Yahalom is an authentication and secure key-sharing protocol designed for use on an insecure network such as the Internet. Yahalom uses a trusted arbitrator to distribute a shared key between two people. This protocol can be considered as an improved version of Wide Mouth Frog protocol (with additional protection against man-in-the-middle attack), but less secure than the Needham–Schroeder protocol.
If Alice (A) initiates the communication to Bob (B) with S is a server trusted by both parties, the protocol can be specified as follows using security protocol notation:
KAS
KBS
NA
NB
KAB
A → B:A,NA
Alice sends a message to Bob requesting communication.
B → S:B,\{A,NA,NB\}
KBS |
Bob sends a message to the Server encrypted under
KBS
S → A:\{B,KAB,NA,NB\}
KAS |
,\{A,KAB
\} | |
KBS |
The Server sends to Alice a message containing the generated session key
KAB
A → B:\{A,KAB
\} | |
KBS |
,\{NB\}
KAB |
Alice forwards the message to Bob and verifies
NA
NB
Burrows�, Abadi� and Needham proposed a variant of this protocol in their 1989 paper as follows:[1]
A → B:A,NA
B → S:B,NB,\{A,NA\}
KBS |
S → A:NB,\{B,KAB,NA\}
KAS |
,\{A,KAB,NB\}
KBS |
A → B:\{A,KAB,NB\}
KBS |
,\{NB\}
KAB |
In 1994, Paul Syverson demonstrated two attacks on this protocol.[1]
. Bruce Schneier . Applied Cryptography . . 1996 . 57–58 . 0-471-12845-7.