1820:
1854:
1830:
47:(KDC) to negotiate between the parties. Both symmetric-key and public-key variants have been described. However, the protocols suffer from various security flaws, and in part have been described as being inefficient compared to alternative authentication protocols.
883:
1132:
1271:
542:
654:
751:
1619:
1335:
1368:
276:
171:
119:
1395:
378:
325:
220:
43:
and Thomas Woo. The protocols enable two communicating parties to authenticate each other's identity and to exchange session keys, and involve the use of a trusted
87:
453:
1625:
424:
402:
349:
296:
244:
191:
139:
1776:
1397:
is unique only among nonces generated by A and not by other parties. The protocol was revised after the authors themselves spotted a flaw in the algorithm.
1686:
1675:
1637:
1582:
1891:
1511:
1483:
1764:
1643:
1910:
1715:
759:
891:
1788:
1770:
1915:
1794:
1631:
1411:
1699:
1140:
1575:
470:
1920:
550:
1884:
1833:
1681:
662:
1416:
1823:
1660:
1568:
1279:
44:
1721:
1536:
328:
1877:
1732:
1710:
1541:
1406:
223:
1607:
1475:
1507:
1479:
381:
1861:
1546:
1467:
1448:
1343:
251:
146:
94:
1373:
356:
303:
198:
1613:
66:
1527:
Thomas Y.C. Woo; Simon S. Lam (January 1992). "Authentication for
Distributed Systems".
431:
1758:
1742:
1591:
409:
387:
334:
281:
229:
176:
124:
36:
1904:
1468:
17:
40:
28:
1737:
1727:
1853:
1504:
Cryptography and
Network Security Principles and Practices, Fourth Edition
1705:
1692:
1800:
1782:
1753:
1550:
1452:
1370:
omitted from lines 5 and 6, which did not account for the fact that
1748:
1560:
1670:
1649:
1564:
1439:
T.Y.C. Woo; S.S. Lam (March 1992). "Authentication
Revisited".
878:{\displaystyle 4)B\rightarrow KDC:ID_{B}||ID_{A}||E_{KU_{KDC}}}
1127:{\displaystyle 5)KDC\rightarrow B:S_{KR_{KDC}}||E_{KU_{B}}]}
459:
It is assumed that all parties know the KDC's public key.
60:
The following notation is used to describe the algorithm:
1340:
The original version of the protocol had the identifier
1865:
1376:
1346:
1282:
1143:
894:
762:
665:
553:
473:
434:
412:
390:
359:
337:
306:
284:
254:
232:
201:
179:
149:
127:
97:
69:
1659:
1598:
1266:{\displaystyle 6)B\rightarrow A:E_{KU_{A}}||N_{B}]}
1470:Protocols for authentication and key establishment
1389:
1362:
1329:
1265:
1126:
877:
745:
648:
536:
447:
418:
396:
372:
343:
319:
290:
270:
238:
214:
185:
165:
133:
113:
81:
537:{\displaystyle 1)A\rightarrow KDC:ID_{A}||ID_{B}}
649:{\displaystyle 2)KDC\rightarrow A:S_{KR_{KDC}}}
1885:
1626:Java Authentication and Authorization Service
1576:
8:
1777:Protected Extensible Authentication Protocol
1687:Challenge-Handshake Authentication Protocol
1497:
1495:
1434:
1432:
746:{\displaystyle 3)A\rightarrow B:E_{KU_{B}}}
1892:
1878:
1583:
1569:
1561:
1540:
1381:
1375:
1354:
1345:
1318:
1305:
1281:
1254:
1245:
1240:
1229:
1224:
1218:
1197:
1189:
1174:
1166:
1142:
1112:
1100:
1095:
1089:
1077:
1072:
1064:
1059:
1053:
1032:
1024:
1009:
1001:
992:
987:
978:
966:
961:
955:
931:
923:
893:
866:
845:
837:
828:
823:
817:
805:
800:
794:
761:
734:
722:
717:
711:
696:
688:
664:
637:
625:
620:
614:
590:
582:
552:
528:
516:
511:
505:
472:
440:
435:
433:
411:
389:
364:
358:
336:
311:
305:
283:
262:
253:
231:
206:
200:
178:
157:
148:
126:
105:
96:
68:
1638:Simple Authentication and Security Layer
1860:This cryptography-related article is a
1428:
426:- random session key chosen by the KDC.
1330:{\displaystyle 7)A\rightarrow B:E_{K}}
7:
1850:
1848:
1829:
1765:Password-authenticated key agreement
1644:Security Support Provider Interface
1466:Colin Boyd; Anish Mathuria (2003).
35:refers to various computer network
1864:. You can help Knowledge (XXG) by
1783:Remote Access Dial In User Service
1716:Extensible Authentication Protocol
25:
1852:
1828:
1819:
1818:
1789:Resource Access Control Facility
1771:Password Authentication Protocol
1676:Authentication and Key Agreement
1632:Pluggable Authentication Modules
1795:Secure Remote Password protocol
1700:Central Authentication Service
1506:. Prentice Hall. p. 387.
1324:
1311:
1292:
1286:
1260:
1246:
1241:
1237:
1230:
1225:
1211:
1182:
1153:
1147:
1121:
1118:
1101:
1096:
1078:
1073:
1065:
1060:
1046:
1017:
993:
988:
984:
967:
962:
945:
910:
898:
872:
859:
829:
824:
806:
801:
772:
766:
740:
723:
718:
704:
675:
669:
643:
626:
621:
604:
569:
557:
517:
512:
483:
477:
441:
436:
1:
1620:Generic Security Services API
1650:XCert Universal Database API
1502:Stallings, William (2005).
1937:
1847:
1412:Needham–Schroeder protocol
1911:Computer network security
1814:
1682:CAVE-based authentication
278:- unique identifier of
45:key distribution center
1916:Authentication methods
1722:Host Identity Protocol
1391:
1364:
1363:{\displaystyle ID_{A}}
1331:
1267:
1128:
879:
747:
650:
538:
449:
420:
398:
374:
345:
321:
292:
272:
271:{\displaystyle ID_{x}}
240:
216:
187:
167:
166:{\displaystyle KR_{x}}
135:
115:
114:{\displaystyle KU_{x}}
83:
39:protocols designed by
1392:
1390:{\displaystyle N_{A}}
1365:
1332:
1268:
1129:
880:
748:
651:
539:
450:
421:
399:
375:
373:{\displaystyle S_{k}}
346:
329:public-key encryption
322:
320:{\displaystyle E_{k}}
293:
273:
241:
217:
215:{\displaystyle N_{x}}
188:
168:
136:
121:- public key of node
116:
84:
18:Woo Lam 92 (protocol)
1474:. Springer. p.
1374:
1344:
1280:
1141:
892:
760:
663:
551:
471:
432:
410:
388:
357:
335:
304:
282:
252:
230:
199:
177:
147:
125:
95:
67:
1417:Otway–Rees protocol
82:{\displaystyle A,B}
51:Public-key protocol
1921:Cryptography stubs
1608:BSD Authentication
1387:
1360:
1327:
1263:
1124:
875:
743:
646:
534:
448:{\displaystyle ||}
445:
416:
394:
370:
341:
317:
288:
268:
236:
212:
183:
163:
131:
111:
79:
1873:
1872:
1842:
1841:
1513:978-0-13-187316-2
1485:978-3-540-43107-7
419:{\displaystyle K}
397:{\displaystyle k}
382:digital signature
344:{\displaystyle k}
291:{\displaystyle x}
239:{\displaystyle x}
186:{\displaystyle x}
173:- private key of
134:{\displaystyle x}
16:(Redirected from
1928:
1894:
1887:
1880:
1856:
1849:
1832:
1831:
1822:
1821:
1585:
1578:
1571:
1562:
1555:
1554:
1551:10.1109/2.108052
1544:
1524:
1518:
1517:
1499:
1490:
1489:
1473:
1463:
1457:
1456:
1453:10.1109/2.121502
1436:
1396:
1394:
1393:
1388:
1386:
1385:
1369:
1367:
1366:
1361:
1359:
1358:
1336:
1334:
1333:
1328:
1323:
1322:
1310:
1309:
1272:
1270:
1269:
1264:
1259:
1258:
1249:
1244:
1233:
1228:
1223:
1222:
1210:
1209:
1208:
1207:
1181:
1180:
1179:
1178:
1133:
1131:
1130:
1125:
1117:
1116:
1104:
1099:
1094:
1093:
1081:
1076:
1068:
1063:
1058:
1057:
1045:
1044:
1043:
1042:
1016:
1015:
1014:
1013:
996:
991:
983:
982:
970:
965:
960:
959:
944:
943:
942:
941:
884:
882:
881:
876:
871:
870:
858:
857:
856:
855:
832:
827:
822:
821:
809:
804:
799:
798:
752:
750:
749:
744:
739:
738:
726:
721:
716:
715:
703:
702:
701:
700:
655:
653:
652:
647:
642:
641:
629:
624:
619:
618:
603:
602:
601:
600:
543:
541:
540:
535:
533:
532:
520:
515:
510:
509:
463:Message exchange
455:- concatenation.
454:
452:
451:
446:
444:
439:
425:
423:
422:
417:
403:
401:
400:
395:
379:
377:
376:
371:
369:
368:
350:
348:
347:
342:
326:
324:
323:
318:
316:
315:
297:
295:
294:
289:
277:
275:
274:
269:
267:
266:
245:
243:
242:
237:
221:
219:
218:
213:
211:
210:
192:
190:
189:
184:
172:
170:
169:
164:
162:
161:
140:
138:
137:
132:
120:
118:
117:
112:
110:
109:
89:- network nodes.
88:
86:
85:
80:
21:
1936:
1935:
1931:
1930:
1929:
1927:
1926:
1925:
1901:
1900:
1899:
1898:
1845:
1843:
1838:
1810:
1662:
1655:
1614:eAuthentication
1600:
1594:
1589:
1559:
1558:
1526:
1525:
1521:
1514:
1501:
1500:
1493:
1486:
1465:
1464:
1460:
1438:
1437:
1430:
1425:
1403:
1377:
1372:
1371:
1350:
1342:
1341:
1314:
1301:
1278:
1277:
1250:
1214:
1193:
1185:
1170:
1162:
1139:
1138:
1108:
1085:
1049:
1028:
1020:
1005:
997:
974:
951:
927:
919:
890:
889:
862:
841:
833:
813:
790:
758:
757:
730:
707:
692:
684:
661:
660:
633:
610:
586:
578:
549:
548:
524:
501:
469:
468:
465:
430:
429:
408:
407:
386:
385:
360:
355:
354:
333:
332:
307:
302:
301:
280:
279:
258:
250:
249:
228:
227:
202:
197:
196:
175:
174:
153:
145:
144:
123:
122:
101:
93:
92:
65:
64:
58:
53:
23:
22:
15:
12:
11:
5:
1934:
1932:
1924:
1923:
1918:
1913:
1903:
1902:
1897:
1896:
1889:
1882:
1874:
1871:
1870:
1857:
1840:
1839:
1837:
1836:
1826:
1815:
1812:
1811:
1809:
1808:
1803:
1798:
1792:
1786:
1780:
1774:
1768:
1762:
1759:OpenID Connect
1756:
1751:
1746:
1743:NT LAN Manager
1740:
1735:
1730:
1725:
1719:
1713:
1708:
1703:
1697:
1696:
1695:
1684:
1679:
1673:
1667:
1665:
1661:Authentication
1657:
1656:
1654:
1653:
1647:
1641:
1635:
1629:
1623:
1617:
1611:
1604:
1602:
1599:Authentication
1596:
1595:
1592:Authentication
1590:
1588:
1587:
1580:
1573:
1565:
1557:
1556:
1542:10.1.1.38.9374
1519:
1512:
1491:
1484:
1458:
1427:
1426:
1424:
1421:
1420:
1419:
1414:
1409:
1402:
1399:
1384:
1380:
1357:
1353:
1349:
1338:
1337:
1326:
1321:
1317:
1313:
1308:
1304:
1300:
1297:
1294:
1291:
1288:
1285:
1274:
1273:
1262:
1257:
1253:
1248:
1243:
1239:
1236:
1232:
1227:
1221:
1217:
1213:
1206:
1203:
1200:
1196:
1192:
1188:
1184:
1177:
1173:
1169:
1165:
1161:
1158:
1155:
1152:
1149:
1146:
1135:
1134:
1123:
1120:
1115:
1111:
1107:
1103:
1098:
1092:
1088:
1084:
1080:
1075:
1071:
1067:
1062:
1056:
1052:
1048:
1041:
1038:
1035:
1031:
1027:
1023:
1019:
1012:
1008:
1004:
1000:
995:
990:
986:
981:
977:
973:
969:
964:
958:
954:
950:
947:
940:
937:
934:
930:
926:
922:
918:
915:
912:
909:
906:
903:
900:
897:
886:
885:
874:
869:
865:
861:
854:
851:
848:
844:
840:
836:
831:
826:
820:
816:
812:
808:
803:
797:
793:
789:
786:
783:
780:
777:
774:
771:
768:
765:
754:
753:
742:
737:
733:
729:
725:
720:
714:
710:
706:
699:
695:
691:
687:
683:
680:
677:
674:
671:
668:
657:
656:
645:
640:
636:
632:
628:
623:
617:
613:
609:
606:
599:
596:
593:
589:
585:
581:
577:
574:
571:
568:
565:
562:
559:
556:
545:
544:
531:
527:
523:
519:
514:
508:
504:
500:
497:
494:
491:
488:
485:
482:
479:
476:
464:
461:
457:
456:
443:
438:
427:
415:
405:
393:
367:
363:
352:
340:
314:
310:
299:
287:
265:
261:
257:
247:
235:
209:
205:
194:
182:
160:
156:
152:
142:
130:
108:
104:
100:
90:
78:
75:
72:
57:
54:
52:
49:
37:authentication
24:
14:
13:
10:
9:
6:
4:
3:
2:
1933:
1922:
1919:
1917:
1914:
1912:
1909:
1908:
1906:
1895:
1890:
1888:
1883:
1881:
1876:
1875:
1869:
1867:
1863:
1858:
1855:
1851:
1846:
1835:
1827:
1825:
1817:
1816:
1813:
1807:
1804:
1802:
1799:
1796:
1793:
1790:
1787:
1784:
1781:
1778:
1775:
1772:
1769:
1766:
1763:
1760:
1757:
1755:
1752:
1750:
1747:
1744:
1741:
1739:
1736:
1734:
1731:
1729:
1726:
1723:
1720:
1717:
1714:
1712:
1709:
1707:
1704:
1701:
1698:
1694:
1691:
1690:
1688:
1685:
1683:
1680:
1677:
1674:
1672:
1669:
1668:
1666:
1664:
1658:
1651:
1648:
1645:
1642:
1639:
1636:
1633:
1630:
1627:
1624:
1621:
1618:
1615:
1612:
1609:
1606:
1605:
1603:
1597:
1593:
1586:
1581:
1579:
1574:
1572:
1567:
1566:
1563:
1552:
1548:
1543:
1538:
1534:
1530:
1523:
1520:
1515:
1509:
1505:
1498:
1496:
1492:
1487:
1481:
1477:
1472:
1471:
1462:
1459:
1454:
1450:
1446:
1442:
1435:
1433:
1429:
1422:
1418:
1415:
1413:
1410:
1408:
1405:
1404:
1400:
1398:
1382:
1378:
1355:
1351:
1347:
1319:
1315:
1306:
1302:
1298:
1295:
1289:
1283:
1276:
1275:
1255:
1251:
1234:
1219:
1215:
1204:
1201:
1198:
1194:
1190:
1186:
1175:
1171:
1167:
1163:
1159:
1156:
1150:
1144:
1137:
1136:
1113:
1109:
1105:
1090:
1086:
1082:
1069:
1054:
1050:
1039:
1036:
1033:
1029:
1025:
1021:
1010:
1006:
1002:
998:
979:
975:
971:
956:
952:
948:
938:
935:
932:
928:
924:
920:
916:
913:
907:
904:
901:
895:
888:
887:
867:
863:
852:
849:
846:
842:
838:
834:
818:
814:
810:
795:
791:
787:
784:
781:
778:
775:
769:
763:
756:
755:
735:
731:
727:
712:
708:
697:
693:
689:
685:
681:
678:
672:
666:
659:
658:
638:
634:
630:
615:
611:
607:
597:
594:
591:
587:
583:
579:
575:
572:
566:
563:
560:
554:
547:
546:
529:
525:
521:
506:
502:
498:
495:
492:
489:
486:
480:
474:
467:
466:
462:
460:
428:
413:
406:
391:
383:
365:
361:
353:
338:
330:
312:
308:
300:
285:
263:
259:
255:
248:
233:
225:
207:
203:
195:
180:
158:
154:
150:
143:
128:
106:
102:
98:
91:
76:
73:
70:
63:
62:
61:
55:
50:
48:
46:
42:
38:
34:
30:
19:
1866:expanding it
1859:
1844:
1805:
1535:(1): 39–52.
1532:
1528:
1522:
1503:
1469:
1461:
1444:
1440:
1339:
458:
59:
41:Simon S. Lam
32:
29:cryptography
26:
1738:LAN Manager
1905:Categories
1610:(BSD Auth)
1423:References
384:using key
331:using key
226:chosen by
1767:protocols
1728:IndieAuth
1663:protocols
1537:CiteSeerX
1447:(3): 10.
1293:→
1154:→
911:→
773:→
676:→
570:→
484:→
1824:Category
1785:(RADIUS)
1733:Kerberos
1711:Diameter
1706:CRAM-MD5
1622:(GSSAPI)
1529:Computer
1478:and 99.
1441:Computer
1407:Kerberos
1401:See also
56:Notation
1834:Commons
1806:Woo–Lam
1693:MS-CHAP
1689:(CHAP)
1616:(eAuth)
33:Woo–Lam
1801:TACACS
1791:(RACF)
1779:(PEAP)
1761:(OIDC)
1754:OpenID
1745:(NTLM)
1652:(XUDA)
1646:(SSPI)
1640:(SASL)
1628:(JAAS)
1539:
1510:
1482:
1797:(SRP)
1773:(PAP)
1749:OAuth
1724:(HIP)
1718:(EAP)
1702:(CAS)
1678:(AKA)
1634:(PAM)
224:nonce
1862:stub
1671:ACF2
1601:APIs
1508:ISBN
1480:ISBN
1547:doi
1449:doi
27:In
1907::
1545:.
1533:25
1531:.
1494:^
1476:78
1445:25
1443:.
1431:^
380:-
327:-
222:-
31:,
1893:e
1886:t
1879:v
1868:.
1584:e
1577:t
1570:v
1553:.
1549::
1516:.
1488:.
1455:.
1451::
1383:A
1379:N
1356:A
1352:D
1348:I
1325:]
1320:B
1316:N
1312:[
1307:K
1303:E
1299::
1296:B
1290:A
1287:)
1284:7
1261:]
1256:B
1252:N
1247:|
1242:|
1238:]
1235:K
1231:|
1226:|
1220:A
1216:N
1212:[
1205:C
1202:D
1199:K
1195:R
1191:K
1187:S
1183:[
1176:A
1172:U
1168:K
1164:E
1160::
1157:A
1151:B
1148:)
1145:6
1122:]
1119:]
1114:A
1110:D
1106:I
1102:|
1097:|
1091:B
1087:D
1083:I
1079:|
1074:|
1070:K
1066:|
1061:|
1055:A
1051:N
1047:[
1040:C
1037:D
1034:K
1030:R
1026:K
1022:S
1018:[
1011:B
1007:U
1003:K
999:E
994:|
989:|
985:]
980:A
976:U
972:K
968:|
963:|
957:A
953:D
949:I
946:[
939:C
936:D
933:K
929:R
925:K
921:S
917::
914:B
908:C
905:D
902:K
899:)
896:5
873:]
868:A
864:N
860:[
853:C
850:D
847:K
843:U
839:K
835:E
830:|
825:|
819:A
815:D
811:I
807:|
802:|
796:B
792:D
788:I
785::
782:C
779:D
776:K
770:B
767:)
764:4
741:]
736:A
732:D
728:I
724:|
719:|
713:A
709:N
705:[
698:B
694:U
690:K
686:E
682::
679:B
673:A
670:)
667:3
644:]
639:B
635:U
631:K
627:|
622:|
616:B
612:D
608:I
605:[
598:C
595:D
592:K
588:R
584:K
580:S
576::
573:A
567:C
564:D
561:K
558:)
555:2
530:B
526:D
522:I
518:|
513:|
507:A
503:D
499:I
496::
493:C
490:D
487:K
481:A
478:)
475:1
442:|
437:|
414:K
404:.
392:k
366:k
362:S
351:.
339:k
313:k
309:E
298:.
286:x
264:x
260:D
256:I
246:.
234:x
208:x
204:N
193:.
181:x
159:x
155:R
151:K
141:.
129:x
107:x
103:U
99:K
77:B
74:,
71:A
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.