KDC Implementation using NeedhamSchroedar Protocol - Cybersecurity

The following command-line should be used to compile all the 3 files:

#!shell
gcc -O2 -Wall -fPIC aes.c <input> -o <output> -lmcrypt

where, is the source file (Alice.c / Bob.c / KDC.c) is the compiled file

1. Alice sends Request to KDC

   This requires the use of a special structure (kdc_request_s) to contain 3 (+1) parameters:

   1. Source (Alice)
   2. Target (Bob)
   3. Source Nonce (R₁ or R_A) (Generated by Alice)
   4. (Optional) Padding (to match with AES blocksize)

   The same structure is shared with KDC to receive the data in formatted plaintext.

2. KDC sends Reply to Alice

   This requires the use of a special structure (kdc_reply_s) to contain 4 (+1) parameters:

   1. Source Nonce (R₁ or R_A)
   2. Target (Bob)
   3. Session Key (K_AB) (Generated by KDC)
   4. <encrypted ticket> (Ticket is encrypted using Bob’s key after being generated by KDC)
   5. (Optional) Padding (to match with AES blocksize)

   The same structure is shared with Alice to receive data in ciphertext and decrypt into formatted plaintext.

   The Ticket so encrypted requires an additional structure (ticket_s) to contain 2 parameters:

   1. Source (Alice)
   2. Session Key (K_AB)

   The same structure is shared with Bob to receive the data in ciphertext and decrypt into formatted plaintext.

3. Alice sends Encrypted Ticket to Bob

   This stage simply involves forwarding the received payload from KDC directly to Bob since Alice doesn’t have Bob’s key to decrypt the ticket, to be sent to Bob.

4. Bob sends Nonce (R₂ or R_B) to Alice

   1. Bob generates Nonce (R₂ or R_B).
   2. Then ecrypts it using the Session Key (K_AB).
   3. Then sends the ciphertext to Alice which she can easily decrypt using the shared ession Key (K_AB).

5. Alice sends (R₂ - 1) to Bob

   1. Alice subtracts 1 from the Nonce (R₂ or R_B).
   2. Then ecrypts it using the Session Key (K_AB).
   3. Then sends the ciphertext to Bob which he can easily decrypt using the shared ession Key (K_AB).
   4. Bob simply compares the expected value with the received value.
   5. If confirmed, establishment of the Session by announcing “SUCCESS”

1. allocateRandomString()

   Creates a random character string of required length from a chosen charset.

2. getTimestamp_usec()

   Fetches 64-bit accurate timestamp (in microseconds w/ count from EPOCH)

3. AES Library Methods

   AES Library Methods such as encrypt() and decrypt() are used.

• Quick summary:

  Cybersecurity Assignment Project - Implementation of Needham Schroedar Protocol

• Requirements
  • CC/GCC Toolkit
  • Mcrypt library

• Author: Souvik Das (souvikdas95@yahoo.co.in)