Issues and approaches to generalizing two-party authentication protocols for multi-party authentication

The design of cryptographic protocols with well understood properties is a difficult problem. Many simple cryptographic protocols that have been designed over the years by experienced designers have been found to have subtle flaws that have lead to attacks against them. As a result, designers will often attempt to modify protocols that have well understood properties to address new requirements. Such an approach can introduce flaws into the new protocol that are not present in the original protocol as assumptions under which the original protocol was designed are changed. In this paper, we will look at the issues associated with modifying two party authentication protocols to address group authentication by looking at efforts to modify the Needham-Schroeder-Lowe (NSL) protocol for use in group authentication. We will carefully review the assumptions under which the NSL protocol was proven to provide authentication and the changing assumptions when moving from a two party setting to a group setting. Several approaches to modifying the NSL protocol will be analyzed and flaws that result in the new protocols will be exposed, as well as approaches that maintain the properties of the protocol. Finally, we develop the requirements that any group authentication protocol would need to meet the same authentication goals as the NSL protocol against the same Dolev-Yao intruder.