Neuman–Stubblebine protocol

Last updated April 27, 2019

The Neuman–Stubblebine protocol is a computer network authentication protocol designed for use on insecure networks (e.g., the Internet). It allows individuals communicating over such a network to prove their identity to each other. This protocol utilizes time stamps, but does not depend on synchronized clocks.

A computer network is a digital telecommunications network which allows nodes to share resources. In computer networks, computing devices exchange data with each other using connections between nodes. These data links are established over cable media such as wires or optic cables, or wireless media such as Wi-Fi.

Authentication act of confirming the truth of an attribute of a datum or entity

Authentication is the act of confirming the truth of an attribute of a single piece of data claimed true by an entity. In contrast with identification, which refers to the act of stating or otherwise indicating a claim purportedly attesting to a person or thing's identity, authentication is the process of actually confirming that identity. It might involve confirming the identity of a person by validating their identity documents, verifying the authenticity of a website with a digital certificate, determining the age of an artifact by carbon dating, or ensuring that a product is what its packaging and labeling claim to be. In other words, authentication often involves verifying the validity of at least one form of identification.

The Internet is the global system of interconnected computer networks that use the Internet protocol suite (TCP/IP) to link devices worldwide. It is a network of networks that consists of private, public, academic, business, and government networks of local to global scope, linked by a broad array of electronic, wireless, and optical networking technologies. The Internet carries a vast range of information resources and services, such as the inter-linked hypertext documents and applications of the World Wide Web (WWW), electronic mail, telephony, and file sharing. Some publications no longer capitalize "internet".

The protocol

If Alice (A) initiates the communication to Bob (B) with S is a server trusted by both parties, the protocol can be specified as follows using security protocol notation:

Alice and Bob are fictional characters commonly used as placeholder names in cryptology, as well as science and engineering literature. The Alice and Bob characters were invented by Ron Rivest, Adi Shamir, and Leonard Adleman in their 1978 paper "A method for obtaining digital signatures and public-key cryptosystems." Subsequently, they have become common archetypes in many scientific and engineering fields, such as quantum cryptography, game theory and physics. As the use of Alice and Bob became more popular, additional characters were added, each with a particular meaning. These characters do not have to refer to humans; they refer to generic agents which might be different computers or even different programs running on a single computer.

In cryptography, security (engineering) protocol notation, also known as protocol narrations and Alice & Bob notation, is a way of expressing a protocol of correspondence between entities of a dynamic system, such as a computer network. In the context of a formal model, it allows reasoning about the properties of such a system.

A and B are identities of Alice and Bob respectively
M is a session identifier
$K_{AS}$ is a symmetric key known only to A and S
$K_{BS}$ is a symmetric key known only to B and S
$N_{A}$ and $N_{B}$ are nonces generated by A and B respectively
$T_{A}$ and $T_{B}$ are timestamps generated by A and B respectively
$K_{AB}$ is a generated symmetric key, which will be the session key of the session between A and B

Cryptographic nonce arbitrary number used only once in a cryptographic communication

In cryptography, a nonce is an arbitrary number that can be used just once in a cryptographic communication. It is similar in spirit to a nonce word, hence the name. It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in replay attacks. They can also be useful as initialization vectors and in cryptographic hash functions.

Timestamp sequence of characters or encoded information identifying when a certain event occurred

A timestamp is a sequence of characters or encoded information identifying when a certain event occurred, usually giving date and time of day, sometimes accurate to a small fraction of a second. The term derives from rubber stamps used in offices to stamp the current date, and sometimes time, in ink on paper documents, to record when the document was received. Common examples of this type of timestamp are a postmark on a letter or the "in" and "out" times on a time card.

A session key is a single-use symmetric key used for encrypting all messages in one communication session. A closely related term is content encryption key (CEK), traffic encryption key (TEK), or multicast key which refers to any key used to encrypt messages, as opposed to other uses, like encrypting other keys.

$A\rightarrow B:A,N_{A}$

Alice notified Bob of intent to initiate secure communication.

$B\rightarrow S:B,N_{B},\{A,N_{A},T_{B}\}_{K_{BS}}$

Bob generates a times stamp and a nonce, and sends this to the trusted Server.

$S\rightarrow A:\{B,N_{A},K_{AB},T_{B}\}_{K_{AS}},\{A,K_{AB},T_{B}\}_{K_{BS}},N_{B}$

The trusted Server generates a session key and a message for Alice to forward to Bob.

A\rightarrow B:\{A,K_{AB},T_{B}\}_{K_{BS}},\{N_{B}\}_{K_{AB}}

Alice forwards the message and verifies $N_{A}$ is the same that she generated earlier. Bob will verify $T_{B}$ and $N_{B}$ have not changed when he receives the message.

Subsequent communications

An advantage provided by this protocol is that Alice can utilize the trusted Server's message to initiate authentication with Bob within some predetermined time limit without utilizing the trusted Server. The protocol proceeds as follows using the same definitions as above.

$A\rightarrow B:\{A,K_{AB},T_{B}\}_{K_{BS}},N'_{A}$

Alice sends the message the trusted Server sent her previously when communication with Bob.

$B\rightarrow A:N'_{B},\{N'_{A}\}_{K_{AB}}$

Bob sends Alice a new nonce and her new nonce encrypted with session key that Alice resent from previous communication.

$A\rightarrow B:\{N'_{B}\}_{K_{AB}}$

Alice returns Bob's nonce encrypted with the session key to allow him to verify the communication is successful.

Attack

Using the theorem prover SPASS it has been shown that this protocol can be attacked.^[1] This attack and two more from ^[2] are outlined in .

SPASS is an automated theorem prover for first-order logic with equality developed at the Max Planck Institute for Computer Science and using the superposition calculus. The name originally stood for Synergetic Prover Augmenting Superposition with Sorts. The theorem proving system is released under the FreeBSD license.

Related Research Articles

In cryptography and computer security, a man-in-the-middle attack (MITM) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. One example of a MITM attack is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all relevant messages passing between the two victims and inject new ones. This is straightforward in many circumstances; for example, an attacker within reception range of an unencrypted wireless access point (Wi-Fi) could insert themselves as a man-in-the-middle.

Burrows–Abadi–Needham logic is a set of rules for defining and analyzing information exchange protocols. Specifically, BAN logic helps its users determine whether exchanged information is trustworthy, secured against eavesdropping, or both. BAN logic starts with the assumption that all information exchanges happen on media vulnerable to tampering and public monitoring. This has evolved into the popular security mantra, "Don't trust the network."

In computer security, challenge–response authentication is a family of protocols in which one party presents a question ("challenge") and another party must provide a valid answer ("response") to be authenticated.

The Wide-Mouth Frog protocol is a computer network authentication protocol designed for use on insecure networks. It allows individuals communicating over a network to prove their identity to each other while also preventing eavesdropping or replay attacks, and provides for detection of modification and the prevention of unauthorized reading. This can be proven using BAN logic.

A security protocol is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods, often as sequences of cryptographic primitives. A protocol describes how the algorithms should be used. A sufficiently detailed protocol includes details about data structures and representations, at which point it can be used to implement multiple, interoperable versions of a program.

A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and re-transmits it, possibly as part of a masquerade attack by IP packet substitution. This is one of the lower tier versions of a "Man-in-the-middle attack".

MQV (Menezes–Qu–Vanstone) is an authenticated protocol for key agreement based on the Diffie–Hellman scheme. Like other authenticated Diffie–Hellman schemes, MQV provides protection against an active attacker. The protocol can be modified to work in an arbitrary finite group, and, in particular, elliptic curve groups, where it is known as elliptic curve MQV (ECMQV).

In public-key cryptography, the Station-to-Station (STS) protocol is a cryptographic key agreement scheme. The protocol is based on classic Diffie–Hellman, and provides mutual key and entity authentication. Unlike the classic Diffie–Hellman, which is not secure against a man-in-the-middle attack, this protocol assumes that the parties have signature keys, which are used to sign messages, thereby providing security against man-in-the-middle attacks.

Elliptic-curve Diffie–Hellman (ECDH) is an anonymous key agreement protocol that allows two parties, each having an elliptic-curve public–private key pair, to establish a shared secret over an insecure channel. This shared secret may be directly used as a key, or to derive another key. The key, or the derived key, can then be used to encrypt subsequent communications using a symmetric-key cipher. It is a variant of the Diffie–Hellman protocol using elliptic-curve cryptography.

Distributed System Security Architecture or (DSSA) is a computer security architecture that provides a suite of functions including login, authentication, and access control in a distributed system. To differ from other similar architectures, the DSSA architecture offers the ability to access all these functions without the trusted server being active.

The Password Authenticated Key Exchange by Juggling is a password-authenticated key agreement protocol, proposed by Feng Hao and Peter Ryan. This protocol allows two parties to establish private and authenticated communication solely based on their shared (low-entropy) password without requiring a Public Key Infrastructure. It provides mutual authentication to the key exchange, a feature that is lacking in the Diffie–Hellman key exchange protocol.

Yahalom is an authentication and secure key-sharing protocol designed for use on an insecure network such as the Internet. Yahalom uses a trusted arbitrator to distribute a shared key between two people. This protocol can be considered as an improved version of Wide Mouth Frog protocol, but less secure than the Needham–Schroeder protocol.

The YAK is a public-key authenticated key agreement protocol, proposed by Feng Hao in 2010. It is considered the simplest among the related protocols, including MQV, HMQV, Station-to-Station protocol, SSL/TLS etc. The authentication is based on public key pairs. As with other protocols, YAK normally requires a Public Key Infrastructure to distribute authentic public keys to the communicating parties.

In cryptography, Woo–Lam refers to various computer network authentication protocols designed by Simon S. Lam and Thomas Woo. The protocols enable two communicating parties to authenticate each other's identity and to exchange session keys, and involve the use of a trusted key distribution center (KDC) to negotiate between the parties. Both symmetric-key and public-key variants have been described. However, the protocols suffer from various security flaws, and in part have been described as being inefficient compared to alternative authentication protocols.

In cryptography, the Salted Challenge Response Authentication Mechanism (SCRAM) is a family of modern, password-based challenge–response authentication mechanisms providing authentication of a user to a server. As it is specified for Simple Authentication and Security Layer (SASL), it can be used for password-based logins to services like SMTP and IMAP (e-mail), or XMPP (chat). For XMPP, supporting it is mandatory.

Algebraic Eraser (AE) is an anonymous key agreement protocol that allows two parties, each having an AE public–private key pair, to establish a shared secret over an insecure channel. This shared secret may be directly used as a key, or to derive another key that can then be used to encrypt subsequent communications using a symmetric key cipher. Algebraic Eraser was developed by Iris Anshell, Michael Anshell, Dorian Goldfeld and Stephane Lemieux. SecureRF owns patents covering the protocol and is attempting to standardize the protocol as part of ISO/IEC 29167-20, a standard for securing radio-frequency identification devices and wireless sensor networks.

References

Schneier, Bruce (1996), Applied Cryptography, John Wiley & Sons, pp. 60–62, ISBN 0-471-12845-7

Bruce Schneier is an American cryptographer, computer security professional, privacy specialist and writer. Schneier is a fellow at the Berkman Center for Internet & Society at Harvard Law School, a program fellow at the New America Foundation's Open Technology Institute. He has been working for IBM since they acquired Resilient Systems where Schneier was CTO. He is the author of several books on general security topics, computer security and cryptography. Schneier is also a contributing writer for The Guardian news organization.

International Standard Book Number Unique numeric book identifier

The International Standard Book Number (ISBN) is a numeric commercial book identifier which is intended to be unique. Publishers purchase ISBNs from an affiliate of the International ISBN Agency.

↑ Weidenbach, Christoph (1999), Towards an Automatic Analysis of Security Protocols in First-Order Logic, Saarbrücken, Germany
↑ Hwang, Tzonelih; Lee, Narn-Yih; Li, Chuan-Ming; Ko, Ming-Yung; Chen, Yung-Hsiang (1994), "Two attacks on Neuman-Stubblebine authentication protocols", Information Processing Letters, Tainan, Taiwan, 53 (2): 103–107, doi:10.1016/0020-0190(95)00177-E

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Weidenbach, Christoph (1999), Towards an Automatic Analysis of Security Protocols in First-Order Logic, Saarbrücken, Germany

[2] Hwang, Tzonelih; Lee, Narn-Yih; Li, Chuan-Ming; Ko, Ming-Yung; Chen, Yung-Hsiang (1994), "Two attacks on Neuman-Stubblebine authentication protocols", Information Processing Letters, Tainan, Taiwan, 53 (2): 103–107, doi:10.1016/0020-0190(95)00177-E