Woo–Lam
In cryptography, Woo–Lam refers to various computer network authentication protocols designed by Simon S. Lam and Thomas Woo.[1][2] The protocols enable two communicating parties to authenticate each other's identity and to exchange session keys, and involve the use of a trusted key distribution center (KDC) to negotiate between the parties. Both symmetric-key and public-key variants have been described. However, the protocols suffer from various security flaws, and in part have been described as being inefficient compared to alternative authentication protocols.[3]
Public-key protocol
Notation
The following notation is used to describe the algorithm:
- network nodes.
- public key of node
.
- private key of
.
- nonce chosen by
.
- unique identifier of
.
- public-key encryption using key
.
- digital signature using key
.
- random session key chosen by the KDC.
- concatenation.
It is assumed that all parties know the KDC's public key.
Message exchange
The original version of the protocol[4] had the identifier omitted from lines 5 and 6, which did not account for the fact that
is unique only among nonces generated by A and not by other parties. The protocol was revised after the authors themselves spotted a flaw in the algorithm.[1][3]
See also
References
<templatestyles src="Asbox/styles.css"></templatestyles>