Introduction
In this blog, we will learn about the NeedhamSchroeder Scheme. The NeedhamSchroeder scheme is used to share keys between channels. To manage different cryptographic keys, we have various schemes and protocols. Managing one such session key is the NeedhamSchroeder Scheme.
In this blog, we will get brief details about this scheme.
NeedhamSchroeder Scheme
In 1978, the first session key distribution scheme was proposed, known as the NeedhamSchroeder scheme SKDS. This scheme is mainly proposed for authentication purposes and to share a session key between two callers.
The NeedhamSchroeder scheme is differentiated into two types:

The NeedhamSchroeder symmetric key protocol
This protocol is based on symmetric algorithm encryption and provides confidentiality for communication between two users.

The NeedhamSchroeder public key protocol
This protocol is based on public key cryptography and provides mutual authentication for communication.
For further understanding of the NeedhamSchroeder scheme, let's look at the diagram and a real case scenario.
Alice and Bob are two users who want to have a conversation between themselves.
To start the conversation, Alice asked the trusted authority, referred to as (TA) to generate a session key for her. The trusted authority is responsible for session key distribution between two communicating members. The TA generates the session key and distributes it to Alice and bob for authentication.

In the first session, Alice sends the message and nonce to the TA and asks them for the session key to start the conversation with Bob. At this time, Bob is unaware of any such session between TA and Alice.

TA generates a secret key for Alice and Bob. In the following flow, TA generates an encrypted session key and, with a nonce, sent to Alice, ensuring that the message is replying to the session he has asked for.

In the third flow, Alice sends this session key to Bob. Bob decrypts this by using the secret key generated between Bob and TA.
In the first three processes, the session key distribution occurs to ensure that the message is given to the proper authority.

In the fourth process, Bob recovers the session key and sends the nonce using the session key.

Alice confirms to Bob that she possesses the session key in the fifth session. This process is called key distribution, and Alice generates a new message.
The session has a drawback if any third person gets interrupted in the first three sessions, he can easily get the session key and disrupt the session between Alice and Bob. If Bob sends any message for decryption, the third person can decrypt that and confirm him as Alice.
In the distribution of the session key in the first three sessions to overcome and confirm that the session key is created at the instance, the use of the timestamp is included.
The below workflow representation gives more details about the NeedhamSchroeder protocol:
The description of how the message is sent is discussed below:

Alice chose a random number (NA). Alice's Identifier(IDA), Bob's Identifier(IDB), and NA are sent by Alice to TA.
IDA NA IDB

TA chooses a random session key, K, and it computes Alice's message. A ticket to bob is created in the second session. tBob = eKBob (K  IDA(Alice))

The TA creates a session key and a ticket for bob.
y1 = eKAlice(NA  IDB(Bob)  K  tBob).
The tBob in the y1 represents that the session is created for Bob.
This y1 message is sent to Alice.

Alice decrypts this y1 using his key, KA (Alice's secret key) and obtains K(Session Key) and tBob. Alice will send this tBOb to Bob.

In the next session, to obtain K, Bob decrypts tBob using his key, KB(Bob's secret key). To compute y2, Bob chooses a random number (NB) and sends y2 to Alice.
y2=eK(NB)
 To obtain NB, Alice decrypts y2. She uses the session key K. Alice computes y3 to send it to Bob.
y3 = eK(NB âˆ’ 1)