Previous  Index  Next
Send a comment
Security Protocols Open Repository
download: protocol specification in plain text
page in compressed postscript
page in pdf
page source in latex
bibTeX references

Lowe modified KSL

Author(s): Gavin Lowe  (1996)

Summary: Lowe modified version of the KSL protocol to prevent authentication attacks. Distribution of a session key and a ticket and repeated mutual authentication. Symmetric key cryptography with server.

Protocol specification (in common syntax)

A, B, S :   principal
Na, Nb, Nc, Ma, Mb :   number
Kas, Kbs, Kab, Kbb :   key
Tb :   generalizedTimestamp

1.   A -> B :   Na, A
2.   B -> S :   Na, A, Nb, B
3.   S -> B :   {A, Nb Kab}Kbs, {Na, B, Kab}Kas
4.   B -> A :   {Na, B, Kab}Kas, {Tb, A, Kab}Kbb, Nc, {B, Na}Kab
5.   A -> B :   {Nc}Kab
6.   A -> B :   Ma, {Tb, A, Kab}Kbb
7.   B -> A :   Mb, {Ma, B}Kab
8.   A -> B :   {A, Mb}Kab

Description of the protocol rules

See KSL.

The version given above has been devised from the following modifications to KSL advised in [Low96]:


See KSL.



See also



Gavin Lowe. Some new attacks upon security protocols. In IEEE Computer Society Press, editor, In Proceedings of the Computer Security Foundations Workshop VIII, 1996.
last modified 02/12/2002.
Previous  Index  Next
Send a comment