{"id":27624382,"url":"https://github.com/ahmeddwalid/needham-schroeder-protocol","last_synced_at":"2025-07-17T03:33:06.683Z","repository":{"id":289160388,"uuid":"970285611","full_name":"ahmeddwalid/Needham-Schroeder-protocol","owner":"ahmeddwalid","description":"Needham Schroeder protocol implementation for the Networks Security midterm project","archived":false,"fork":false,"pushed_at":"2025-04-21T20:37:28.000Z","size":18,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-23T11:42:31.749Z","etag":null,"topics":["aes-encryption","authen","distributed-systems","kdc","needham-schroeder","networksecurity","python3","two-way-authentication"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ahmeddwalid.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-04-21T19:20:08.000Z","updated_at":"2025-04-21T22:52:39.000Z","dependencies_parsed_at":"2025-04-23T11:38:15.953Z","dependency_job_id":null,"html_url":"https://github.com/ahmeddwalid/Needham-Schroeder-protocol","commit_stats":null,"previous_names":["ahmeddwalid/needham-schroeder-protocol"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/ahmeddwalid/Needham-Schroeder-protocol","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ahmeddwalid%2FNeedham-Schroeder-protocol","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ahmeddwalid%2FNeedham-Schroeder-protocol/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ahmeddwalid%2FNeedham-Schroeder-protocol/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ahmeddwalid%2FNeedham-Schroeder-protocol/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ahmeddwalid","download_url":"https://codeload.github.com/ahmeddwalid/Needham-Schroeder-protocol/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ahmeddwalid%2FNeedham-Schroeder-protocol/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261782722,"owners_count":23208908,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aes-encryption","authen","distributed-systems","kdc","needham-schroeder","networksecurity","python3","two-way-authentication"],"created_at":"2025-04-23T11:38:12.466Z","updated_at":"2025-07-17T03:33:06.678Z","avatar_url":"https://github.com/ahmeddwalid.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch2 align=\"center\"\u003eNetworks Security\u003c/h2\u003e\n\u003ch3 align=\"center\"\u003eNeedham-Schroeder Protocol Documentation\u003c/h3\u003e\n\n## Table of Contents\n\n1. [Project Overview](#project-overview)\n2. [Protocol Implementation](#protocol-implementation)\n3. [Project Structure](#project-structure)\n4. [Installation](#installation)\n5. [Usage](#usage)\n6. [Implementation Details](#implementation-details)\n   - [Entity Base Class](#entity-base-class)\n   - [Client A](#client-a)\n   - [Client B](#client-b)\n   - [Key Distribution Center (KDC)](#key-distribution-center-(kdc))\n7. [Future Improvements](#future-improvements)\n8. [References](#references)\n\n# About The Project\n\nThis project implements the Needham-Schroeder symmetric key authentication protocol in Python. The code is structured in a modular way to make each component of the protocol clear and understandable.\n\nThe Needham-Schroeder protocol allows two parties (Alice and Bob) who each share a secret key with a trusted third party (KDC) to establish a secure session between themselves. The protocol consists of the following steps:\n\n# Protocol implementation\n\n### Initial Authentication\n\n1. **A --\u003e B: IDA || Na**\n   Alice sends her identity and a fresh nonce (random number) to Bob.\n\n2. **B --\u003e KDC: IDB || Nb || EKb[IDA || Na || Tb]**\n   Bob forwards Alice's request to the KDC with his own identity, a fresh nonce, and an encrypted ticket containing Alice's identity, her nonce, and a timestamp.\n\n3. **KDC --\u003e A: EKa[IDB || Na || Ks || Tb] || EKb[IDA || Ks || Tb] || Nb**\n   \n   The KDC generates a session key (Ks) and sends to Alice:\n   \n   - A ticket encrypted with Alice's key containing Bob's identity, Alice's nonce, the session key, and the timestamp\n   - A ticket encrypted with Bob's key containing Alice's identity, the session key, and the timestamp\n   - Bob's nonce\n\n4. **A --\u003e B: EKb[IDA || Ks || Tb] || EKs[Nb]**\n   Alice forwards Bob's ticket to him along with Bob's nonce encrypted with the session key to prove she knows the session key.\n\n### Future Communication\n\nOnce authenticated, Alice and Bob can use their established session key for subsequent communication:\n\n1. **A --\u003e B: EKb[IDA || Ks || Tb], N'a**\n   Alice reuses the encrypted ticket and sends a new nonce.\n2. **B --\u003e A: N'b, EKs[N'a]**\n   Bob responds with his own new nonce and Alice's nonce encrypted with the session key.\n3. **A --\u003e B: EKs[N'b]**\n   Alice completes the exchange by encrypting Bob's nonce with the session key.\n\n## Project Structure\n\nThe implementation is organized into the following files:\n\n- `entity.py`: Base class with the encryption/decryption functionality\n- `client_a.py`: Implementation of Client A (Alice, the initiator)\n- `client_b.py`: Implementation of Client B (Bob, the responder)\n- `kdc.py`: Implementation of the Key Distribution Center\n- `main.py`: Main script to run the demonstration\n- `requirements.txt`: Dependencies required for the project\n\n## Installation\n\n### Prerequisites\n\n- Python 3 or higher\n- pip package manager\n\n### Setup\n\n1. Clone the repository and enter the directory:\n   \n   ```bash\n   git clone https://github.com/ahmeddwalid/Needham-Schroeder-protocol.git\n   cd Needham-Schroeder-protocol\n   ```\n\n2. Install the required dependencies:\n   \n   ```bash\n   pip install -r requirements.txt\n   ```\n\n## Usage\n\nRun the demonstration script to see the protocol in action:\n\n```\npython main.py\n```\n\nThis will execute the Two-Way authentication of the Needham-Schroeder protocol, showing both the initial authentication and a future communication exchange.\n\n#### Runing `main.py`\n\n1. Sets up Alice, Bob, and the KDC with appropriate keys\n2. Steps through the initial authentication protocol\n3. Demonstrates subsequent authenticated communication\n4. Verifies successful completion at each step\n\n### Output\n\n```\n=== NEEDHAM-SCHROEDER PROTOCOL ===\n\nStep 1: A→B: Alice || 5905722\nStep 2: B→KDC: Bob || 3370553 || [Encrypted Ticket]\nKDC processed authentication request and generated session key\nStep 3: A received and processed KDC response\nStep 4: B authenticated A successfully\n\n=== MUTUAL AUTHENTICATION SUCCESSFUL! ===\n\n\n=== FUTURE COMMUNICATION ===\n\nFuture Communication Step 1: A→B: [Ticket] || 1603302\nFuture Communication Step 2: B→A: 3951118 || EKs[1603302]\nFuture Communication Step 3: A→B: EKs[1603302]\n\n=== FUTURE COMMUNICATION COMPLETED SUCCESSFULLY! ===\n```\n\n## Implementation Details\n\n### Entity Base Class\n\nThe **Entity** class in `entity.py` provides fundamental cryptographic operations and utilities used by all participants in the protocol:\n\n- **Encryption**: AES-256 in CBC mode with proper padding\n- **Decryption**: Handling of encrypted data with IV extraction and padding verification\n- **Nonce Generation**: Creation of random values for challenge-response\n- **Timestamp Generation**: For freshness verification\n\n### Client A\n\n- **step1_initiate_auth**: Initiates authentication by generating a nonce\n- **step3_process_kdc_response**: Processes the KDC's response, verifies nonces, and extracts the session key\n- **future_comm_step1**: Initiates future communication using the stored ticket\n- **future_comm_step3**: Completes the future communication by responding to Bob's challenge\n\n### Client B\n\n- **step2_respond_to_a**: Responds to Alice's authentication request by creating a ticket for the KDC\n- **step4_verify_a**: Verifies Alice's authentication message, extracts the session key\n- **future_comm_step2**: Responds to Alice's future communication request with a challenge\n\n### Key Distribution Center (KDC)\n\n- **register_entity**: Registers entities and their secret keys\n- **process_auth_request**: Processes authentication requests, generates session keys, and creates encrypted tickets\n\n## Future Improvements\n\n1. **Enhanced Error Handling**: More robust error handling for network failures, malformed messages, etc.\n2. **Logging**: Better logging for debugging and audit purposes\n3. **Improved Security**: Additional security measures like:\n   - More secure nonce generation\n   - Advanced replay attack prevention\n   - Public key cryptography variant (Needham-Schroeder-Lowe protocol)\n4. **Realistic Network Simulation**: Currently communication is run in memory\n5. **Unit Tests**: Comprehensive test suite to verify protocol correctness\n6. **GUI Interface**: A graphical representation of the protocol steps\n\n## References\n\n1. Needham, R. M., \u0026 Schroeder, M. D. (1978). \"Using encryption for authentication in large networks of computers.\" Communications of the ACM, 21(12), 993-999.\n2. Anderson, R. (2020). \"Security Engineering: A Guide to Building Dependable Distributed Systems.\" 3rd Edition.\n3. Ferguson, N., Schneier, B., \u0026 Kohno, T. (2010). \"Cryptography Engineering: Design Principles and Practical Applications.\"\n4. Menezes, A. J., Van Oorschot, P. C., \u0026 Vanstone, S. A. (1996). \"**Handbook of Applied Cryptography.**\"\n5. [PyCryptodome Documentation](https://pycryptodome.readthedocs.io/en/latest/)\n\n# License\n\nThis project is distributed under the [Apache 2.0 license](https://choosealicense.com/licenses/apache-2.0/). See\n[```LICENSE.txt```](/LICENSE) for more information.\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fahmeddwalid%2Fneedham-schroeder-protocol","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fahmeddwalid%2Fneedham-schroeder-protocol","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fahmeddwalid%2Fneedham-schroeder-protocol/lists"}