Denning–Sacco (protocol)

From Bauman National Library
This page was last modified on 8 June 2016, at 14:21.
Revision as of 14:21, 8 June 2016 by sergey perfilev (Talk | contribs) (Attack on the Needham-Schroeder protocol)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Denning–Sacco is a modified version of the Needham-Schroeder protocol with timestamps to fix the freshness flaw. It is used in Kerberos infrastructure [1].

Background

Attack on the Needham-Schroeder protocol

Needham-Schroeder protocol is vulnerable to replay attacks[2]. If an attacker uses old compromised value , it can resend the Message 4 to a third party, which will take him, without being able to check a key date.

Fixing an attack

This vulnerability has been fixed in the modification of the protocol by replacing nonces with timestamps[3].

The Protocol

Description

This protocol is used for a mutual authentication and shard secret key generation for establishing a secure connection with the use of trusted third party. Later on this protocol became a base for a range of symmetric authentication protocols, in particular Kerberos.

Setup

The protocol is used by two users and and a trusted party (Key Generator Center), which has shared symmetric keys with users ( and respectively).

Work

  1. sends a plaintext information about the requested connection to the trusted party: his ID, 's ID and a timestamp :
  2. generates a session key and forms a package for , which contains the timestamp , calculated by , 's IS, session key and a package for : a session key and 's ID, encrypted with . encrypt the whole package with a key, shared between him and and sends it to :
  3. decrypts the package and checks and 's ID. This makes impossible for malefactor to spoof or impersonate , by changing the recepient ID in 's first message. Then resends to his part of the package:
  4. Having decrypted the message, discovers the session key and interlocutor's ID. After that the checking happens: calculates a timestamp and sends it, encrypted with a session key, to :
  5. decrypts a message and sends to the confirmation of the successful session establishment: , decreased by 1 and encrypted with the session key:

References

  1. http://www.slashroot.in/needham-schroeder-protocol-explained
  2. Gavin Lowe. A family of attacks upon authentication protocols. Technical Report 1997/5, Department of Mathematics and Computer Science, University of Leicester, 1997
  3. Denning-Sacco shared key. Dorothy E. Denning and Giovanni Maria Sacco 1981