Mutual Authentication For Wireless Communication


Published on

it deals how authentication is done for wireless communication.

Published in: Business, Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Mutual Authentication For Wireless Communication

  1. 1. SEMINAR ON MUTUAL AUTHENTICATION FOR WIRELESS COMMUNICATION <ul><li>PRESENTED BY </li></ul><ul><li>DEEPAK KUMAR </li></ul><ul><li>IT- ’A’ , S - 7 </li></ul>
  2. 2. <ul><li>Introduction </li></ul><ul><li>Mutual Authentication in a wireless nw </li></ul><ul><li>Types of Mutual Authentication in a wireless nw </li></ul><ul><li>How to Set-Up Mutual Authentication </li></ul><ul><li>Mutual Authentication Protocol </li></ul><ul><li>Attacks on Protocols </li></ul><ul><li>PKI </li></ul><ul><li>Advantages of Mutual Authentication </li></ul><ul><li>Limitations of Mutual Authentication </li></ul><ul><li>Conclusion </li></ul><ul><li>References </li></ul>
  3. 3. <ul><li>Authentication : - </li></ul><ul><li>Authentication is the process of verifying identity of an entity. </li></ul><ul><li>Authentication is used in a system where certain no of users are given authority to access or use the resources . </li></ul><ul><li>It can also be used in e-commerce . </li></ul><ul><li>An individual can be authenticated by a no. of ways :- </li></ul><ul><li>eg.- Using logon-password, </li></ul><ul><li>Public key Interface, user id- password, etc. </li></ul><ul><li>Basically there are 3 methods of authentication :- </li></ul><ul><li>What you have </li></ul><ul><li>What you are </li></ul><ul><li>What you know </li></ul>
  4. 4. <ul><li>Methods of Authentications : </li></ul><ul><li>What you have  keys, ID, pass cards, tokens. </li></ul><ul><li>objects can be taken and are not tied or &quot;signed&quot; to any particular person. </li></ul><ul><li>objects can be stolen . Keys can be duplicated , IDs can be faked </li></ul><ul><li>What you are  DNA, fingerprints, voice match, etc. </li></ul><ul><li>They can not be faked but they can be stolen </li></ul><ul><li>What you know  Passwords, pass phrases, etc. </li></ul><ul><li>They cannot be stolen (from your mind), they cannot be duplicated . </li></ul><ul><li>It only verifies that somebody knows the password. </li></ul>
  5. 5. <ul><li>M/A in a wireless n/w Environment </li></ul><ul><li>Mutual authentication is a process by which both entities a client and a server authenticate each other in a wireless network environment . </li></ul><ul><li>A connection can occur only when the client trusts the server's digital certificate and the server trusts the client's digital certificate. </li></ul><ul><li>The exchange of certificates is carried out by means of the Transport Layer Security (TLS) protocol. </li></ul><ul><li>Once a site has been identified as hostile , the user's computer can be blocked from visiting it or using its features thereafter. </li></ul>
  6. 6. <ul><li>How does it work? </li></ul>
  7. 7. <ul><li>Types of M/A in a Wireless n/w Environment </li></ul>
  8. 8. <ul><li>1. Certificate-based mutual authentication </li></ul>
  9. 9. <ul><li>2. Username &Password based Mutual Authentication </li></ul>
  10. 10. <ul><li>How to Set-Up Mutual Authentication </li></ul><ul><li>Using a single certificate:- </li></ul><ul><li>  </li></ul><ul><li>The problem is once the single certificate is compromised then the whole system is compromised . </li></ul><ul><li>Using two certificates :- </li></ul>Client Web Service Client publicprivate certificate Service publicprivate certificate Service public key Client public key
  11. 11. <ul><li>Mutual Authentication Protocols </li></ul><ul><li>It is also known as Needham – Schroeder public key authentication protocol. </li></ul><ul><li>1. A -> AS: IDa, IDb </li></ul><ul><li>2. AS -> A: EKrs[Kub, IDb] </li></ul><ul><li>3. A -> B: EKub[ Na, IDa] </li></ul><ul><li>4. B -> AS: IDb, IDa </li></ul><ul><li>5. AS -> B: EKrs[Kua,IDa] </li></ul><ul><li>6. B -> A: EKua[IDa, Na, Nb] </li></ul><ul><li>7. A -> B: EKub[Nb] </li></ul><ul><li>Here A and B are the two </li></ul><ul><li>entities while AS is the </li></ul><ul><li>Authentication server </li></ul>
  12. 12. <ul><li>Goals of Mutual Authentication Protocol </li></ul><ul><li>Provide Mutual authentication between users or between user and server </li></ul><ul><li>Minimal information transferred for mutual authentication </li></ul><ul><li>Password storage protection </li></ul><ul><li>Password protection during transit over an unsecured network </li></ul><ul><li>A method transportable to various platforms </li></ul><ul><li>An easy to use and efficient protocol for secure use over a network </li></ul>
  13. 13. <ul><li>Attacks on Mutual Authentication Protocol </li></ul><ul><li>1.Privacy attack:- </li></ul><ul><li>The messages 1 and 4 are not encrypted and are plain text messages. Any intruder monitoring the network can read the message and can infer that A and B trying to communicate with each other. The intruder can also determine how often the two parties communicate and for how long they communicate. </li></ul><ul><li>2. Impersonation Attack:- </li></ul><ul><li>Due to this effect the key used by device can be revoked and one can make his own rule on it. </li></ul><ul><li>3. Nuisance attack:- </li></ul><ul><li>These kinds of attacks do not compromise on security but disrupt the activities of the legitimate user. </li></ul><ul><li>The encryption protocol is stopped doing its business. </li></ul><ul><li>It causes several unnecessary communication between entities. </li></ul>
  14. 14. <ul><li>Modification to Minimize Attacks on protocols </li></ul><ul><li>1. Modification to minimize Privacy attack:- </li></ul><ul><li>by encrypting the messages. </li></ul><ul><li>When a user has to send a message to the server he encrypts the message using the public key of the server there by preventing any intruder from reading the message. </li></ul><ul><li>2. Modification to minimize Impersonation attack:- </li></ul><ul><li>In addition to encryption, a nonce is added to the messages. </li></ul><ul><li>The nonce is returned when the authentication server communicates back to the user. </li></ul><ul><li>The use of nonce assures user that the response received is current and has been sent from the server. </li></ul><ul><li>3. Modification to minimize Nuisance attack:- </li></ul><ul><li>The use of aliases can reduce the effect of nuisance attack on individual users. </li></ul><ul><li>This scheme involves the use of an alias ID. </li></ul><ul><li>Eg.- A broadcasts --> B, KUb[ N1, IDa, ID_a_alias] </li></ul><ul><li>Alias is a one time randomly genereted no. so it's very hard for a malicious user to correctly guess the alias. </li></ul>
  15. 15. <ul><li>MUTUAL AUTHENTICATION VIA CELL PHONE </li></ul><ul><li>Step 1:- Service provider delivers service on the computer. </li></ul><ul><li>Step 2:- authentication server authenticates the mobile phone. </li></ul>Service provider Authentication Server Service is delivered to the computer Authentication is done over mobile N/W Internet Mobile phone n/w 1 2
  16. 16. <ul><li>Step 3:- Phone no is sent from computer to service provider. </li></ul><ul><li>Step 4:- Authentication server sends OTP over n/w. </li></ul><ul><li>Step 5:- User enters the OTP. </li></ul>Service provider Authentication Server Phone No sent from the computer Authentication server sends OTP over N/W Internet Mobile phone n/w User enters OTP 3 4 5
  17. 17. <ul><li>Step 6:- Server sends one time phone No for the client to call for authentication. </li></ul><ul><li>Step 7:- Server authenticates the user using callers phone No. </li></ul>Service provider Authentication Server Server sends OTP1 for the client to call for authentication Server authenticates the user using callers phone No. Internet Mobile phone n/w 6 7
  18. 18. <ul><li>Public key Infrastructure(PKI) </li></ul><ul><li>PKI enables users to exchange information over a communication n/w by use of public and private key pair. </li></ul><ul><li>PKI uses the public key cryptography which is the most common method for authenticating a message sender or encrypting a msg . </li></ul><ul><li>cryptography has usually involved the creation and sharing of a secret key for the encryption and decryption of messages. </li></ul><ul><li>A public key infrastructure consists of: </li></ul>PKI Certificate authority (CA) Registration authority (RA) Directories Certificate management system Issues and verifies digital certificates Verifies the certificate authority Hold the certificate with their public keys Manage and control all these things
  19. 19. <ul><li>How Do Public and Private Keys Work? </li></ul><ul><li>A public and private key are created simultaneously by a certificate authority (CA). </li></ul><ul><li>The private key is given only to the requesting party and the public key is made publicly available in a directory that all parties can access. </li></ul><ul><li>Step 1:- When a sender sends an encrypted message to receiver then it uses the public key of receiver to encrypt the message. </li></ul><ul><li>Step 2:- Sender sends an encrypted signature by using private key of sender. </li></ul><ul><li>Step 3:- When a receiver receives an encrypted message from the sender then it uses its private key of receiver to decrypt the message. </li></ul><ul><li>(authentication of receiver) </li></ul><ul><li>Step 4:- Decrypt an encrypted signature by using sender’s public key . </li></ul><ul><li>(Authentication of sender). </li></ul>
  20. 20. <ul><li>Authentication vs. Authorization </li></ul><ul><li>Similarity:- </li></ul><ul><li>Both are the two interrelated security concepts. </li></ul><ul><li>Differences:- </li></ul><ul><li>1. Authentication is a process of identifying a user. </li></ul><ul><li>Authorization is a process of verifying authority of a user to use the resources. </li></ul><ul><li>2. Authorization occurs after successful authentication . </li></ul>
  21. 21. <ul><li>Advantages of M/A for Wireless Communication </li></ul><ul><li>It guarantees authenticity of both parties within the same communication session. </li></ul><ul><li>The method is easy to implement since both parties share the same set of algorithm and it is achieved by exchanging two consecutive one-time passwords. </li></ul><ul><li>It is useless for a malicious third party to steal a used one-time password because the one-time password has already expired after a single use. </li></ul><ul><li>The overall scheme provides a high level of security and robustness .  </li></ul><ul><li>Minimum knowledge is exchanged during authentication. </li></ul>
  22. 22. <ul><li>Limitations of M/A for Wireless Communication </li></ul><ul><li>Its Coding is complex , requiring extensive testing and verification of the protocol. </li></ul><ul><li>  </li></ul><ul><li>Policy must prevent compromise of hash function and user password. </li></ul><ul><li>  </li></ul><ul><li>A protocol with minimum preliminary knowledge to provide mutual authentication. </li></ul><ul><li>  </li></ul><ul><li>A zero-knowledge proof for authentication of each user. </li></ul><ul><li>  </li></ul><ul><li>Widest range of protocol implementation over varying operating systems. </li></ul>
  23. 23. <ul><li>CONCLUSIONS </li></ul><ul><li>Thus we have seen that 2 individuals can authenticate each other by mutual authentication. The method provides a very high security from external malicious users and protocols. The process is simple and highly secure because minimum knowledge is exchanged during authentication. Once when Authentication has been established by two entities they authorize each other to access their resources up to a limit . </li></ul>
  24. 24. <ul><li>REFERENCES </li></ul><ul><li>Websites </li></ul><ul><li> </li></ul><ul><li> </li></ul><ul><li> </li></ul><ul><li> </li></ul><ul><li> </li></ul><ul><li> </li></ul><ul><li> </li></ul><ul><li> </li></ul><ul><li>Books </li></ul><ul><li>Mutual authentication in wireless networks – Richarad R Joos </li></ul><ul><li>Authentication and security protocol for mobile computing – Yuliang Zheng </li></ul><ul><li>Security issues in Mobile computing – N Asokan </li></ul>
  25. 25. <ul><li>THANK YOU </li></ul>