Woo–Lam

In cryptography, Woo–Lam refers to various computer network authentication protocols designed by Simon S. Lam and Thomas Woo.^[1][2] The protocols enable two communicating parties to authenticate each other's identity and to exchange session keys, and involve the use of a trusted key distribution center (KDC) to negotiate between the parties. Both symmetric-key and public-key variants have been described. However, the protocols suffer from various security flaws, and in part have been described as being inefficient compared to alternative authentication protocols.^[3]

The following notation is used to describe the algorithm:

${\displaystyle A,B}$ - network nodes.

${\displaystyle K{U}_x}$ - public key of node ${\displaystyle x}$.

${\displaystyle K{R}_x}$ - private key of ${\displaystyle x}$.

${\displaystyle N_x}$ - nonce chosen by ${\displaystyle x}$.

${\displaystyle I{D}_x}$ - unique identifier of ${\displaystyle x}$.

${\displaystyle E_k}$ - public-key encryption using key ${\displaystyle k}$.

${\displaystyle S_k}$ - digital signature using key ${\displaystyle k}$.

${\displaystyle K}$ - random session key chosen by the KDC.

${\displaystyle ||}$ - concatenation.

It is assumed that all parties know the KDC's public key.

${\displaystyle 1)A\to KDC:I{D}_A||I{D}_B}$

${\displaystyle 2)KDC\to A:S_{K{R}_{KDC}}[I{D}_B||K{U}_B]}$

${\displaystyle 3)A\to B:E_{K{U}_B}[N_A||I{D}_A]}$

${\displaystyle 4)B\to KDC:I{D}_B||I{D}_A||E_{K{U}_{KDC}}[N_A]}$

${\displaystyle 5)KDC\to B:S_{K{R}_{KDC}}[I{D}_A||K{U}_A]||E_{K{U}_B}[S_{K{R}_{KDC}}[N_A||K||I{D}_B||I{D}_A]]}$

${\displaystyle 6)B\to A:E_{K{U}_A}[S_{K{R}_{KDC}}[N_A||K]||N_B]}$

${\displaystyle 7)A\to B:E_K[N_B]}$

The original version of the protocol^[4] had the identifier ${\displaystyle I{D}_A}$ omitted from lines 5 and 6, which did not account for the fact that ${\displaystyle N_A}$ is unique only among nonces generated by A and not by other parties. The protocol was revised after the authors themselves spotted a flaw in the algorithm.^[1][3]

• Kerberos
• Needham–Schroeder protocol
• Otway–Rees protocol

Template:Reflist

Template:Authentication APIs

Template:Crypto-stub