\}_{K_{BS}}}
337:
Alice sends a message to Bob requesting communication.
1273:, pages 131􏰀–136. IEEE Computer Society Press, 1994.
1109:
954:
867:
822:
784:
757:
647:
614:
469:
436:
346:
295:
258:
225:
198:
166:
130:
122:
A and B are identities of Alice and Bob respectively
1215:
1095:
940:
853:
797:
770:
740:
630:
597:
452:
430:Bob sends a message to the Server encrypted under
419:
326:
274:
238:
211:
182:
146:
282:is a symmetric, generated key, which will be the
1381:
43:but its sources remain unclear because it lacks
751:Alice forwards the message to Bob and verifies
1364:
805:has not changed when he receives the message.
1194:
1180:
1158:
1122:
1074:
1038:
1016:
980:
919:
899:
719:
705:
683:
660:
576:
553:
531:
482:
398:
365:
1371:
1357:
74:Learn how and when to remove this message
1280:
190:is a symmetric key known only to B and S
1339:This cryptography-related article is a
1261:
1259:
105:
1382:
854:{\displaystyle A\rightarrow B:A,N_{A}}
327:{\displaystyle A\rightarrow B:A,N_{A}}
638:and a message to be forwarded to Bob.
1327:
1256:
94:(with additional protection against
15:
13:
14:
1411:
1395:Computer access control protocols
1319:M. Burrows, M. Abadi, R. Needham
1312:M. Burrows, M. Abadi, R. Needham
778:has not changed. Bob will verify
250:generated by A and B respectively
1331:
20:
1113:
958:
871:
826:
809:
651:
473:
350:
299:
286:of the session between A and B
1:
1250:
1343:. You can help Knowledge by
1267:A taxonomy of replay attacks
98:), but less secure than the
7:
1245:Neuman–Stubblebine protocol
1228:
10:
1416:
1326:
116:security protocol notation
100:Needham–Schroeder protocol
1321:A Logic of Authentication
1314:A Logic of Authentication
96:man-in-the-middle attack
92:Wide Mouth Frog protocol
29:This article includes a
1390:Cryptographic protocols
58:more precise citations.
1217:
1097:
942:
855:
799:
772:
742:
632:
631:{\displaystyle K_{AB}}
599:
454:
453:{\displaystyle K_{BS}}
421:
328:
276:
275:{\displaystyle K_{AB}}
240:
213:
184:
183:{\displaystyle K_{BS}}
148:
147:{\displaystyle K_{AS}}
1292:John Wiley & Sons
1218:
1098:
943:
856:
800:
798:{\displaystyle N_{B}}
773:
771:{\displaystyle N_{A}}
743:
633:
600:
455:
422:
329:
277:
241:
239:{\displaystyle N_{B}}
214:
212:{\displaystyle N_{A}}
185:
158:known only to A and S
149:
1287:Applied Cryptography
1107:
952:
865:
820:
782:
755:
645:
612:
467:
434:
344:
293:
256:
223:
196:
164:
128:
106:Protocol description
1240:Otway–Rees protocol
1400:Cryptography stubs
1213:
1093:
938:
851:
795:
768:
738:
628:
595:
450:
417:
324:
272:
236:
209:
180:
144:
31:list of references
1352:
1351:
1235:Kerberos protocol
84:
83:
76:
1407:
1373:
1366:
1359:
1335:
1328:
1309:
1274:
1263:
1222:
1220:
1219:
1214:
1212:
1211:
1210:
1209:
1192:
1191:
1176:
1175:
1174:
1173:
1156:
1155:
1143:
1142:
1102:
1100:
1099:
1094:
1092:
1091:
1090:
1089:
1072:
1071:
1059:
1058:
1034:
1033:
1032:
1031:
1014:
1013:
1001:
1000:
976:
975:
947:
945:
944:
939:
937:
936:
935:
934:
917:
916:
895:
894:
860:
858:
857:
852:
850:
849:
804:
802:
801:
796:
794:
793:
777:
775:
774:
769:
767:
766:
747:
745:
744:
739:
737:
736:
735:
734:
717:
716:
701:
700:
699:
698:
681:
680:
637:
635:
634:
629:
627:
626:
604:
602:
601:
596:
594:
593:
592:
591:
574:
573:
549:
548:
547:
546:
529:
528:
516:
515:
503:
502:
459:
457:
456:
451:
449:
448:
426:
424:
423:
418:
416:
415:
414:
413:
396:
395:
383:
382:
333:
331:
330:
325:
323:
322:
281:
279:
278:
273:
271:
270:
245:
243:
242:
237:
235:
234:
218:
216:
215:
210:
208:
207:
189:
187:
186:
181:
179:
178:
153:
151:
150:
145:
143:
142:
79:
72:
68:
65:
59:
54:this article by
45:inline citations
24:
23:
16:
1415:
1414:
1410:
1409:
1408:
1406:
1405:
1404:
1380:
1379:
1378:
1377:
1306:
1282:Schneier, Bruce
1277:
1265:Paul Syverson.
1264:
1257:
1253:
1231:
1202:
1198:
1197:
1193:
1187:
1183:
1166:
1162:
1161:
1157:
1151:
1147:
1135:
1131:
1108:
1105:
1104:
1103:
1082:
1078:
1077:
1073:
1067:
1063:
1051:
1047:
1024:
1020:
1019:
1015:
1009:
1005:
993:
989:
971:
967:
953:
950:
949:
948:
927:
923:
922:
918:
912:
908:
890:
886:
866:
863:
862:
861:
845:
841:
821:
818:
817:
812:
789:
785:
783:
780:
779:
762:
758:
756:
753:
752:
727:
723:
722:
718:
712:
708:
691:
687:
686:
682:
673:
669:
646:
643:
642:
619:
615:
613:
610:
609:
584:
580:
579:
575:
566:
562:
539:
535:
534:
530:
524:
520:
511:
507:
495:
491:
468:
465:
464:
441:
437:
435:
432:
431:
406:
402:
401:
397:
391:
387:
378:
374:
345:
342:
341:
318:
314:
294:
291:
290:
263:
259:
257:
254:
253:
230:
226:
224:
221:
220:
203:
199:
197:
194:
193:
171:
167:
165:
162:
161:
135:
131:
129:
126:
125:
108:
80:
69:
63:
60:
49:
35:related reading
25:
21:
12:
11:
5:
1413:
1403:
1402:
1397:
1392:
1376:
1375:
1368:
1361:
1353:
1350:
1349:
1336:
1325:
1324:
1317:
1310:
1304:
1276:
1275:
1254:
1252:
1249:
1248:
1247:
1242:
1237:
1230:
1227:
1208:
1205:
1201:
1196:
1190:
1186:
1182:
1179:
1172:
1169:
1165:
1160:
1154:
1150:
1146:
1141:
1138:
1134:
1130:
1127:
1124:
1121:
1118:
1115:
1112:
1088:
1085:
1081:
1076:
1070:
1066:
1062:
1057:
1054:
1050:
1046:
1043:
1040:
1037:
1030:
1027:
1023:
1018:
1012:
1008:
1004:
999:
996:
992:
988:
985:
982:
979:
974:
970:
966:
963:
960:
957:
933:
930:
926:
921:
915:
911:
907:
904:
901:
898:
893:
889:
885:
882:
879:
876:
873:
870:
848:
844:
840:
837:
834:
831:
828:
825:
811:
808:
807:
806:
792:
788:
765:
761:
733:
730:
726:
721:
715:
711:
707:
704:
697:
694:
690:
685:
679:
676:
672:
668:
665:
662:
659:
656:
653:
650:
640:
639:
625:
622:
618:
590:
587:
583:
578:
572:
569:
565:
561:
558:
555:
552:
545:
542:
538:
533:
527:
523:
519:
514:
510:
506:
501:
498:
494:
490:
487:
484:
481:
478:
475:
472:
462:
461:
447:
444:
440:
412:
409:
405:
400:
394:
390:
386:
381:
377:
373:
370:
367:
364:
361:
358:
355:
352:
349:
339:
338:
321:
317:
313:
310:
307:
304:
301:
298:
288:
287:
269:
266:
262:
251:
233:
229:
206:
202:
191:
177:
174:
170:
159:
141:
138:
134:
123:
107:
104:
82:
81:
39:external links
28:
26:
19:
9:
6:
4:
3:
2:
1412:
1401:
1398:
1396:
1393:
1391:
1388:
1387:
1385:
1374:
1369:
1367:
1362:
1360:
1355:
1354:
1348:
1346:
1342:
1337:
1334:
1330:
1329:
1322:
1318:
1315:
1311:
1307:
1305:0-471-12845-7
1301:
1297:
1293:
1289:
1288:
1283:
1279:
1278:
1272:
1268:
1262:
1260:
1255:
1246:
1243:
1241:
1238:
1236:
1233:
1232:
1226:
1223:
1206:
1203:
1199:
1188:
1184:
1177:
1170:
1167:
1163:
1152:
1148:
1144:
1139:
1136:
1132:
1128:
1125:
1119:
1116:
1110:
1086:
1083:
1079:
1068:
1064:
1060:
1055:
1052:
1048:
1044:
1041:
1035:
1028:
1025:
1021:
1010:
1006:
1002:
997:
994:
990:
986:
983:
977:
972:
968:
964:
961:
955:
931:
928:
924:
913:
909:
905:
902:
896:
891:
887:
883:
880:
877:
874:
868:
846:
842:
838:
835:
832:
829:
823:
815:
790:
786:
763:
759:
750:
749:
748:
731:
728:
724:
713:
709:
702:
695:
692:
688:
677:
674:
670:
666:
663:
657:
654:
648:
623:
620:
616:
607:
606:
605:
588:
585:
581:
570:
567:
563:
559:
556:
550:
543:
540:
536:
525:
521:
517:
512:
508:
504:
499:
496:
492:
488:
485:
479:
476:
470:
445:
442:
438:
429:
428:
427:
410:
407:
403:
392:
388:
384:
379:
375:
371:
368:
362:
359:
356:
353:
347:
336:
335:
334:
319:
315:
311:
308:
305:
302:
296:
285:
267:
264:
260:
252:
249:
231:
227:
204:
200:
192:
175:
172:
168:
160:
157:
156:symmetric key
139:
136:
132:
124:
121:
120:
119:
117:
113:
103:
101:
97:
93:
88:
78:
75:
67:
57:
53:
47:
46:
40:
36:
32:
27:
18:
17:
1345:expanding it
1338:
1286:
1270:
1224:
816:
813:
641:
463:
340:
289:
109:
86:
85:
70:
61:
50:Please help
42:
1294:. pp.
810:BAN-Yahalom
284:session key
56:introducing
1384:Categories
1251:References
1114:→
959:→
872:→
827:→
652:→
474:→
351:→
300:→
64:June 2013
1284:(1996).
1229:See also
87:Yahalom
52:improve
1302:
248:nonces
1298:–58.
1269:. In
154:is a
112:Alice
37:, or
1341:stub
1300:ISBN
246:are
219:and
110:If
1386::
1296:57
1290:.
1258:^
118::
102:.
41:,
33:,
1372:e
1365:t
1358:v
1347:.
1308:.
1207:B
1204:A
1200:K
1195:}
1189:B
1185:N
1181:{
1178:,
1171:S
1168:B
1164:K
1159:}
1153:B
1149:N
1145:,
1140:B
1137:A
1133:K
1129:,
1126:A
1123:{
1120::
1117:B
1111:A
1087:S
1084:B
1080:K
1075:}
1069:B
1065:N
1061:,
1056:B
1053:A
1049:K
1045:,
1042:A
1039:{
1036:,
1029:S
1026:A
1022:K
1017:}
1011:A
1007:N
1003:,
998:B
995:A
991:K
987:,
984:B
981:{
978:,
973:B
969:N
965::
962:A
956:S
932:S
929:B
925:K
920:}
914:A
910:N
906:,
903:A
900:{
897:,
892:B
888:N
884:,
881:B
878::
875:S
869:B
847:A
843:N
839:,
836:A
833::
830:B
824:A
791:B
787:N
764:A
760:N
732:B
729:A
725:K
720:}
714:B
710:N
706:{
703:,
696:S
693:B
689:K
684:}
678:B
675:A
671:K
667:,
664:A
661:{
658::
655:B
649:A
624:B
621:A
617:K
589:S
586:B
582:K
577:}
571:B
568:A
564:K
560:,
557:A
554:{
551:,
544:S
541:A
537:K
532:}
526:B
522:N
518:,
513:A
509:N
505:,
500:B
497:A
493:K
489:,
486:B
483:{
480::
477:A
471:S
460:.
446:S
443:B
439:K
411:S
408:B
404:K
399:}
393:B
389:N
385:,
380:A
376:N
372:,
369:A
366:{
363:,
360:B
357::
354:S
348:B
320:A
316:N
312:,
309:A
306::
303:B
297:A
268:B
265:A
261:K
232:B
228:N
205:A
201:N
176:S
173:B
169:K
140:S
137:A
133:K
77:)
71:(
66:)
62:(
48:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.