Verification of the NeedhamSchroeder PublicKey Authentication Protocol - PowerPoint PPT Presentation

1 / 10
About This Presentation
Title:

Verification of the NeedhamSchroeder PublicKey Authentication Protocol

Description:

She sends a message encrypted by Bob's public key containing her name and a ... Alice then returns Bob's nonce encrypted with Bob's public key. ... – PowerPoint PPT presentation

Number of Views:207
Avg rating:3.0/5.0
Slides: 11
Provided by: jenschrg
Category:

less

Transcript and Presenter's Notes

Title: Verification of the NeedhamSchroeder PublicKey Authentication Protocol


1
Verification of the Needham-Schroeder
Public-Key Authentication Protocol
  • Jens Chr. Godskesen

2
The Needham-Schroeder Public-Key Protocol

Alice (A) wants to authenticate herself to Bob
(B). She sends a message encrypted by Bobs
public key containing her name and a randomly
chosen nonce.
3
The Needham-Schroeder Public-Key Protocol

Bob decrypts the message from Alice (using the
private key only he has). He returns the nonce
from Alice together with a new random nonce. Both
encrypted using Alices public key.
4
The Needham-Schroeder Public-Key Protocol

Alice is now assured she is talking with Bob
since only he could decrypt and obtain her nonce.
Alice then returns Bobs nonce encrypted with
Bobs public key.
Likewise, Bob is assured that he is now talking
to Alice since only she could decrypt and obtain
his nonce.
5
The Needham-Schroeder Public-Key Protocol
In total the Needham-Schroeder protocol consists
(essentially) of these three steps
But, is the protocol correct?
6
The Attack
Suppose a malicious entruder Malice (M)

Alice is talking to Malice alright, but Bob is
deceived to belive that he is talking to Alice.
7
The History
  • The protocol was published by Needham and
    Schroeder in 1978
  • It was erroneously proven correct by Burrows,
    Abadi, and Needham in 1989
  • In 1995, 17 years after it was published, Lowe
    show the protocol to be faulty.
  • In 1996 Lowe used Model Checking to automatically
    prove the incorrectness of the protocol.

8
Model Checking
Model checking is to show automatically (using a
software tool) that a model of a system, say a
protocol, satisfies a certain property j, e.g.
that

Where j defines that
must in a protocol run always preceed
9
The Modified Needham-Schroeder Public-Key
Protocol
A correct version of the protocol can be optained
by adding the name of Bob in the second step
A checks upon reception of the message from B
that the identity of B is actually part of the
encrypted message.
10
The No-Attack

The message from B cannot be decrypted (and hence
altered) by M. But if M forwards it to A the
protocol rules have not been followed and the
fraud will be detected.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Verification of the NeedhamSchroeder PublicKey Authentication Protocol" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!