1809:
1843:
1819:
36:(KDC) to negotiate between the parties. Both symmetric-key and public-key variants have been described. However, the protocols suffer from various security flaws, and in part have been described as being inefficient compared to alternative authentication protocols.
872:
1121:
1260:
531:
643:
740:
1608:
1324:
1357:
265:
160:
108:
1384:
367:
314:
209:
32:
and Thomas Woo. The protocols enable two communicating parties to authenticate each other's identity and to exchange session keys, and involve the use of a trusted
76:
442:
1614:
413:
391:
338:
285:
233:
180:
128:
1765:
1386:
is unique only among nonces generated by A and not by other parties. The protocol was revised after the authors themselves spotted a flaw in the algorithm.
1675:
1664:
1626:
1571:
1880:
1500:
1472:
1753:
1632:
1899:
1704:
748:
880:
1777:
1759:
1904:
1783:
1620:
1400:
1688:
1129:
1564:
459:
1909:
539:
1873:
1822:
1670:
651:
1405:
1812:
1649:
1557:
1268:
33:
1710:
1525:
317:
1866:
1721:
1699:
1530:
1395:
212:
1596:
1464:
1496:
1468:
370:
1850:
1535:
1456:
1437:
1332:
240:
135:
83:
1362:
345:
292:
187:
1602:
55:
1516:
Thomas Y.C. Woo; Simon S. Lam (January 1992). "Authentication for
Distributed Systems".
420:
1747:
1731:
1580:
398:
376:
323:
270:
218:
165:
113:
25:
1893:
1457:
29:
17:
1726:
1716:
1842:
1493:
Cryptography and
Network Security Principles and Practices, Fourth Edition
1694:
1681:
1789:
1771:
1742:
1539:
1441:
1359:
omitted from lines 5 and 6, which did not account for the fact that
1737:
1549:
1659:
1638:
1553:
1428:
T.Y.C. Woo; S.S. Lam (March 1992). "Authentication
Revisited".
867:{\displaystyle 4)B\rightarrow KDC:ID_{B}||ID_{A}||E_{KU_{KDC}}}
1116:{\displaystyle 5)KDC\rightarrow B:S_{KR_{KDC}}||E_{KU_{B}}]}
448:
It is assumed that all parties know the KDC's public key.
49:
The following notation is used to describe the algorithm:
1329:
The original version of the protocol had the identifier
1854:
1365:
1335:
1271:
1132:
883:
751:
654:
542:
462:
423:
401:
379:
348:
326:
295:
273:
243:
221:
190:
168:
138:
116:
86:
58:
1648:
1587:
1255:{\displaystyle 6)B\rightarrow A:E_{KU_{A}}||N_{B}]}
1459:Protocols for authentication and key establishment
1378:
1351:
1318:
1254:
1115:
866:
734:
637:
525:
436:
407:
385:
361:
332:
308:
279:
259:
227:
203:
174:
154:
122:
102:
70:
526:{\displaystyle 1)A\rightarrow KDC:ID_{A}||ID_{B}}
638:{\displaystyle 2)KDC\rightarrow A:S_{KR_{KDC}}}
1874:
1615:Java Authentication and Authorization Service
1565:
8:
1766:Protected Extensible Authentication Protocol
1676:Challenge-Handshake Authentication Protocol
1486:
1484:
1423:
1421:
735:{\displaystyle 3)A\rightarrow B:E_{KU_{B}}}
1881:
1867:
1572:
1558:
1550:
1529:
1370:
1364:
1343:
1334:
1307:
1294:
1270:
1243:
1234:
1229:
1218:
1213:
1207:
1186:
1178:
1163:
1155:
1131:
1101:
1089:
1084:
1078:
1066:
1061:
1053:
1048:
1042:
1021:
1013:
998:
990:
981:
976:
967:
955:
950:
944:
920:
912:
882:
855:
834:
826:
817:
812:
806:
794:
789:
783:
750:
723:
711:
706:
700:
685:
677:
653:
626:
614:
609:
603:
579:
571:
541:
517:
505:
500:
494:
461:
429:
424:
422:
400:
378:
353:
347:
325:
300:
294:
272:
251:
242:
220:
195:
189:
167:
146:
137:
115:
94:
85:
57:
1627:Simple Authentication and Security Layer
1849:This cryptography-related article is a
1417:
415:- random session key chosen by the KDC.
1319:{\displaystyle 7)A\rightarrow B:E_{K}}
7:
1839:
1837:
1818:
1754:Password-authenticated key agreement
1633:Security Support Provider Interface
1455:Colin Boyd; Anish Mathuria (2003).
24:refers to various computer network
1853:. You can help Knowledge (XXG) by
1772:Remote Access Dial In User Service
1705:Extensible Authentication Protocol
14:
1841:
1817:
1808:
1807:
1778:Resource Access Control Facility
1760:Password Authentication Protocol
1665:Authentication and Key Agreement
1621:Pluggable Authentication Modules
1784:Secure Remote Password protocol
1689:Central Authentication Service
1495:. Prentice Hall. p. 387.
1313:
1300:
1281:
1275:
1249:
1235:
1230:
1226:
1219:
1214:
1200:
1171:
1142:
1136:
1110:
1107:
1090:
1085:
1067:
1062:
1054:
1049:
1035:
1006:
982:
977:
973:
956:
951:
934:
899:
887:
861:
848:
818:
813:
795:
790:
761:
755:
729:
712:
707:
693:
664:
658:
632:
615:
610:
593:
558:
546:
506:
501:
472:
466:
430:
425:
1:
1609:Generic Security Services API
1639:XCert Universal Database API
1491:Stallings, William (2005).
1926:
1836:
1401:Needham–Schroeder protocol
1900:Computer network security
1803:
1671:CAVE-based authentication
267:- unique identifier of
34:key distribution center
1905:Authentication methods
1711:Host Identity Protocol
1380:
1353:
1352:{\displaystyle ID_{A}}
1320:
1256:
1117:
868:
736:
639:
527:
438:
409:
387:
363:
334:
310:
281:
261:
260:{\displaystyle ID_{x}}
229:
205:
176:
156:
155:{\displaystyle KR_{x}}
124:
104:
103:{\displaystyle KU_{x}}
72:
28:protocols designed by
1381:
1379:{\displaystyle N_{A}}
1354:
1321:
1257:
1118:
869:
737:
640:
528:
439:
410:
388:
364:
362:{\displaystyle S_{k}}
335:
318:public-key encryption
311:
309:{\displaystyle E_{k}}
282:
262:
230:
206:
204:{\displaystyle N_{x}}
177:
157:
125:
110:- public key of node
105:
73:
1463:. Springer. p.
1363:
1333:
1269:
1130:
881:
749:
652:
540:
460:
421:
399:
377:
346:
324:
293:
271:
241:
219:
188:
166:
136:
114:
84:
56:
1406:Otway–Rees protocol
71:{\displaystyle A,B}
40:Public-key protocol
1910:Cryptography stubs
1597:BSD Authentication
1376:
1349:
1316:
1252:
1113:
864:
732:
635:
523:
437:{\displaystyle ||}
434:
405:
383:
359:
330:
306:
277:
257:
225:
201:
172:
152:
120:
100:
68:
1862:
1861:
1831:
1830:
1502:978-0-13-187316-2
1474:978-3-540-43107-7
408:{\displaystyle K}
386:{\displaystyle k}
371:digital signature
333:{\displaystyle k}
280:{\displaystyle x}
228:{\displaystyle x}
175:{\displaystyle x}
162:- private key of
123:{\displaystyle x}
1917:
1883:
1876:
1869:
1845:
1838:
1821:
1820:
1811:
1810:
1574:
1567:
1560:
1551:
1544:
1543:
1540:10.1109/2.108052
1533:
1513:
1507:
1506:
1488:
1479:
1478:
1462:
1452:
1446:
1445:
1442:10.1109/2.121502
1425:
1385:
1383:
1382:
1377:
1375:
1374:
1358:
1356:
1355:
1350:
1348:
1347:
1325:
1323:
1322:
1317:
1312:
1311:
1299:
1298:
1261:
1259:
1258:
1253:
1248:
1247:
1238:
1233:
1222:
1217:
1212:
1211:
1199:
1198:
1197:
1196:
1170:
1169:
1168:
1167:
1122:
1120:
1119:
1114:
1106:
1105:
1093:
1088:
1083:
1082:
1070:
1065:
1057:
1052:
1047:
1046:
1034:
1033:
1032:
1031:
1005:
1004:
1003:
1002:
985:
980:
972:
971:
959:
954:
949:
948:
933:
932:
931:
930:
873:
871:
870:
865:
860:
859:
847:
846:
845:
844:
821:
816:
811:
810:
798:
793:
788:
787:
741:
739:
738:
733:
728:
727:
715:
710:
705:
704:
692:
691:
690:
689:
644:
642:
641:
636:
631:
630:
618:
613:
608:
607:
592:
591:
590:
589:
532:
530:
529:
524:
522:
521:
509:
504:
499:
498:
452:Message exchange
444:- concatenation.
443:
441:
440:
435:
433:
428:
414:
412:
411:
406:
392:
390:
389:
384:
368:
366:
365:
360:
358:
357:
339:
337:
336:
331:
315:
313:
312:
307:
305:
304:
286:
284:
283:
278:
266:
264:
263:
258:
256:
255:
234:
232:
231:
226:
210:
208:
207:
202:
200:
199:
181:
179:
178:
173:
161:
159:
158:
153:
151:
150:
129:
127:
126:
121:
109:
107:
106:
101:
99:
98:
78:- network nodes.
77:
75:
74:
69:
1925:
1924:
1920:
1919:
1918:
1916:
1915:
1914:
1890:
1889:
1888:
1887:
1834:
1832:
1827:
1799:
1651:
1644:
1603:eAuthentication
1589:
1583:
1578:
1548:
1547:
1515:
1514:
1510:
1503:
1490:
1489:
1482:
1475:
1454:
1453:
1449:
1427:
1426:
1419:
1414:
1392:
1366:
1361:
1360:
1339:
1331:
1330:
1303:
1290:
1267:
1266:
1239:
1203:
1182:
1174:
1159:
1151:
1128:
1127:
1097:
1074:
1038:
1017:
1009:
994:
986:
963:
940:
916:
908:
879:
878:
851:
830:
822:
802:
779:
747:
746:
719:
696:
681:
673:
650:
649:
622:
599:
575:
567:
538:
537:
513:
490:
458:
457:
454:
419:
418:
397:
396:
375:
374:
349:
344:
343:
322:
321:
296:
291:
290:
269:
268:
247:
239:
238:
217:
216:
191:
186:
185:
164:
163:
142:
134:
133:
112:
111:
90:
82:
81:
54:
53:
47:
42:
12:
11:
5:
1923:
1921:
1913:
1912:
1907:
1902:
1892:
1891:
1886:
1885:
1878:
1871:
1863:
1860:
1859:
1846:
1829:
1828:
1826:
1825:
1815:
1804:
1801:
1800:
1798:
1797:
1792:
1787:
1781:
1775:
1769:
1763:
1757:
1751:
1748:OpenID Connect
1745:
1740:
1735:
1732:NT LAN Manager
1729:
1724:
1719:
1714:
1708:
1702:
1697:
1692:
1686:
1685:
1684:
1673:
1668:
1662:
1656:
1654:
1650:Authentication
1646:
1645:
1643:
1642:
1636:
1630:
1624:
1618:
1612:
1606:
1600:
1593:
1591:
1588:Authentication
1585:
1584:
1581:Authentication
1579:
1577:
1576:
1569:
1562:
1554:
1546:
1545:
1531:10.1.1.38.9374
1508:
1501:
1480:
1473:
1447:
1416:
1415:
1413:
1410:
1409:
1408:
1403:
1398:
1391:
1388:
1373:
1369:
1346:
1342:
1338:
1327:
1326:
1315:
1310:
1306:
1302:
1297:
1293:
1289:
1286:
1283:
1280:
1277:
1274:
1263:
1262:
1251:
1246:
1242:
1237:
1232:
1228:
1225:
1221:
1216:
1210:
1206:
1202:
1195:
1192:
1189:
1185:
1181:
1177:
1173:
1166:
1162:
1158:
1154:
1150:
1147:
1144:
1141:
1138:
1135:
1124:
1123:
1112:
1109:
1104:
1100:
1096:
1092:
1087:
1081:
1077:
1073:
1069:
1064:
1060:
1056:
1051:
1045:
1041:
1037:
1030:
1027:
1024:
1020:
1016:
1012:
1008:
1001:
997:
993:
989:
984:
979:
975:
970:
966:
962:
958:
953:
947:
943:
939:
936:
929:
926:
923:
919:
915:
911:
907:
904:
901:
898:
895:
892:
889:
886:
875:
874:
863:
858:
854:
850:
843:
840:
837:
833:
829:
825:
820:
815:
809:
805:
801:
797:
792:
786:
782:
778:
775:
772:
769:
766:
763:
760:
757:
754:
743:
742:
731:
726:
722:
718:
714:
709:
703:
699:
695:
688:
684:
680:
676:
672:
669:
666:
663:
660:
657:
646:
645:
634:
629:
625:
621:
617:
612:
606:
602:
598:
595:
588:
585:
582:
578:
574:
570:
566:
563:
560:
557:
554:
551:
548:
545:
534:
533:
520:
516:
512:
508:
503:
497:
493:
489:
486:
483:
480:
477:
474:
471:
468:
465:
453:
450:
446:
445:
432:
427:
416:
404:
394:
382:
356:
352:
341:
329:
303:
299:
288:
276:
254:
250:
246:
236:
224:
198:
194:
183:
171:
149:
145:
141:
131:
119:
97:
93:
89:
79:
67:
64:
61:
46:
43:
41:
38:
26:authentication
13:
10:
9:
6:
4:
3:
2:
1922:
1911:
1908:
1906:
1903:
1901:
1898:
1897:
1895:
1884:
1879:
1877:
1872:
1870:
1865:
1864:
1858:
1856:
1852:
1847:
1844:
1840:
1835:
1824:
1816:
1814:
1806:
1805:
1802:
1796:
1793:
1791:
1788:
1785:
1782:
1779:
1776:
1773:
1770:
1767:
1764:
1761:
1758:
1755:
1752:
1749:
1746:
1744:
1741:
1739:
1736:
1733:
1730:
1728:
1725:
1723:
1720:
1718:
1715:
1712:
1709:
1706:
1703:
1701:
1698:
1696:
1693:
1690:
1687:
1683:
1680:
1679:
1677:
1674:
1672:
1669:
1666:
1663:
1661:
1658:
1657:
1655:
1653:
1647:
1640:
1637:
1634:
1631:
1628:
1625:
1622:
1619:
1616:
1613:
1610:
1607:
1604:
1601:
1598:
1595:
1594:
1592:
1586:
1582:
1575:
1570:
1568:
1563:
1561:
1556:
1555:
1552:
1541:
1537:
1532:
1527:
1523:
1519:
1512:
1509:
1504:
1498:
1494:
1487:
1485:
1481:
1476:
1470:
1466:
1461:
1460:
1451:
1448:
1443:
1439:
1435:
1431:
1424:
1422:
1418:
1411:
1407:
1404:
1402:
1399:
1397:
1394:
1393:
1389:
1387:
1371:
1367:
1344:
1340:
1336:
1308:
1304:
1295:
1291:
1287:
1284:
1278:
1272:
1265:
1264:
1244:
1240:
1223:
1208:
1204:
1193:
1190:
1187:
1183:
1179:
1175:
1164:
1160:
1156:
1152:
1148:
1145:
1139:
1133:
1126:
1125:
1102:
1098:
1094:
1079:
1075:
1071:
1058:
1043:
1039:
1028:
1025:
1022:
1018:
1014:
1010:
999:
995:
991:
987:
968:
964:
960:
945:
941:
937:
927:
924:
921:
917:
913:
909:
905:
902:
896:
893:
890:
884:
877:
876:
856:
852:
841:
838:
835:
831:
827:
823:
807:
803:
799:
784:
780:
776:
773:
770:
767:
764:
758:
752:
745:
744:
724:
720:
716:
701:
697:
686:
682:
678:
674:
670:
667:
661:
655:
648:
647:
627:
623:
619:
604:
600:
596:
586:
583:
580:
576:
572:
568:
564:
561:
555:
552:
549:
543:
536:
535:
518:
514:
510:
495:
491:
487:
484:
481:
478:
475:
469:
463:
456:
455:
451:
449:
417:
402:
395:
380:
372:
354:
350:
342:
327:
319:
301:
297:
289:
274:
252:
248:
244:
237:
222:
214:
196:
192:
184:
169:
147:
143:
139:
132:
117:
95:
91:
87:
80:
65:
62:
59:
52:
51:
50:
44:
39:
37:
35:
31:
27:
23:
19:
1855:expanding it
1848:
1833:
1794:
1524:(1): 39–52.
1521:
1517:
1511:
1492:
1458:
1450:
1433:
1429:
1328:
447:
48:
30:Simon S. Lam
21:
18:cryptography
15:
1727:LAN Manager
1894:Categories
1599:(BSD Auth)
1412:References
373:using key
320:using key
215:chosen by
1756:protocols
1717:IndieAuth
1652:protocols
1526:CiteSeerX
1436:(3): 10.
1282:→
1143:→
900:→
762:→
665:→
559:→
473:→
1813:Category
1774:(RADIUS)
1722:Kerberos
1700:Diameter
1695:CRAM-MD5
1611:(GSSAPI)
1518:Computer
1467:and 99.
1430:Computer
1396:Kerberos
1390:See also
45:Notation
1823:Commons
1795:Woo–Lam
1682:MS-CHAP
1678:(CHAP)
1605:(eAuth)
22:Woo–Lam
1790:TACACS
1780:(RACF)
1768:(PEAP)
1750:(OIDC)
1743:OpenID
1734:(NTLM)
1641:(XUDA)
1635:(SSPI)
1629:(SASL)
1617:(JAAS)
1528:
1499:
1471:
1786:(SRP)
1762:(PAP)
1738:OAuth
1713:(HIP)
1707:(EAP)
1691:(CAS)
1667:(AKA)
1623:(PAM)
213:nonce
1851:stub
1660:ACF2
1590:APIs
1497:ISBN
1469:ISBN
1536:doi
1438:doi
16:In
1896::
1534:.
1522:25
1520:.
1483:^
1465:78
1434:25
1432:.
1420:^
369:-
316:-
211:-
20:,
1882:e
1875:t
1868:v
1857:.
1573:e
1566:t
1559:v
1542:.
1538::
1505:.
1477:.
1444:.
1440::
1372:A
1368:N
1345:A
1341:D
1337:I
1314:]
1309:B
1305:N
1301:[
1296:K
1292:E
1288::
1285:B
1279:A
1276:)
1273:7
1250:]
1245:B
1241:N
1236:|
1231:|
1227:]
1224:K
1220:|
1215:|
1209:A
1205:N
1201:[
1194:C
1191:D
1188:K
1184:R
1180:K
1176:S
1172:[
1165:A
1161:U
1157:K
1153:E
1149::
1146:A
1140:B
1137:)
1134:6
1111:]
1108:]
1103:A
1099:D
1095:I
1091:|
1086:|
1080:B
1076:D
1072:I
1068:|
1063:|
1059:K
1055:|
1050:|
1044:A
1040:N
1036:[
1029:C
1026:D
1023:K
1019:R
1015:K
1011:S
1007:[
1000:B
996:U
992:K
988:E
983:|
978:|
974:]
969:A
965:U
961:K
957:|
952:|
946:A
942:D
938:I
935:[
928:C
925:D
922:K
918:R
914:K
910:S
906::
903:B
897:C
894:D
891:K
888:)
885:5
862:]
857:A
853:N
849:[
842:C
839:D
836:K
832:U
828:K
824:E
819:|
814:|
808:A
804:D
800:I
796:|
791:|
785:B
781:D
777:I
774::
771:C
768:D
765:K
759:B
756:)
753:4
730:]
725:A
721:D
717:I
713:|
708:|
702:A
698:N
694:[
687:B
683:U
679:K
675:E
671::
668:B
662:A
659:)
656:3
633:]
628:B
624:U
620:K
616:|
611:|
605:B
601:D
597:I
594:[
587:C
584:D
581:K
577:R
573:K
569:S
565::
562:A
556:C
553:D
550:K
547:)
544:2
519:B
515:D
511:I
507:|
502:|
496:A
492:D
488:I
485::
482:C
479:D
476:K
470:A
467:)
464:1
431:|
426:|
403:K
393:.
381:k
355:k
351:S
340:.
328:k
302:k
298:E
287:.
275:x
253:x
249:D
245:I
235:.
223:x
197:x
193:N
182:.
170:x
148:x
144:R
140:K
130:.
118:x
96:x
92:U
88:K
66:B
63:,
60:A
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.