Yahalom is an authentication and secure key-sharing protocol designed for use on an insecure network such as the Internet. Yahalom uses a trusted arbitrator to distribute a shared key between two people. This protocol can be considered as an improved version of Wide Mouth Frog protocol (with additional protection against man-in-the-middle attack), but less secure than Needham-Schroeder.
If Alice (A) initiates the communication to Bob (B) with S is a server trusted by both parties, the protocol can be specified as follows using security protocol notation:
A and B are identities of Alice and Bob respectively
K
A
S
is a symmetric key known only to A and S
K
B
S
is a symmetric key known only to B and S
N
A
and
N
B
are nonces generated by A and B respectively
K
A
B
is a symmetric, generated key, which will be the session key of the session between A and B
A
→
B
:
A
,
N
A
Alice sends a message to Bob requesting communication.
B
→
S
:
B
,
{
A
,
N
A
,
N
B
}
K
B
S
Bob sends a message to the Server encrypted under
K
B
S
.
S
→
A
:
{
B
,
K
A
B
,
N
A
,
N
B
}
K
A
S
,
{
A
,
K
A
B
}
K
B
S
The Server sends to Alice a message containing the generated session key
K
A
B
and a message to be forwarded to Bob.
A
→
B
:
{
A
,
K
A
B
}
K
B
S
,
{
N
B
}
K
A
B
Alice forwards the message to Bob and verifies
N
A
has not changed. Bob will verify
N
B
has not changed when he receives the message.
