Sunday, May 30, 2004

An Attack on the Needham-Schroeder Authentication Protocol

An interesting paper by Gavin Lowe which details an attack on the Needham-Schroeder protocol underlying Kerberos. What Lowe outlines is basically a man-in-the-middle attack that relies on the relaying of nonces. The message of the papers is as follows:

If the identity of a principal is essential to the meaning of a message, it is prudent to mention the principal's name explicitly in the message.


Post a Comment

<< Home