Professional Documents
Culture Documents
Lecture 2 Authentication (Part 1)
Lecture 2 Authentication (Part 1)
Lecture 2 Authentication (Part 1)
A MAC is a cryptographic checksum on data that uses a secret key to detect both
accidental and intentional modifications of the data. This allows the recipient of the
message to verify the integrity of the message and authenticate that the message's sender
has the shared secret key.
Example: HMAC
1
Trusted Third Party
Trusted third party (TTP) is an entity which facilitates interactions between two
parties who both trust the third party
2
3
(2) Public key exchange
Weakness? Anyone can forge such a public announcement or email. That is,
some user could pretend to be user A and send a public key to another
participant or broadcast such a public key.
4
⚫ Public key certificate
➢ Public key certificate is an electronic document used for key exchange
➢ Issued by a CA (Certification Authority), such as VeriSign, etc.
➢ Contains your name, expiration dates, your public key, and the digital
signature of CA so that a recipient can verify that the certificate is real if
the issuer’s public key is known.
⚫ Certificate is a way to
distribute public key
⚫ The certificate can prove the
ownership of a public key
⚫ A certificate cannot be
changed.
⚫ A hacker cannot make a valid
certificate
⚫ Assume that CA is trustful
5
When public key certificate is needed?
⚫ Public key exchange
Could hacker pretend to be user A and send A’s public key certificate to
another participant or broadcast A’s certificate? No use. Hacker do not have
corresponding private key of the certificate.
⚫ Authentication
Before sending sensitive information online, we may not be able to verify the
identity of a party (prove who is who) on the Internet. How to verify a server’s
identity on the Internet?
Answer: the server’s public key certificate. Verify its correctness and ensure the
server is the owner of the certificate.
6
How do you get a public certificate from the HTTPS webpage?
1. Access the web page via HTTPS
2. Click on the lock icon next to the URL and select View certificate
7
8
9
10
11
How to verify public key certificate?
12
Authentication
The process of determining whether someone or something is, in fact,
who or what it is declared to be.
Advantages of passwords:
➢ easy to remember and use
➢ everyone know how to use it
Problem
➢ if password is sent in cleartext, can be intercepted
➢ if password is encrypted, requires establishment of encryption key
13
Authentication Protocols
• Symmetric key authentication protocols
• Public key authentication protocols
(1) A → B : M1
(2) B → S : M2
(3) S → B : M3
14
Replay attack on Authentication Protocols
The attacker records the data of a successful authentication and replays this
information to attempt to falsely authenticate to the verifier.
A → B : A, E(Kab : Password)
15
Symmetric Key Authentication Protocols
➢ Verify identity based on a secret key shared between the principles.
A → B : E(Kab: Ta, A, B)
16
Symmetric Key Three-Pass Mutual Authentication
The mutual authentication is achieved by the use of random numbers Ra and Rb.
(1) B→ A : Rb
(2) A→ B : E(Kab : Ra, Rb, A, B)
(3) B→ A : E(Kab : Rb, Ra, B, A)
17
Symmetric Key with Trusted Third Party
18
Challenge-Handshake Authentication Protocol (CHAP)
➢ CHAP authenticates a user or network host to an authenticating entity
19
Public Key Authentication Protocols
The public key certificate-based authentication mechanism is used as a representative of
the public key authentication protocols.
(1) B → A : Rb
(2) A → B : CertA, Ra, Rb, B, E(Ka-1: Ra, Rb, B) // Ra and Rb are nonces
20
➢ Public Key Protocol with Trusted Third Party
(1) A →S: A, B
(2) S →A: E(Ks-1: Kb, B) // Ra and Rb are nonces
(3) A →B: E(Kb: Ra, A)
(4) B →S: B, A
(5) S →B: E(Ks-1: Ka, A)
(6) B →A: E(Ka: Ra, Rb)
(7) A →B: E(Kb: Rb)
21
Two factor authentication
• use passwords plus something else
• Biometric
Retina, hand geometry, hand geometry, handwriting analysis, etc.
22
One way hash chain
• A hash chain is a successive application of a cryptographic hash function
h() to a string.
For example,
• h(h(h(h(st)))) gives a hash chain of length 4, often denoted h4(st)
Each token has a valid time period (10 minutes). St is a secret value and only can be
known by both.
23
One-time password, OTP (RFC 2289)
24
http://en.wikipedia.org/wiki/SecurID
25
Benefits of One-Time Passwords (OTPs)
Resistance to replay attacks: OTP authentication provides distinct
advantages over using static passwords alone. Unlike traditional passwords,
OTPs aren’t vulnerable to replay attacks—where a hacker intercepts a
transmission of data (like a user submitting their password or token),
records it, and uses it to gain access to the system or account themselves.
Difficult to guess: OTPs are often generated with algorithms that make use
of randomness. This makes it difficult for attackers to successfully guess
and use them.
Reduced risk when passwords are compromised: Users may use the
same password across different accounts. If the password is fall into the
wrong hands, stolen data and fraud are significant threats to the user.
OTP security helps to prevent access breaches, even if an attacker has
obtained a valid password.
26
Analysis of Authentication Protocols
The objective:
• Highlight the design flaws of authentication protocols
• The successful attacks which have uncovered flaws in protocols allows to
learn from design errors, understand general attack methods and strategies.
27
Attack 2: Reflection attack
Suppose A and B share a symmetric key K, and authenticate one another on the
basis of demonstrating knowledge of this key by encrypting or decrypting a
challenge as follows.
Upon A sending (1), E intercepts it, and initiates a
new protocol, sending the identical message rA back
to A.
28
Attack 3: Interleaving attack
sA denotes the signature operation of party A, and it is assumed that all parties
have authentic copies of all others’ public keys.
An enemy E can initiate one protocol with B (pretending to be A), and another
with A (pretending to be B), as shown below, and use a message from the latter
protocol to successfully complete the former, thereby deceiving B into believing
E is A (and that A initiated the protocol). This attack is possible due to the
message symmetry of (2) and (3).