Needham-Schroeder

Needham-Schroeder is a computer network authentication protocol designed for use on insecure networks (the Internet for example), invented by Needham and Schroeder. It allows individuals communicating over a network to prove their identity to each other while also preventing evesdropping or replay attacks, and provides for detection of modification and the prevention of unauthorized reading.

The protocol can be specified as follows in security protocol notation, where Alice is authenticating herself to Bob using a server S:

A tells the server they they want to communicate with B.

S generates and sends a copy encrypted under for A to forward to B and also a copy for A. Including the nonce assures A that the message is fresh.

A forwards the key to B.

B sends A a nonce encrypted under to show that they have the key.

A performs a simple operation on the nonce re-encrypts it and sends it back verifying that they are still alive and that they hold the key.

This protocol is no longer considered secure as B does not know if the key is fresh. If someone obtains an old key they can perform a replay attack and convince B that the key they hold is As current key.

See also: Kerberos, Otway-Rees, Wide Mouth Frog.