Cryptographic%20Authentication%20Protocols - PowerPoint PPT Presentation

About This Presentation
Title:

Cryptographic%20Authentication%20Protocols

Description:

Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk Cryptographic Authentication Password authentication ... – PowerPoint PPT presentation

Number of Views:208
Avg rating:3.0/5.0
Slides: 19
Provided by: AliA61
Category:

less

Transcript and Presenter's Notes

Title: Cryptographic%20Authentication%20Protocols


1
Cryptographic Authentication Protocols
  • CS 470
  • Introduction to Applied Cryptography
  • Instructor Ali Aydin Selcuk

2
Cryptographic Authentication
  • Password authentication subject to eavesdropping
  • Alternative Cryptographic challenge-response
  • Symmetric key
  • Public key

3
Symmetric Key Challenge-Response
An example protocol
Im Alice
a challenge R
Alice
Bob
F(KAB,R)
4
  • Limitations
  • Authentication not mutual (login only)
  • Subject to connection hijacking (login only)
  • Subject to off-line password guessing (if K is
    derived from password)
  • Bobs database has keys in the clear

5
Symmetric Key Challenge-Response
A one-message protocol
Im Alice, KABtimestamp
Alice
Bob
6
  • Easy integration into password-sending systems
  • More efficient Single message, stateless
  • Care needed against replays
  • Care needed if key is common across servers
  • Clock has to be protected as well
  • Alternatively, with a hash function, send,
  • Im Alice, timestamp, H(KAB,timestamp)

7
Public Key Challenge-Response
By signature
Im Alice
R
Alice
Bob
RA
8
Public Key Challenge-Response
By decryption
Im Alice
RA
Alice
Bob
R
9
  • Problem Bob (or Trudy) can get Alice to
    sign/decrypt any text he chooses.
  • Solutions
  • Never use the same key for different purposes
    (e.g., for login and signature)
  • Have formatted challenges

10
Mutual Authentication
  • Both Alice and Bob authenticate each other
  • An example protocol

Im Alice
R1
F(KAB,R1)
Alice
Bob
R2
F(KAB,R2)
11
Some saving
Im Alice, R2
R1, F(KAB,R2)
Alice
Bob
F(KAB,R1)
12
Reflection attack
Im Alice, R2
R1, F(KAB,R2)
Trudy
Bob
F(KAB,R1)
Im Alice, R1
Trudy
Bob
R3, F(KAB,R1)
13
  • Solutions
  • Different keys for Alice and Bob
  • Formatted challenges, different for Alice and Bob
  • Principle Initiator should be the first to prove
    its identity

14
  • Another weakness Trudy can do dictionary attack
    against KAB acting as Alice, without
    eavesdropping.
  • Solution against both problems
  • (Dictionary attack still possible if Trudy can
    impersonate Bob.)

Im Alice
R1
Alice
Bob
F(KAB,R1), R2
F(KAB,R2)
15
  • Mutual authentication with PKC
  • Problem How can the public/private keys be
    remembered by ordinary users?
  • They can be stored in an electronic token (USB),
    or can be retrieved from a server with
    password-based authentication encryption.

Im Alice, R2B
R2, R1A
Alice
Bob
R1
16
Session Key Establishment
  • A session key is needed to authenticate/encrypt
    the rest of the session.
  • The session key must be
  • different for each session
  • unguessable by an eavesdropper
  • not KABx for some x predictable/extractable by
    an attacker
  • Good if both sides contribute
  • avoids replays (freshness guarantee)
  • works if either side has a good random number
    generator

17
Nonces
  • Nonce Something created for one particular
    occasion
  • Nonce types
  • Random numbers
  • Timestamps
  • Sequence numbers
  • Random nonces needed for unpredictability
  • Obtaining random nonces from timestamps
    encryption with a secret key.

18
Protocol Performance Comparison
  • Computational Complexity(to minimize CPU time,
    power consumption)
  • Number of private-key operations
  • public-key
  • bytes encrypted with secret
    key
  • bytes hashed
  • Communication Complexity
  • Number of message rounds
  • Bandwidth consumption
Write a Comment
User Comments (0)
About PowerShow.com