SlideShare a Scribd company logo

Cryptography

Download as PPT, PDF
V
Veiluvanthal1981

This document discusses various methods of entity authentication. It distinguishes between message authentication and entity authentication. Some common methods discussed include using passwords, challenge-response protocols, and digital signatures. Specific techniques covered are fixed passwords, salted passwords, one-time passwords, challenge-response using symmetric ciphers, keyed hash functions, asymmetric ciphers, and digital signatures. The document provides examples of how each method can enable both unidirectional and bidirectional entity authentication.

Education
1 of 24
Entity Authentication By Mrs.T.Veiluvanthal
Objectives • To distinguish between message authentication and entity authentication • To define witnesses used for identification • To discuss some methods of entity authentication using a password • To introduce some challenge-response protocols for entity authentication
INTRODUCTION Entity authentication is a technique designed to let one party prove the identity of another party. An entity can be a person, a process, a client, or a server. The entity whose identity needs to be proved is called the claimant; the party that tries to prove the identity of the claimant is called the verifier.
There are two differences between message authentication (data-origin authentication). 1) Message authentication might not happen in real time; entity authentication does. 2) Message authentication simply authenticates one message; the process needs to be repeated for each new message. Entity authentication authenticates the claimant for the entire duration of a session. Data Origin Vs Entity Authentication
Verification Categories Something known Something possessed Something inherent A secret known only by the claimant that can be checked by the verifier. Example Password. Something that can prove the claimant’s identity. Example Passport. An inherent characteristic of the claimant. Example conventional signature,fingerprint,voice etc.
14.6 This chapter discusses entity authentication. The next chapter discusses key managment. These two topics are very closely related., key management protocols use entity authentication protocols. Entity Authentication and Key Management
PASSWORDS The simplest and oldest method of entity authentication is the password-based authentication, where the password is something that the claimant knows.A password is used when a user needs to access a system to use the system’s resources. A Fixed Password is a password that is used over and over again for every access. Fixed Password
Fixed Password First Approach The System keeps a table that is sorted by user identification.The user sends her identification and password to the system.The system used the identification to find the password in the table Figure User ID and password file
Second Approach To store the hash of the password. Any user can read the contents of the file, because the hash function is a one way function. Figure Hashing the password
Third Approach This is called salting password, when the password string is created, a random string called the salt, is concatenated to the password, then it is hashed.The Id,the salt and the hash are stored in the file. Figure Salting the password
14.11 Fourth Approach In the fourth approach, two identification techniques are combined. A good example of this type of authentication is the use of an ATM card with a PIN (personal identification number).
14.12 One-Time Password First Approach In the first approach, the user and the system agree upon a list of passwords. Second Approach In the second approach, the user and the system agree to sequentially update the password. Third Approach In the third approach, the user and the system create a sequentially updated password using a hash function.
14.13 Figure Lamport one-time password
CHALLENGE-RESPONSE In password authentication, the claimant proves her identity by demonstrating that she knows a secret, the password. In challenge-response authentication, the claimant proves that she knows a secret without sending it. Using a Symmetric-Key Cipher Using Keyed-Hash Functions Using an Asymmetric-Key Cipher Using Digital Signature Topics discussed in this section:
14.15 In challenge-response authentication, the claimant proves that she knows a secret without sending it to the verifier. Note The challenge is a time-varying value sent by the verifier; the response is the result of a function applied on the challenge. Note
Using a Symmetric-Key Cipher First Approach The verifier sends a nonce, a random number used only once to challenge the claimant. A nonce must be time varying. Every time is created it is different. Figure Nonce challenge
14.17 Second Approach The time varying value is time stamp,The challenge message is the current time sent from the verifier to the claimant. Figure Timestamp challenge
14.18 Third Approach The first and second appraches are unidirectional authentication.But we need bidirectional Figure Bidirectional authentication
Instead of using encryption/decryption for entity authentication, we can also use a keyed-hash function (MAC). Using Keyed-Hash Functions Figure Keyed-hash function
14.20 Using an Asymmetric-Key Cipher First Approach B encrypts the challenge using a’s public key.A decrypts the message with a’s private key. Figure Unidirectional, asymmetric-key authentication
Second Approach Two public keys are used,one in each direction.A sends her identity and nonce encrypted with b’s public key. Figure Bidirectional, asymmetric-key
Using Digital Signature First Approach B uses a plaintext challenge and A signs the response Figure Digital signature, unidirectional
Second Approach Figure Digital signature, bidirectional authentication
Cryptography

Recommended

Cryptography
CryptographyCryptography
Cryptography
Veiluvanthal1981
 
A performance comparison of proposed approach of multiserver authentication a...
A performance comparison of proposed approach of multiserver authentication a...A performance comparison of proposed approach of multiserver authentication a...
A performance comparison of proposed approach of multiserver authentication a...
eSAT Journals
 
Digital signature
Digital signatureDigital signature
Digital signature
Nisha Menon K
 
E business--dig sig
E business--dig sigE business--dig sig
E business--dig sig
ravik09783
 
Computer security module 4
Computer security module 4Computer security module 4
Computer security module 4
Deepak John
 
Bi35339342
Bi35339342Bi35339342
Bi35339342
IJERA Editor
 
Security Flows and Improvement of a Recent Ultra Light-Weight RFID Protocol
Security Flows and Improvement of a Recent Ultra Light-Weight RFID Protocol Security Flows and Improvement of a Recent Ultra Light-Weight RFID Protocol
Security Flows and Improvement of a Recent Ultra Light-Weight RFID Protocol
ijujournal
 
PROVABLE SECURE IDENTITY BASED SIGNCRYPTION SCHEMES WITHOUT RANDOM ORACLES
PROVABLE SECURE IDENTITY BASED SIGNCRYPTION SCHEMES WITHOUT RANDOM ORACLESPROVABLE SECURE IDENTITY BASED SIGNCRYPTION SCHEMES WITHOUT RANDOM ORACLES
PROVABLE SECURE IDENTITY BASED SIGNCRYPTION SCHEMES WITHOUT RANDOM ORACLES
IJNSA Journal
 

Recommended

Cryptography
CryptographyCryptography
Cryptography
Veiluvanthal1981
 
A performance comparison of proposed approach of multiserver authentication a...
A performance comparison of proposed approach of multiserver authentication a...A performance comparison of proposed approach of multiserver authentication a...
A performance comparison of proposed approach of multiserver authentication a...
eSAT Journals
 
Digital signature
Digital signatureDigital signature
Digital signature
Nisha Menon K
 
E business--dig sig
E business--dig sigE business--dig sig
E business--dig sig
ravik09783
 
Computer security module 4
Computer security module 4Computer security module 4
Computer security module 4
Deepak John
 
Bi35339342
Bi35339342Bi35339342
Bi35339342
IJERA Editor
 
Security Flows and Improvement of a Recent Ultra Light-Weight RFID Protocol
Security Flows and Improvement of a Recent Ultra Light-Weight RFID Protocol Security Flows and Improvement of a Recent Ultra Light-Weight RFID Protocol
Security Flows and Improvement of a Recent Ultra Light-Weight RFID Protocol
ijujournal
 
PROVABLE SECURE IDENTITY BASED SIGNCRYPTION SCHEMES WITHOUT RANDOM ORACLES
PROVABLE SECURE IDENTITY BASED SIGNCRYPTION SCHEMES WITHOUT RANDOM ORACLESPROVABLE SECURE IDENTITY BASED SIGNCRYPTION SCHEMES WITHOUT RANDOM ORACLES
PROVABLE SECURE IDENTITY BASED SIGNCRYPTION SCHEMES WITHOUT RANDOM ORACLES
IJNSA Journal
 
AV_CNS__Entity Authentication_CNS_EA.pptx
AV_CNS__Entity Authentication_CNS_EA.pptxAV_CNS__Entity Authentication_CNS_EA.pptx
AV_CNS__Entity Authentication_CNS_EA.pptx
hodcse99
 
Unit 5
Unit 5Unit 5
Unit 5
KRAMANJANEYULU1
 
Mutual Authentication For Wireless Communication
Mutual Authentication For Wireless CommunicationMutual Authentication For Wireless Communication
Mutual Authentication For Wireless Communication
manish kumar
 
Comparative analysis of authentication and authorization security in distribu...
Comparative analysis of authentication and authorization security in distribu...Comparative analysis of authentication and authorization security in distribu...
Comparative analysis of authentication and authorization security in distribu...
eSAT Journals
 
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORD
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORDAN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORD
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORD
IJNSA Journal
 
Empirical Study of a Key Authentication Scheme in Public Key Cryptography
Empirical Study of a Key Authentication Scheme in Public Key CryptographyEmpirical Study of a Key Authentication Scheme in Public Key Cryptography
Empirical Study of a Key Authentication Scheme in Public Key Cryptography
IJERA Editor
 
Information and network security 47 authentication applications
Information and network security 47 authentication applicationsInformation and network security 47 authentication applications
Information and network security 47 authentication applications
Vaibhav Khanna
 
Ijarcet vol-2-issue-7-2258-2261
Ijarcet vol-2-issue-7-2258-2261Ijarcet vol-2-issue-7-2258-2261
Ijarcet vol-2-issue-7-2258-2261
Editor IJARCET
 
Ijarcet vol-2-issue-7-2258-2261
Ijarcet vol-2-issue-7-2258-2261Ijarcet vol-2-issue-7-2258-2261
Ijarcet vol-2-issue-7-2258-2261
Editor IJARCET
 
B017230816
B017230816B017230816
B017230816
IOSR Journals
 
Cryptanalysis and Security Enhancement of a Khan et al.'s Scheme
Cryptanalysis and Security Enhancement of a Khan et al.'s SchemeCryptanalysis and Security Enhancement of a Khan et al.'s Scheme
Cryptanalysis and Security Enhancement of a Khan et al.'s Scheme
iosrjce
 
E-Business security
E-Business security E-Business security
E-Business security
Surendhranatha Reddy
 
otp crid cards
otp crid cardsotp crid cards
otp crid cards
Bayalagmaa Davaanyam
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
IJERD Editor
 
Unit v
Unit vUnit v
Unit v
Bathshebaparimala
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniques
IGZ Software house
 
Class paper final
Class paper finalClass paper final
Class paper final
Anusha Manchala
 
IS - User Authentication
IS - User AuthenticationIS - User Authentication
IS - User Authentication
FumikageTokoyami4
 
IAME Blockchain Identity - Cryptocurrency ICO offer of IAM tokens & Ethereum
IAME Blockchain Identity - Cryptocurrency ICO offer of IAM tokens & EthereumIAME Blockchain Identity - Cryptocurrency ICO offer of IAM tokens & Ethereum
IAME Blockchain Identity - Cryptocurrency ICO offer of IAM tokens & Ethereum
IAME - Decentralised Fragmented Identification System
 
Presentation on digital signatures & digital certificates
Presentation on digital signatures & digital certificatesPresentation on digital signatures & digital certificates
Presentation on digital signatures & digital certificates
Vivaka Nand
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
AnaAcapella
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 

More Related Content

Similar to Cryptography

Comparative analysis of authentication and authorization security in distribu...
Comparative analysis of authentication and authorization security in distribu...Comparative analysis of authentication and authorization security in distribu...
Comparative analysis of authentication and authorization security in distribu...
eSAT Journals
 
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORD
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORDAN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORD
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORD
IJNSA Journal
 
Ijarcet vol-2-issue-7-2258-2261
Ijarcet vol-2-issue-7-2258-2261Ijarcet vol-2-issue-7-2258-2261
Ijarcet vol-2-issue-7-2258-2261
Editor IJARCET
 
Ijarcet vol-2-issue-7-2258-2261
Ijarcet vol-2-issue-7-2258-2261Ijarcet vol-2-issue-7-2258-2261
Ijarcet vol-2-issue-7-2258-2261
Editor IJARCET
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
IJERD Editor
 

Similar to Cryptography (20)

AV_CNS__Entity Authentication_CNS_EA.pptx
AV_CNS__Entity Authentication_CNS_EA.pptxAV_CNS__Entity Authentication_CNS_EA.pptx
AV_CNS__Entity Authentication_CNS_EA.pptx
 
Unit 5
Unit 5Unit 5
Unit 5
 
Mutual Authentication For Wireless Communication
Mutual Authentication For Wireless CommunicationMutual Authentication For Wireless Communication
Mutual Authentication For Wireless Communication
 
Comparative analysis of authentication and authorization security in distribu...
Comparative analysis of authentication and authorization security in distribu...Comparative analysis of authentication and authorization security in distribu...
Comparative analysis of authentication and authorization security in distribu...
 
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORD
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORDAN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORD
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORD
 
Empirical Study of a Key Authentication Scheme in Public Key Cryptography
Empirical Study of a Key Authentication Scheme in Public Key CryptographyEmpirical Study of a Key Authentication Scheme in Public Key Cryptography
Empirical Study of a Key Authentication Scheme in Public Key Cryptography
 
Information and network security 47 authentication applications
Information and network security 47 authentication applicationsInformation and network security 47 authentication applications
Information and network security 47 authentication applications
 
Ijarcet vol-2-issue-7-2258-2261
Ijarcet vol-2-issue-7-2258-2261Ijarcet vol-2-issue-7-2258-2261
Ijarcet vol-2-issue-7-2258-2261
 
Ijarcet vol-2-issue-7-2258-2261
Ijarcet vol-2-issue-7-2258-2261Ijarcet vol-2-issue-7-2258-2261
Ijarcet vol-2-issue-7-2258-2261
 
B017230816
B017230816B017230816
B017230816
 
Cryptanalysis and Security Enhancement of a Khan et al.'s Scheme
Cryptanalysis and Security Enhancement of a Khan et al.'s SchemeCryptanalysis and Security Enhancement of a Khan et al.'s Scheme
Cryptanalysis and Security Enhancement of a Khan et al.'s Scheme
 
E-Business security
E-Business security E-Business security
E-Business security
 
otp crid cards
otp crid cardsotp crid cards
otp crid cards
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 
Unit v
Unit vUnit v
Unit v
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniques
 
Class paper final
Class paper finalClass paper final
Class paper final
 
IS - User Authentication
IS - User AuthenticationIS - User Authentication
IS - User Authentication
 
IAME Blockchain Identity - Cryptocurrency ICO offer of IAM tokens & Ethereum
IAME Blockchain Identity - Cryptocurrency ICO offer of IAM tokens & EthereumIAME Blockchain Identity - Cryptocurrency ICO offer of IAM tokens & Ethereum
IAME Blockchain Identity - Cryptocurrency ICO offer of IAM tokens & Ethereum
 
Presentation on digital signatures & digital certificates
Presentation on digital signatures & digital certificatesPresentation on digital signatures & digital certificates
Presentation on digital signatures & digital certificates
 

Recently uploaded

Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
AnaAcapella
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 

Recently uploaded (20)

Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
Spatium Project Simulation student brief
Spatium Project Simulation student briefSpatium Project Simulation student brief
Spatium Project Simulation student brief
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 

Cryptography

  • 2. Objectives • To distinguish between message authentication and entity authentication • To define witnesses used for identification • To discuss some methods of entity authentication using a password • To introduce some challenge-response protocols for entity authentication
  • 3. INTRODUCTION Entity authentication is a technique designed to let one party prove the identity of another party. An entity can be a person, a process, a client, or a server. The entity whose identity needs to be proved is called the claimant; the party that tries to prove the identity of the claimant is called the verifier.
  • 4. There are two differences between message authentication (data-origin authentication). 1) Message authentication might not happen in real time; entity authentication does. 2) Message authentication simply authenticates one message; the process needs to be repeated for each new message. Entity authentication authenticates the claimant for the entire duration of a session. Data Origin Vs Entity Authentication
  • 5. Verification Categories Something known Something possessed Something inherent A secret known only by the claimant that can be checked by the verifier. Example Password. Something that can prove the claimant’s identity. Example Passport. An inherent characteristic of the claimant. Example conventional signature,fingerprint,voice etc.
  • 6. 14.6 This chapter discusses entity authentication. The next chapter discusses key managment. These two topics are very closely related., key management protocols use entity authentication protocols. Entity Authentication and Key Management
  • 7. PASSWORDS The simplest and oldest method of entity authentication is the password-based authentication, where the password is something that the claimant knows.A password is used when a user needs to access a system to use the system’s resources. A Fixed Password is a password that is used over and over again for every access. Fixed Password
  • 8. Fixed Password First Approach The System keeps a table that is sorted by user identification.The user sends her identification and password to the system.The system used the identification to find the password in the table Figure User ID and password file
  • 9. Second Approach To store the hash of the password. Any user can read the contents of the file, because the hash function is a one way function. Figure Hashing the password
  • 10. Third Approach This is called salting password, when the password string is created, a random string called the salt, is concatenated to the password, then it is hashed.The Id,the salt and the hash are stored in the file. Figure Salting the password
  • 11. 14.11 Fourth Approach In the fourth approach, two identification techniques are combined. A good example of this type of authentication is the use of an ATM card with a PIN (personal identification number).
  • 12. 14.12 One-Time Password First Approach In the first approach, the user and the system agree upon a list of passwords. Second Approach In the second approach, the user and the system agree to sequentially update the password. Third Approach In the third approach, the user and the system create a sequentially updated password using a hash function.
  • 14. CHALLENGE-RESPONSE In password authentication, the claimant proves her identity by demonstrating that she knows a secret, the password. In challenge-response authentication, the claimant proves that she knows a secret without sending it. Using a Symmetric-Key Cipher Using Keyed-Hash Functions Using an Asymmetric-Key Cipher Using Digital Signature Topics discussed in this section:
  • 15. 14.15 In challenge-response authentication, the claimant proves that she knows a secret without sending it to the verifier. Note The challenge is a time-varying value sent by the verifier; the response is the result of a function applied on the challenge. Note
  • 16. Using a Symmetric-Key Cipher First Approach The verifier sends a nonce, a random number used only once to challenge the claimant. A nonce must be time varying. Every time is created it is different. Figure Nonce challenge
  • 17. 14.17 Second Approach The time varying value is time stamp,The challenge message is the current time sent from the verifier to the claimant. Figure Timestamp challenge
  • 18. 14.18 Third Approach The first and second appraches are unidirectional authentication.But we need bidirectional Figure Bidirectional authentication
  • 19. Instead of using encryption/decryption for entity authentication, we can also use a keyed-hash function (MAC). Using Keyed-Hash Functions Figure Keyed-hash function
  • 20. 14.20 Using an Asymmetric-Key Cipher First Approach B encrypts the challenge using a’s public key.A decrypts the message with a’s private key. Figure Unidirectional, asymmetric-key authentication
  • 21. Second Approach Two public keys are used,one in each direction.A sends her identity and nonce encrypted with b’s public key. Figure Bidirectional, asymmetric-key
  • 22. Using Digital Signature First Approach B uses a plaintext challenge and A signs the response Figure Digital signature, unidirectional
  • 23. Second Approach Figure Digital signature, bidirectional authentication