Authentication Protocols

& Digital Signature

Schemes

Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
INTRODUCTION
Entity authentication is a technique designed to let one
party prove the identity of another party. An entity can
be a person, a process, a client, or a server. The entity
whose identity needs to be proved is called the
claimant; the party that tries to prove the identity of
the claimant is called the verifier.

Topics discussed in this section:

Data-Origin Versus Entity Authentication
Verification Categories
 Data-Origin Versus Entity Authentication

There are two differences between message

authentication (data-origin authentication) and entity
authentication.

1) Message authentication might not happen in real

time; entity authentication does.
2) Message authentication simply authenticates one
message; the process needs to be repeated for each
new message. Entity authentication authenticates the
claimant for the entire duration of a session.
 Verification
Categories

Something known

Something possessed

Something inherent
 PASSWORDS

The simplest and oldest method of entity

authentication is the password-based authentication,
where the password is something that the claimant
knows.

Topics discussed in this section:

Fixed Password
One-Time Password
 Fixed Password

First Approach
User ID and password file
Second Approach
Hashing the password
Third Approach
Salting the password
Fourth Approach
In the fourth approach, two identification techniques are
combined. A good example of this type of authentication
is the use of an ATM card with a PIN (personal
identification number).
 One-Time Password

First Approach
In the first approach, the user and the system agree upon
a list of passwords.

Second Approach
In the second approach, the user and the system agree to
sequentially update the password.

Third Approach
In the third approach, the user and the system create a
sequentially updated password using a hash function.
Lamport one-time password
 CHALLENGE-RESPONSE

In password authentication, the claimant proves her

identity by demonstrating that she knows a secret, the
password. In challenge-response authentication, the
claimant proves that she knows a secret without
sending it.

Topics discussed in this section:

Using a Symmetric-Key Cipher
Using Keyed-Hash Functions
Using an Asymmetric-Key Cipher
Using Digital Signature
Note
In challenge-response authentication, the claimant
proves that she knows a secret without sending it to
the verifier.

Note
The challenge is a time-varying value sent by the
verifier; the response is the result
of a function applied on the challenge.
 Using a Symmetric-Key Cipher

First Approach

Nonce challenge
Second Approach

Figure 14.6 Timestamp challenge

Third Approach.
Bidirectional authentication
 Using Keyed-Hash Functions

Instead of using encryption/decryption for entity

authentication, we can also use a keyed-hash function
(MAC).
Keyed-hash function
 Using an Asymmetric-Key Cipher

First Approach

Unidirectional, asymmetric-key authentication

Second Approach
Bidirectional, asymmetric-key
 Using Digital Signature

First Approach
Digital signature, unidirectional
 Second Approach
Digital signature, bidirectional authentication
BIOMETRI
CS
Biometrics is the measurement of physiological or
behavioral features that identify a person
(authentication by something inherent). Biometrics
measures features that cannot be guessed, stolen, or
shared.
Topics discussed in this section:
Components
Enrollment
Authentication
Techniques
Accuracy
Applications
 Components

Several components are needed for biometrics, including

capturing devices, processors, and storage devices..
 Enrollment

Before using any biometric techniques for authentication,

the corresponding feature of each person in the
community should be available in the database. This is
referred to as enrollment.
 Authentication

Verification

Identification
Techniques

Figure 14.17 Techniques

Physiological Techniques

Fingerprint Hands
Iris Voice
Retina DNA
Face
Behavioral Techniques

Signature
Keystroke
 Accuracy

False Rejection Rate (FRR)

False Acceptance Rate (FAR)

 Applications

Several applications of biometrics are already in use. In

commercial environments, these include access to
facilities, access to information systems, transaction at
point-ofsales, and employee timekeeping. In the law
enforcement system, they include investigations (using
fingerprints or DNA) and forensic analysis. Border
control and immigration control also use some biometric
techniques.
 Digital Signature

Let us begin by looking at the differences between

conventional signatures and digital signatures.
 13.1.1 Inclusion

A conventional signature is included in the document; it

is part of the document. But when we sign a document
digitally, we send the signature as a separate document.

13.32
 13.1.2 Verification Method

For a conventional signature, when the recipient receives

a document, she compares the signature on the document
with the signature on file. For a digital signature, the
recipient receives the message and the signature. A copy
of signature is not stored anywhere. The recipient needs
to apply a verification technique to the combination of the
message and the signature to verify the authenticity.

13.33
 13.1.3 Relationship

For a conventional signature, there is normally a one-to-

many relationship between a signature and documents.
For a digital signature, there is a one-to-one relationship
between a signature and a message.

13.34
 13.1.4 Duplicity

In conventional signature, a copy of the signed document

can be distinguished from the original one on file. In
digital signature, there is no such distinction unless there
is a factor of time on the document.

13.35
 13-2 PROCESS

Figure 13.1 Digital signature process

13.36
 13.2.1 Need for Keys

Figure 13.2 Adding key to the digital signature process

Note
A digital signature needs a public-key system.
The signer signs with her private key; the verifier
verifies with the signer’s public key.
13.37
 13.2.1 Need for Keys
• A conventional signature is like a private “key”
belonging to the signer of the document
• The signer uses it to sign the document; no one else
has this signature
• The copy of the signature is on the file like a public
key; anyone can use it to verify a document, to
compare it to the original signature
• In digital signature, the signer uses her private key,
applied it to a signing algorithm, to sign the
document
• The verifier uses the public key of the signer,
applied to the verifying algorithm to verify the
13.38 document
 13.2.1 Continued

Note
A cryptosystem for confidentiality uses the private
and public keys of the receiver: a digital signature
uses the private and public keys of the sender.

13.39
 13.2.2 Signing the Digest

Figure 13.3 Signing the digest

13.40
 13-3 SERVICES

We discussed several security services in Chapter 1

including message confidentiality, message authentication,
message integrity, and nonrepudiation. A digital signature
can directly provide the last three; for message
confidentiality we still need encryption/decryption.

Topics discussed in this section:

13.3.1 Message Authentication
13.3.2 Message Integrity
13.3.3 Nonrepudiation
13.3.4 Confidentiality

13.41
 13.3.1 Message Authentication

A secure digital signature scheme, like a secure

conventional signature can provide message
authentication.
e.g. Bob can verify that message is sent by Alice because
Alice’s public key is used in verification. Alice’s public
key cannot verify the signature signed by Eve’s private
key.
Note
A digital signature provides message
authentication.

13.42
 13.3.2 Message Integrity

The integrity of the message is preserved even if we sign

the whole message because we cannot get the same
signature if the message is changed. Digital signature
scheme today use hash function in the signing and
verifying algorithms that preserve the integrity of the
message.
Note
A digital signature provides message integrity.

13.43
 13.3.3 Nonrepudiation

Figure 13.4 Using a trusted center for nonrepudiation

Note

Nonrepudiation can be provided using a trusted

party.
13.44
 13.3.3 Nonrepudiation
• If Alice signs a message and then denies it, can Bob later prove that
Alice actually Signed it?
• Bob must keep signature on the file and later use Alice’s public key to
create the original message to prove the message in the file and
newly created message are same.
• This is not feasible because Alice may have changed her private or
public key during this time.
• Alice creates a signature from her message(SA) and sends the
message, her identity, Bob’s identity and signature to the center
• Center then checks if Alice’s public key is valid, and verifies using
Alice’s public key that message comes from Alice
• Center saves the copy of the message with the sender identity,
receiver identity and timestamp in its archive
• The center uses its private key to create another signature (ST) from
message
• The center then sends the message, new signature, Alice’s identity
13.45
and Bob’s identity to Bob
 13.3.4 Confidentiality

Figure 13.5 Adding confidentiality to a digital signature scheme

Note

A digital signature does not provide privacy.

If there is a need for privacy, another layer of
encryption/decryption must be applied.
13.46
 13-4 ATTACKS ON DIGITAL SIGNATURE

This section describes some attacks on digital

signatures.

Topics discussed in this section:

13.4.1 Attack Types

13.47
 13.4.1 Attack Types

Key-Only Attack

the attacker is only given the public verification key.(Ciphertext

only attack)

Known-Message Attack
the attacker is given valid signatures for a variety of messages known by
the attacker but not chosen by the attacker.(Known plaintext attack)

Chosen-Message Attack
the attacker first learns signatures on arbitrary messages of the attacker's
choice.(Chosen plaintext attack)

13.48
 13-5 DIGITAL SIGNATURE SCHEMES

Several digital signature schemes have evolved during

the last few decades. Some of them have been
implemented.

Topics discussed in this section:

13.5.1 RSA Digital Signature Scheme
13.5.2 ElGamal Digital Signature Scheme
13.5.3 Schnorr Digital Signature Scheme

13.50
 13.5.1 Continued
Key Generation
Key generation in the RSA digital signature scheme is
exactly the same as key generation in the RSA

Note
In the RSA digital signature scheme, d is private;
e and n are public.

13.51
 13.5.1 Continued

Signing and Verifying

Figure 13.7 RSA digital signature scheme

13.52
 13.5.1 Continued

Example 13.1
As a trivial example, suppose that Alice chooses p = 823 and q =
953, and calculates n = 784319. The value of φ(n) is 782544. Now
she chooses e = 313 and calculates d = 160009. At this point key
generation is complete. Now imagine that Alice wants to send a
message with the value of M = 19070 to Bob. She uses her private
exponent, 160009, to sign the message:

Alice sends the message and the signature to Bob. Bob receives the
message and the signature. He calculates

Bob accepts the message because he has verified Alice’s signature.

13.53
 13.5.1 Continued

RSA Signature on the Message Digest

Figure 13.8 The RSA signature on the message digest

13.54
 13.5.1 Continued

Note
When the digest is signed instead of the message
itself, the susceptibility of the RSA digital signature
scheme depends on the strength of the hash
algorithm.

13.55