ETRI CIS OHP Form

1
Authentication
2
What is Authentication ?

• Verifying an identity
• People authentication
• Host authentication

3
Vulnerabilities in Authentication

• eavesdropping
• password database
• replay
• online/ offline guessing
• session maybe hijacked after authentication!

4
Authenticating people

• Computer verifying who you are
• what you know password
• what you have physical keys
• what you are fingerprint etc.
• Best at least two of the above

5
Authentication protocols

• one-way
• password
• challenge/response
• public-key
• two-way (mutual authentication)
• trusted intermediary (Kerberos)
• public-key

6
Authentication Systems

• Password-based authentication
• Off-line vs On-line Password guessing
• Storing user passwords
• Address-based authentication
• etc/hosts.equiv, .rhosts (UNIX)
• Trusted Intermediaries
• KDC (Key Distribution Center)
• CA (Certification Authorities)
• Multiple Trusted Intermediaries

7
Password authentication

• easy and popular
• Assuming
• No eavesdropping
• No bad guys
• Replacing clear password with cryptographic
  challenge/response

8
Identification by Password
Prover
Verifier
passwd table
passwd,A
A
A
h(passwd)
y

h
accept
passwd
n
reject
9
crypt passwd in UNIX
I1 00
next input Ii 2 ? i? 25
64
truncate to 8 ASCII chars 0-pad if necessary
user salt
user passwd
56
DES
12
output, Oi
O25
64
12
Repack 76 bits into 11 7-bit characters
salt 12-bit random from system clock when
select passwd. DES DES with expansion E
modified by 12-bit salt, 212 2028 DES
variations,
encrypted passwd
/etc/passwd
10
Challenge-Response Scheme

• Using Symmetric Cryptosystem

e(), K
V
P
random challenge,x
x
yeK(x)
y
yeK(x) yy ?
11
Shared secret(I)
Im A.
Challenge, R
A
B
KAB Shared secret key between A and B.
KABR
Risks

• Not mutual authentication
• Off-line password guessing attack
• Some who reads Bs database can later
  impersonate A.

12
Shared secret(II)
Im A.
B
A
KABR
KAB Shared secret key between A and B.
Challenge, R
Risks
If R is recognizable quantity, password
guessing attack is possible
13
Shared secret(III)
Im A, KABtimestamp
A
B
B authenticates A based on synchronized clocks
and a shared secret
Im A, timestamp, KABtimestamp
A
B
B authenticates A based on high resolution time
and a shared secret
14
Public Key
Im A
B
R / RA
A
RA / R
B authenticates A based on her public key
signature. B authenticates A if she can decrypt a
message encrypted with her public key RA
A signs R with private key. Risk man-in-the
middle attack
15
Lamports hash(I)

• A remembers passwd
• B has DB for eash user
• username
• n, an integer which decrements each time B
  authenticates the user. (Ex.) n1000
• hashn(pwd) i.e., hash(hash..hash(pwd)))
• Risks
• password access in system DB
• eavesdropping communication line
• revelation of password by careless user
• L. Lamport, Password Authentication with
  Insecure Channel,Comm. of the ACM, pp. 770-772,
  No.11, Vol.24, Nov., 1981

16
Lamports hash(II)
After registration stage send ltID, pwdgt
A, pwd
A
knowsltn, hashn(pwd)gt
As W/S
n
B
A
compare hashltxgt to hashn(pwd) if equal, replaces
ltn, hashnltpwdgtgt with ltn-1,xgt
xhashn-1(pwd)

• Solving Encryption and integrity together
• use passwordsalt instead of password only -gt
  advance to S/KEY
• No mutual authentication

17
Mutual authentication(I)
Im A
R1
KABR1
B
A
R2
KABR2

• Mutual authentication based on shared secret, KAB
• Risk of simplified 3-pass version
• Man-in-the-middle attack (reflection attack)
• password guessing

18
Mutual authentication(II)
Im A, R2B
R2, R1A
A
B
R1
Mutual authentication with public keys assuming
that A and B know each others public keys.
19
Mediated Authentication(I)
A wants B
KBuse KAB for A
KDC
B
A
KAuse KAB for B
Invents key KAB
KDC operation (in principle)
anyone can impersonate A
20
Mediated Authentication(II)
A wants B
KDC
B
A
KAuse KAB for B ticket to BKBuse KAB for A
invents key, KAB
Im A, ticketKBuse KAB for A
KDC operation (in practice)
21
Needham-Schroeder
N1, A wants B
KDC
KAN1, B, KAB, ticket to B where ticket to
BKBKAB,A
invents key KAB
B
A
ticket, KABN2
KABN2-1,N3
KABN3-1
Ni nonce
R.G.Needham and M.D. Schroeder, Using encryption
for authentication in large networks of
computers, Comm. of the ACM, pp.993-999, Vol.21,
No.12,Dec. 1978
22
Nonce

• a number use only once
• timestamp
• synchronized clocks
• guessable
• set clock back
• sequence number
• guessable
• requires state
• large random number

23
Kerberos
N1, A wants B
invents key KAB
KAN1, B, KAB, ticket to B where ticket to B
KBKAB, A, expiration time
KDC
B
A
ticket, KABT, T current time
KABT1
24
Performance of protocol

• No. of cryptographic operations using a private
  key
• No. of cryptographic operations using a public
  key
• No. of bytes encrypted or decrypted using a
  secret key
• No. of bytes to be cryptographically hashed
• No. of message transmitted

25
Bio-Identification
26
Bio Identification
(Def) B y Anil Jain (Michigan Univ) Biometrics
deals with identification of individuals based on
their biological or behavioral characteristics By
Biometric Consortium Automatically recognizing
a person using distinguishing Basic
Characteristics (1) Universality every person
should have the characteristics (2) Uniqueness
no two person should be the same in terms of
characteristics (3) Permanence the
characteristics should be invariant with time (4)
Collectability the characteristics can be
measured quantitatively
27
Basic Configuration
Registered Data
Physical Information
Extraction of characteristics
Acquisition
Result
Matching
Amount of similarity
28
Identification by personal information
Secret info.
Reliability
Method
Security
Cost
Password Telephone No. Reg. no
What you remember
M(theft) L(imperso- nation)
Cheap
M/L
What you have
Registered Seal Magnetic Card IC Card
L(theft) M(imperso- nation)
Reason- able
M
Fingerprint, Eye, DNA, face, Voice etc
Biometric Character- stics
H(theft) H(Imperso- nation)
Expen- sive
H
29
Biometric Information

• Fingerprint
• Face
• Iris
• Eye
• Retinal
• Hand geometry
• Ear
• DNA
• Voice pattern
• Dynamic signature
• Key stroke
• Walking pattern

30
Comparison
Information (Byte)
Processing time(sec.)
Prob. ()
Research group
Method
p199.63 p299.97
Finger print
200
2.5
FBI
4
23
p199.72
US Air force
Hand
p199 p298.5
U. of Nagoya NTT
50
23
Signature
p197 p298
IBM,NTT, Bell Lab
Voice
600
12
p186 p2100
NTT, Bell Lab
Face
100
23
p187.6 p2100
Iris
70
3
Identify
p1 prob. of accepting correct person, p2
prob. of rejecting wrong person