Code360 powered by Coding Ninjas X Naukri.com. Code360 powered by Coding Ninjas X Naukri.com
Table of contents
1.
Introduction 
2.
Needham-Schroeder Scheme
3.
Validating Checks
4.
Frequently Asked Questions
4.1.
When was Needham-Schroeder Scheme proposed?
4.2.
What does the Needham-Schroeder Scheme state?
4.3.
In how many types the Needham Schroeder scheme can be differentiated?
4.4.
Why is validating checks necessary in the Needham Schroeder scheme?
4.5.
What are the problems associated with the Needham Schroeder scheme?
5.
Conclusions
Last Updated: Mar 27, 2024

The Needham-Schroeder Scheme

Author Gunjan Batra
0 upvote
Master Python: Predicting weather forecasts
Speaker
Ashwin Goyal
Product Manager @

Introduction 

In this blog, we will learn about the Needham-Schroeder Scheme. The Needham-Schroeder scheme is used to share keys between channels. To manage different cryptographic keys, we have various schemes and protocols. Managing one such session key is the Needham-Schroeder Scheme. 

The Needham-Schroeder Scheme

In this blog, we will get brief details about this scheme. 

Needham-Schroeder Scheme

In 1978, the first session key distribution scheme was proposed, known as the Needham-Schroeder scheme SKDS. This scheme is mainly proposed for authentication purposes and to share a session key between two callers. 

The Needham-Schroeder scheme is differentiated into two types:

  • The Needham-Schroeder symmetric key protocol
    This protocol is based on symmetric algorithm encryption and provides confidentiality for communication between two users.
     
  • The Needham-Schroeder public key protocol
    This protocol is based on public key cryptography and provides mutual authentication for communication.
     

For further understanding of the Needham-Schroeder scheme, let's look at the diagram and a real case scenario.

Alice and Bob

Alice and Bob are two users who want to have a conversation between themselves.

To start the conversation, Alice asked the trusted authority, referred to as (TA) to generate a session key for her. The trusted authority is responsible for session key distribution between two communicating members. The TA generates the session key and distributes it to Alice and bob for authentication. 

  • In the first session, Alice sends the message and nonce to the TA and asks them for the session key to start the conversation with Bob. At this time, Bob is unaware of any such session between TA and Alice.
     
  • TA generates a secret key for Alice and Bob. In the following flow, TA generates an encrypted session key and, with a nonce, sent to Alice, ensuring that the message is replying to the session he has asked for.  
     
  • In the third flow, Alice sends this session key to Bob. Bob decrypts this by using the secret key generated between Bob and TA. 
     

In the first three processes, the session key distribution occurs to ensure that the message is given to the proper authority.
 

  • In the fourth process, Bob recovers the session key and sends the nonce using the session key.
     
  • Alice confirms to Bob that she possesses the session key in the fifth session. This process is called key distribution, and Alice generates a new message.
     

The session has a drawback if any third person gets interrupted in the first three sessions, he can easily get the session key and disrupt the session between Alice and Bob. If Bob sends any message for decryption, the third person can decrypt that and confirm him as Alice. 

In the distribution of the session key in the first three sessions to overcome and confirm that the session key is created at the instance, the use of the timestamp is included.

The below workflow representation gives more details about the Needham-Schroeder protocol:

Workflow


The description of how the message is sent is discussed below:

  1. Alice chose a random number (NA). Alice's Identifier(IDA), Bob's Identifier(IDB), and NA are sent by Alice to TA.
    IDA| NA| IDB  
     
  2. TA chooses a random session key, K, and it computes Alice's message. A ticket to bob is created in the second session.   tBob = eKBob (K || IDA(Alice))                
                                                                                                                                              
  3. The TA creates a session key and a ticket for bob.
     y1 = eKAlice(NA || IDB(Bob) || K || tBob).
    The tBob in the y1 represents that the session is created for Bob.
    This y1 message is sent to Alice.
     
  4. Alice decrypts this y1 using his key, KA (Alice's secret key) and obtains K(Session Key) and tBob. Alice will send this tBOb to Bob. 
     
  5. In the next session, to obtain K, Bob decrypts tBob using his key, KB(Bob's secret key). To compute y2, Bob chooses a random number (NB) and sends y2 to Alice. 
            y2=eK(NB)
     
  6. To obtain NB, Alice decrypts y2. She uses the session key K. Alice computes y3 to send it to Bob.

y3 = eK(NB − 1)

Get the tech career you deserve, faster!
Connect with our expert counsellors to understand how to hack your way to success
User rating 4.7/5
1:1 doubt support
95% placement record
Akash Pal
Senior Software Engineer
326% Hike After Job Bootcamp
Himanshu Gusain
Programmer Analyst
32 LPA After Job Bootcamp
After Job
Bootcamp

Validating Checks

There are validating checks for validating the message and codes sent by Needham-Schroeder SKDS. These validating checks are kept to ensure that the format of the message and the message sent is correct. This is done by following some validating checks. 

Validating Checks
  1. To decrypt the message and y1 sent by TA to Alice and see that the plaintext has the following form. 

       dKAlice(y1) = NA || IDB(Bob) || K || tBob

If the condition above is true, Alice "áccepts"; otherwise, Alice "rejects" and discards the session. 

2.  To decrypt the message y3 and check the plain text sent by Alice, Bob performs the below check.  

       dK(y3) = NB − 1.

If the above conditions are held, Bob "accepts" or else "rejects."

Frequently Asked Questions

When was Needham-Schroeder Scheme proposed?

Needham-Schroeder Scheme was proposed in 1978. 

What does the Needham-Schroeder Scheme state?

The Needham-Schroeder scheme was proposed for authentication purposes and to share a session key between two callers. 

In how many types the Needham Schroeder scheme can be differentiated?

The Needham Schroeder scheme can be differentiated into two types. The first is the Needham-Schroeder symmetric key protocol which uses symmetric encryption and provides confidentiality for communication between two users. The second is the Needham-Schroeder public key protocol based on public key cryptography, which provides mutual authentication for communication.

Why is validating checks necessary in the Needham Schroeder scheme?

It is crucial to perform validating checks in the Needham Schroeder Scheme. These validating checks are kept to ensure that the format of the message and the message sent is correct. This is done by following some validating checks. 

What are the problems associated with the Needham Schroeder scheme?

The problem associated with the Needham Schroeder scheme is the replay attack. An external source can get the details about the session key and convey the message to Bob without Bob knowing whether the ticket generated is new or old or whether Alice sends the message that he receives. 

Conclusions

In this blog, we have thoroughly discussed the Needham-Schroeder scheme. We have seen how the authentication process and the validating checks are performed to verify authenticity.

To learn more about cryptography, please refer blogs:

Algebraic Attack on a Filter Generator in Cryptography

Signing and Encrypting in Cryptography

Introduction to Identification or Entity Authentication

Refer to our guided paths on Coding Ninjas Studio to learn more about DSA, Competitive Programming, JavaScript, System Design, etc. Enrol in our coursesrefer to the mock test and problems look at the interview experiences and interview bundle for placement preparations.

Happy Coding!

Previous article
Key Predistribution in Sensor Networks
Next article
The Denning Sacco Attack on the NS Scheme
Live masterclass