Woo–Lam
In cryptography, Woo–Lam refers to various computer network authentication protocols designed by Simon S. Lam and Thomas Woo.[1][2] The protocols enable two communicating parties to authenticate each other's identity and to exchange session keys, and involve the use of a trusted key distribution center (KDC) to negotiate between the parties. Both symmetric-key and public-key variants have been described. However, the protocols suffer from various security flaws, and in part have been described as being inefficient compared to alternative authentication protocols.[3]
Public-key protocol
Notation
The following notation is used to describe the algorithm:
- - network nodes.
- - public key of node .
- - private key of .
- - nonce chosen by .
- - unique identifier of .
- - public-key encryption using key .
- - digital signature using key .
- - random session key chosen by the KDC.
- - concatenation.
It is assumed that all parties know the KDC's public key.
Message exchange
The original version of the protocol[4] had the identifier omitted from lines 5 and 6, which did not account for the fact that is unique only among nonces generated by A and not by other parties. The protocol was revised after the authors themselves spotted a flaw in the algorithm.[1][3]
See also
References
- ^ a b T.Y.C. Woo; S.S. Lam (March 1992). "Authentication Revisited". Computer. 25 (3): 10. doi:10.1109/2.121502.
- ^ Colin Boyd; Anish Mathuria (2003). Protocols for authentication and key establishment. Springer. p. 78 and 99. ISBN 978-3-540-43107-7.
- ^ a b Stallings, William (2005). Cryptography and Network Security Principles and Practices, Fourth Edition. Prentice Hall. p. 387. ISBN 978-0-13-187316-2.
- ^ Thomas Y.C. Woo; Simon S. Lam (January 1992). "Authentication for Distributed Systems". Computer. 25 (1): 39–52. CiteSeerX 10.1.1.38.9374. doi:10.1109/2.108052.
- v
- t
- e
APIs
- BSD Authentication (BSD Auth)
- eAuthentication (eAuth)
- Generic Security Services API (GSSAPI)
- Java Authentication and Authorization Service (JAAS)
- Pluggable Authentication Modules (PAM)
- Simple Authentication and Security Layer (SASL)
- Security Support Provider Interface (SSPI)
- XCert Universal Database API (XUDA)
protocols
- ACF2
- Authentication and Key Agreement (AKA)
- CAVE-based authentication
- Challenge-Handshake Authentication Protocol (CHAP)
- Central Authentication Service (CAS)
- CRAM-MD5
- Diameter
- Extensible Authentication Protocol (EAP)
- Host Identity Protocol (HIP)
- IndieAuth
- Kerberos
- LAN Manager
- NT LAN Manager (NTLM)
- OAuth
- OpenID
- OpenID Connect (OIDC)
- Password-authenticated key agreement protocols
- Password Authentication Protocol (PAP)
- Protected Extensible Authentication Protocol (PEAP)
- Remote Access Dial In User Service (RADIUS)
- Resource Access Control Facility (RACF)
- Secure Remote Password protocol (SRP)
- TACACS
- Woo–Lam
- Category
- Commons
This cryptography-related article is a stub. You can help Wikipedia by expanding it. |
- v
- t
- e