Different types of Authentications described in different scenarios. Basically a survey paper on Different kinds of authentications in different scenarios.
Security Flows and Improvement of a Recent Ultra Light-Weight RFID Protocol ijujournal
In this paper, we analyze the security vulnerabilities of SSL-MAP, an ultra-lightweight RFID mutual
authentication protocol recently proposed by Rama N, Suganya R. We present two effective attacks, a desynchronization attack and a full-disclosure attack, against this protocol. The former permanently disables
the authentication capability of a RFID tag by destroying synchronization between the tag and the RFID
reader. The latter completely threats a tag by extracting all the secret information that are stored in the
tag. The de-synchronization attack can be carried out in three round of interaction in SSL-MAP while the
full-disclosure attack is accomplished across several runs of SSL-MAP. We also discuss ways to counter
the attacks.
AN EFFICIENT AND SECURE DIGITAL MULTI-SIGNATURE PROTOCOL BASED ON ECCijcisjournal
Digital Signatures play a crucial role today as it ensures authentication, integrity and non-repudiation of a digital message. Many researches are ongoing based on elliptic curve cryptography due to its significant high performance. In this paper we propose an efficient and secure digital multi-signature protocol based on elliptic curve cryptography. The proposed protocol is efficient with reduced time complexity as compared to Chen et al.[14], Sahu and Sharma [18] and Chande and Thakur’s [20] digital multi-signature schemes. Also the proposed protocol overcomes the insider attack as specified by Liu et al. [19] in the Chen et.al’s digital multi-signature scheme.
Introduction to Public key Cryptosystems with block diagrams
Reference : Cryptography and Network Security Principles and Practice , Sixth Edition , William Stalling
Security Flows and Improvement of a Recent Ultra Light-Weight RFID Protocol ijujournal
In this paper, we analyze the security vulnerabilities of SSL-MAP, an ultra-lightweight RFID mutual
authentication protocol recently proposed by Rama N, Suganya R. We present two effective attacks, a desynchronization attack and a full-disclosure attack, against this protocol. The former permanently disables
the authentication capability of a RFID tag by destroying synchronization between the tag and the RFID
reader. The latter completely threats a tag by extracting all the secret information that are stored in the
tag. The de-synchronization attack can be carried out in three round of interaction in SSL-MAP while the
full-disclosure attack is accomplished across several runs of SSL-MAP. We also discuss ways to counter
the attacks.
AN EFFICIENT AND SECURE DIGITAL MULTI-SIGNATURE PROTOCOL BASED ON ECCijcisjournal
Digital Signatures play a crucial role today as it ensures authentication, integrity and non-repudiation of a digital message. Many researches are ongoing based on elliptic curve cryptography due to its significant high performance. In this paper we propose an efficient and secure digital multi-signature protocol based on elliptic curve cryptography. The proposed protocol is efficient with reduced time complexity as compared to Chen et al.[14], Sahu and Sharma [18] and Chande and Thakur’s [20] digital multi-signature schemes. Also the proposed protocol overcomes the insider attack as specified by Liu et al. [19] in the Chen et.al’s digital multi-signature scheme.
Introduction to Public key Cryptosystems with block diagrams
Reference : Cryptography and Network Security Principles and Practice , Sixth Edition , William Stalling
Novel Algorithm For Encryption:Hybrid of Transposition and Substitution MethodIDES Editor
This paper presents an algorithm which is hybrib of
Transposition and Substitution method.The main advantage
of this approach is ,it doesn’t use any key from outside because
key is present within the original message.Due to this the
main problem of exchanging keys securely is solved.Both Transposition
and Substitution method have their own limitations.So
we use both these method so that the resultant cipher is more
secure and strong.
A PAIRING-FREE IDENTITY BASED TRIPARTITE SIGNCRYPTION SCHEMEijcisjournal
The certificate-based cryptosystems is traditional way in providing the system parameters. Identity-based
cryptography is more efficient than certificate-based cryptosystems. Each user in identity-based
cryptography uses any arbitrary string that uniquely identifies him as his public key. This paper proposes
a new identity-based tripartite signcryption scheme based on the elliptic curve discrete logarithm problem.
The proposed id-based tripartite signcryption scheme does not use the bilinear pairings in both the
Signcryption and unsigncryption phases. The proposed scheme used to reduce the communication over
head when three entities wants to communicate securely as in authentication protocol in GSM and in ecommerce.
The proposed scheme satisfies various desirable security properties. Also, the performance of
the proposed scheme is tested.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Ciphertext policy Attribute based Encryption with anonymous access policy ijp2p
In Ciphertext Policy Attribute based Encryption scheme, the encryptor can fix the policy, who can decrypt
the encrypted message. The policy can be formed with the help of attributes. In CP-ABE, access policy is
sent along with the ciphertext. We propose a method in which the access policy need not be sent along
with the ciphertext, by which we are able to preserve the privacy of the encryptor. The proposed
construction is provably secure under Decision Bilinear Diffe-Hellman assumption.
Elgamal signature for content distribution with network codingijwmn
Network coding is a slightly new forwarding technique which receives various applications in traditional
computer networks, wireless sensor networks and peer-to-peer systems. However, network coding is
inherently vulnerable to pollution attacks by malicious nodes in the network. If any fake node in the
network spreads polluted packets, the pollution of packets will spread quickly since the output of (even an)
honest node is corrupted if at least one of the incoming packets is corrupted. There have been adapted a
few ordinary signature schemes to network coding that allows nodes to check the validity of a packet
without decoding. In this paper, we propose a scheme uses ElGamal signature in network coding. Our
scheme makes use of the linearity property of the packets in a coded system, and allows nodes to check the
integrity of the packets received easily.
Key Management, Diffie-Hellman Key Exchange, Elliptic Curve Arithmetic, Elliptic Curve
Cryptography, Message Authentication and Hash Functions, Hash and MAC Algorithms
Digital Signatures and Authentication Protocols
Novel Algorithm For Encryption:Hybrid of Transposition and Substitution MethodIDES Editor
This paper presents an algorithm which is hybrib of
Transposition and Substitution method.The main advantage
of this approach is ,it doesn’t use any key from outside because
key is present within the original message.Due to this the
main problem of exchanging keys securely is solved.Both Transposition
and Substitution method have their own limitations.So
we use both these method so that the resultant cipher is more
secure and strong.
A PAIRING-FREE IDENTITY BASED TRIPARTITE SIGNCRYPTION SCHEMEijcisjournal
The certificate-based cryptosystems is traditional way in providing the system parameters. Identity-based
cryptography is more efficient than certificate-based cryptosystems. Each user in identity-based
cryptography uses any arbitrary string that uniquely identifies him as his public key. This paper proposes
a new identity-based tripartite signcryption scheme based on the elliptic curve discrete logarithm problem.
The proposed id-based tripartite signcryption scheme does not use the bilinear pairings in both the
Signcryption and unsigncryption phases. The proposed scheme used to reduce the communication over
head when three entities wants to communicate securely as in authentication protocol in GSM and in ecommerce.
The proposed scheme satisfies various desirable security properties. Also, the performance of
the proposed scheme is tested.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Ciphertext policy Attribute based Encryption with anonymous access policy ijp2p
In Ciphertext Policy Attribute based Encryption scheme, the encryptor can fix the policy, who can decrypt
the encrypted message. The policy can be formed with the help of attributes. In CP-ABE, access policy is
sent along with the ciphertext. We propose a method in which the access policy need not be sent along
with the ciphertext, by which we are able to preserve the privacy of the encryptor. The proposed
construction is provably secure under Decision Bilinear Diffe-Hellman assumption.
Elgamal signature for content distribution with network codingijwmn
Network coding is a slightly new forwarding technique which receives various applications in traditional
computer networks, wireless sensor networks and peer-to-peer systems. However, network coding is
inherently vulnerable to pollution attacks by malicious nodes in the network. If any fake node in the
network spreads polluted packets, the pollution of packets will spread quickly since the output of (even an)
honest node is corrupted if at least one of the incoming packets is corrupted. There have been adapted a
few ordinary signature schemes to network coding that allows nodes to check the validity of a packet
without decoding. In this paper, we propose a scheme uses ElGamal signature in network coding. Our
scheme makes use of the linearity property of the packets in a coded system, and allows nodes to check the
integrity of the packets received easily.
Key Management, Diffie-Hellman Key Exchange, Elliptic Curve Arithmetic, Elliptic Curve
Cryptography, Message Authentication and Hash Functions, Hash and MAC Algorithms
Digital Signatures and Authentication Protocols
Personal time management skills are essential for professional success in any workplace. Those able to successfully implement time management strategies are able to control their workload rather than spend each day in a frenzy of activity reacting to crisis after crisis - stress declines and personal productivity soars! These highly effective individuals are able to focus on the tasks with the greatest impact to them and their organization. .
In Computer Graphics, Hidden surface determination also known as Visible Surface determination or hidden surface removal is the process used to determine which surfaces
of a particular object are not visible from a particular angle or particular viewpoint. In this scribe we will describe the object-space method and image space method. We
will also discuss Algorithm based on Z-buffer method, A-buffer method, and Scan-Line Method.
Computer malfunctions can range from a minor setting that is incorrect, to spyware, viruses, and as far as replacing hardware and an entire operating system.
While computer hardware configurations vary widely, a "Computer OEM & Repair" technician will work with five general categories of hardware; desktop computers, laptops, servers, computer clusters and smartphones / mobile computing. Technicians also work with and occasionally repair a range of peripherals, including input devices (like keyboards, mice, and scanners), output devices (like displays, printers, and speakers), and data storage devices such as internal and external hard drives and disk arrays. Technicians involved in system administration might also work with networking hardware, including routers, switches, fiber optics, and wireless networks. OEM= Original Equipment Manufacturer.
Client server computing in mobile environments part 2Praveen Joshi
Client server computing in mobile environments. Versatile, Message based, Modular Infrastructure intended to improve usability, flexibility, interoperability and scalability as compared to Centralized, Mainframe, time sharing computing.
Intended to reduce Network Traffic.
Communication is using RPC or SQL
This paper analyzes vulnerabilities of the SSL/TLS
Handshake
protocol
, which
is
responsible
for
authentication of
the parties in the
communication
and
negotiation of
security parameters
that
will be used
to protect
confidentiality and
integrity of the
data
. It
will
be
analyzed the
attacks
against the implementation of Handshake
protocol, as well as the
attacks against the other
elements
necessary to SSL/TLS protocol to discover security
flaws that were exploited, modes of
attack, the potential consequences, but also studyi
ng methods of defense
.
All versions of the
protocol are going to be the subject of the researc
h but
emphasis will be placed
on the critical
attack that
the most endanger the safety of data.
The goal of
the research
is
to point out the
danger of
existence
of at least
vulnerability
in the SSL/TLS protocol
, which
can be exploited
and
endanger the safety of
the data
that should be protected.
This paper analyzes vulnerabilities of the SSL/TLS Handshake protocol, which is responsible for authentication of the parties in the communication and negotiation of security parameters that will be used to protect confidentiality and integrity of the data. It will be analyzed the attacks against the implementation of Handshake protocol, as well as the attacks against the other
elements necessary to SSL/TLS protocol to discover security flaws that were exploited, modes of
attack, the potential consequences, but also studying methods of defense. All versions of the
protocol are going to be the subject of the research but emphasis will be placed on the critical attack that the most endanger the safety of data. The goal of the research is to point out the
danger of existence of at least vulnerability in the SSL/TLS protocol, which can be exploited and endanger the safety of the data that should be protected.
AN EFFICIENT GROUP AUTHENTICATION FOR GROUP COMMUNICATIONSIJNSA Journal
Group communication implies a many-to-many communication and it goes beyond both one-to-one communication (i.e., unicast) and one-to-many communication (i.e., multicast). Unlike most user authentication protocols that authenticate a single user each time, we propose a new type of authentication, called group authentication, that authenticates all users in a group at once. The group authentication protocol is specially designed to support group communications. There is a group manager who is responsible to manage the group communication. During registration, each user of a group obtains an unique token from the group manager. Users present their tokens to determine whether they all belong to the same group or not. The group authentication protocol allows users to reuse their tokens without compromising the security of tokens. In addition, the group authentication can protect the identity of each user.
AN EFFICIENT GROUP AUTHENTICATION FOR GROUP COMMUNICATIONSIJNSA Journal
Group communication implies a many-to-many communication and it goes beyond both one-to-one
communication (i.e., unicast) and one-to-many communication (i.e., multicast). Unlike most user
authentication protocols that authenticate a single user each time, we propose a new type of authentication,
called group authentication, that authenticates all users in a group at once. The group authentication
protocol is specially designed to support group communications. There is a group manager who is
responsible to manage the group communication. During registration, each user of a group obtains an
unique token from the group manager. Users present their tokens to determine whether they all belong to
the same group or not. The group authentication protocol allows users to reuse their tokens without
compromising the security of tokens. In addition, the group authentication can protect the identity of each
user.
SYMMETRIC-KEY BASED PRIVACYPRESERVING SCHEME FOR MINING SUPPORT COUNTSacijjournal
In this paper we study the problem of mining support counts using symmetric-key crypto which is more
efficient than previous work. Consider a scenario that each user has an option (like or unlike) of the
specified product, and a third party wants to obtain the popularity of this product. We design a much more
efficient privacy-preserving scheme for users to prevent the loss of the personal interests. Unlike most
previous works, we do not use any exponential or modular algorithms, but we provide a symmetric-key
based method which can also protect the information. Specifically, our protocol uses a third party that
generates a number of matrixes as each user’s key. Then user uses these key to encrypt their data which is
more efficient to obtain the support counts of a given pattern.
A Survey of Source Authentication Schemes for Multicast transfer in Adhoc Net...ijsrd.com
An adhoc network is a collection of autonomous nodes with dynamically changing infrastructure. Multicast is a good mechanism for group communication. It can be used in the group oriented applications like video/audio conference, interactive group games, video on demand etc. The security problems obstruct the large deployment of the multicast communication model. Multicast data origin authentication is the main component in the security architecture. The authentication schemes should scalable and efficient against packet loss. In this article we discuss varies authentication scheme for multicast data origin with their advantage and disadvantage
Similar to Authentication in Different Scenarios (20)
How to Create Map Views in the Odoo 17 ERPCeline George
The map views are useful for providing a geographical representation of data. They allow users to visualize and analyze the data in a more intuitive manner.
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
The Roman Empire A Historical Colossus.pdfkaushalkr1407
The Roman Empire, a vast and enduring power, stands as one of history's most remarkable civilizations, leaving an indelible imprint on the world. It emerged from the Roman Republic, transitioning into an imperial powerhouse under the leadership of Augustus Caesar in 27 BCE. This transformation marked the beginning of an era defined by unprecedented territorial expansion, architectural marvels, and profound cultural influence.
The empire's roots lie in the city of Rome, founded, according to legend, by Romulus in 753 BCE. Over centuries, Rome evolved from a small settlement to a formidable republic, characterized by a complex political system with elected officials and checks on power. However, internal strife, class conflicts, and military ambitions paved the way for the end of the Republic. Julius Caesar’s dictatorship and subsequent assassination in 44 BCE created a power vacuum, leading to a civil war. Octavian, later Augustus, emerged victorious, heralding the Roman Empire’s birth.
Under Augustus, the empire experienced the Pax Romana, a 200-year period of relative peace and stability. Augustus reformed the military, established efficient administrative systems, and initiated grand construction projects. The empire's borders expanded, encompassing territories from Britain to Egypt and from Spain to the Euphrates. Roman legions, renowned for their discipline and engineering prowess, secured and maintained these vast territories, building roads, fortifications, and cities that facilitated control and integration.
The Roman Empire’s society was hierarchical, with a rigid class system. At the top were the patricians, wealthy elites who held significant political power. Below them were the plebeians, free citizens with limited political influence, and the vast numbers of slaves who formed the backbone of the economy. The family unit was central, governed by the paterfamilias, the male head who held absolute authority.
Culturally, the Romans were eclectic, absorbing and adapting elements from the civilizations they encountered, particularly the Greeks. Roman art, literature, and philosophy reflected this synthesis, creating a rich cultural tapestry. Latin, the Roman language, became the lingua franca of the Western world, influencing numerous modern languages.
Roman architecture and engineering achievements were monumental. They perfected the arch, vault, and dome, constructing enduring structures like the Colosseum, Pantheon, and aqueducts. These engineering marvels not only showcased Roman ingenuity but also served practical purposes, from public entertainment to water supply.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxEduSkills OECD
Andreas Schleicher presents at the OECD webinar ‘Digital devices in schools: detrimental distraction or secret to success?’ on 27 May 2024. The presentation was based on findings from PISA 2022 results and the webinar helped launch the PISA in Focus ‘Managing screen time: How to protect and equip students against distraction’ https://www.oecd-ilibrary.org/education/managing-screen-time_7c225af4-en and the OECD Education Policy Perspective ‘Students, digital devices and success’ can be found here - https://oe.cd/il/5yV
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
How to Split Bills in the Odoo 17 POS ModuleCeline George
Bills have a main role in point of sale procedure. It will help to track sales, handling payments and giving receipts to customers. Bill splitting also has an important role in POS. For example, If some friends come together for dinner and if they want to divide the bill then it is possible by POS bill splitting. This slide will show how to split bills in odoo 17 POS.
Overview on Edible Vaccine: Pros & Cons with Mechanism
Authentication in Different Scenarios
1. CS 542: Distributed Systems
Term Paper
Authentication Protocol in Different Scenarios
By:
Rajkumar Singh (09010138) Abhinav Sonker(09010102)
email: s.rajkumar@iitg.ernet.in email:a.sonker@iitg.ernet.in
Under the Supervision of:
Professor Diganata Goswami
email: dgoswami@iitg.ernet.in
Department of Computer Science and Engineering
Indian Institute of Technology, Guwahati
11th Nov, 2012
1
2. 1 Introduction
The last few decades have seen an enormous increase in the development and use of networked and distributed
systems, providing increased functionality to th the user and more efficient use of resources. To obtain the
benefits of such systems parties will cooperate by exchanging messages over networks. These parties may be
users, hosts or processes, they are generally referred to as principals in authentication literature.
Principals use the messages received together with certain modelling assumptions about the behaviour of
other principals to make decisions on how to act. These decisions depend crucially on what validity can be
assumed of messages that they receive. Loosely speaking, when we receive a message we want to be sure that
it has been created recently and in good faith for a particular purpose by the principal who claims to have
sent it. We must be able to detect when a message has been created or modified by a malicious principal or
intruder with access to the network or when a message was issued some time ago (or for a different purpose)
and is currently being replayed on the network.
An authentication protocol is a sequence of message exchanges between principals that either distributes
secrets to some of those principals or allows the use of some secret to be recognized. At the end of the protocol
the principals involved may deduce certain properties about the system; for example, that only certain princi-
pals have access to particular secret information (typically cryptographic keys) or that a particular principal
is operational. They may then use this information to verify claims about subsequent communication, for
example, a received message encrypted with a newly distributed key must have been created after distribution
of that key and so is timely.
A considerable number of authentication protocols have been specified and implemented. The area is,
however, remarkably subtle and many protocols have been shown to be flawed a long time after they were
published. The Needham Schroeder Conventional Key Protocol was published in 1978 and became the basis
for many similar protocols in later years. In 1981, Denning and Sacco demonstrated that the protocol was
flawed and proposed an alternative protocol. This set the general trend for the field. The authors of both
papers suggested other protocols based on public key cryptography. In 1994 Martin Abadi demonstrated that
the public key protocol of Denning and Sacco was flawed. In 1995, Lowe demonstrated an attack on the public
key 5 protocol of Needham and Schroeder (seventeen years after its publication). In the intervening years a
whole host of protocols have been specified and found to be flawed (as demonstrated in this report).
This report describes what sorts of protocols have been specified and outlines what methods have been
used to analyse them. In addition, it provides a summary of the ways in which protocols have been found
to fail. There is a large amount of material in the field and the main body of this document is intended as
a concise introduction to and survey of the field. Some types of protocol are given little detailed attention,
particularly those which rely on number-theoretic properties for their security. It is envisaged that future
editions of this report will provide a complete coverage. An annotated bibliography is included to guide the
reader. Since authentication relies heavily on encryption and decryption to achieve its goals we also provide
a brief review of elements of cryptography.
2 Protocol Types
In this section we provide an overview of various forms of authentication protocol in use today. At the highest
level we have categorised them according to the principal cryptographic approach taken, i.e. symmetric key or
public key. We distinguish also between those that use (one or more) trusted third parties to carry out some
agreed function and those that operate purely between two communicating principals that wish to achieve some
mode of authentication. There are further distinctions that can be made: the number of messages involved
in the protocols (e.g. one-pass, two-pass, three-pass etc.) and whether one principal wishes to convince the
second of some matter (one-way or unilateral authentication) or whether both parties wish to convince each
other of something (two-way or mutual authentication).
2
3. 2.1 Symmetric Key Without Trusted Third Party
Perhaps the simplest(and yet effective) example in this class is the ISO One-pass Symmetric Key Unilateral
Authentication Protocol. It consists of the single message:
A → B : T ext2, E(Kab : [T a|N a], B, T ext1) (1)
Here the text fields shown are optional; their use is implementation specific (and we shall ignore them
in this discussion). We can see that the claimant A (i.e. the one who wishes to prove something) sends an
encrypted message containing a nonce and the identifier of the verifier (i.e. the principal to whom the claim
is made). The nonce may be a time-stamp Ta or a sequence number Na depending on the capabilities of the
environment and the communicating principals. On receiving this message, B, who believes that the key Kab
is known only to himself and A, may deduce that A has recently sent this message if the sequence number
is appropriate or if the time-stamp has a recent value. Note here that if a malicious principal has unfettered
access to the network medium then use of sequence numbers will be insufficient (since he can record message
(1), prevent B from receiving it, and replay it to B at a later time).
The best-known protocols that do not use a trusted third party are simple challenge-response mechanisms.
One principal A issues data to a second principal B. B then carries out some transformation and sends the
result to A who checks to see if the appropriate transformation has occurred. Figure 1 shows a simple challenge-
response protocol. In this case the nonce Na should be random. If the nonce were a sequence number, or were
otherwise predictable, a malicious principal could issue the next nonce value to B and record the response.
When A genuinely issued the same nonce value at a later date the intruder could replay B s earlier response
to complete the protocol. A could conclude only that the message he receives was created at some time by B
(but not necessarily in response to his most recent challenge).
Figure 1: Challenge Response Protocol
There are other variations on the challenge-response theme. Sometimes the challenge is encrypted, sometimes
not; sometimes it is random, sometimes predictable(but never before user). Gong highlights many issues
associated with the use of nonces for such purposes.
The ISO Two-Pass Unilateral Authentication Protocol is described later in this document. The ISO Two-
and Three-Pass Mutual Authentication Protocols are described in further sections.
Another approach to ensuring authenticity uses cryptographic check functions. Essentially, a message is
sent together with some summary or digest calculated using a hash function using a shard key.
2.2 Symmetric Key With Trusted Third Party
Symmetric key protocols that use a trusted third party (TTP) are by far the most numerous in the literature.
The most celebrated protocol of all time, the Needham Schroeder Symmetric Key Authentication protocol is
described as follows:
(1)A → S : A, B, N a
(2)S → A : E(Kas : N a, B, Kab, E(Kbs : Kab, A))
3
4. (3)A → B : E(Kbs : Kab, A)
(4)B → A : E(Kab : N b)
(5)A → B : E(Kab : N b − 1)
In this protocol A requests from the server S a key to communicate with B. He includes a random nonce
Na generated specially for this run of the protocol. This nonce will be used by A to ensure that message (2)
is timely. S creates a key Kab and creates message (2). Only A can decrypt this message successfully since he
possesses the key Kas. In doing so he will obtain the key Kab and check that the message contains the nonce
Na. A passes on to B the encrypted message component E(Kbs : Kab A) as message (3).
Principal B decrypts this message to discover the key Kab and that it is to be used for communication
with A. He then generates a nonce Nb, encrypts it (using the newly obtained key), and sends the result to A
as message (4).
Principal A, who possesses the appropriate key Kab , decrypts it, forms Nb 1, encrypts it and sends the
result back to B as message (5). B decrypts this and checks the result is correct. The purpose of this exchange
is to convince B that A is genuinely operational (and that message 3 was not simply the replay of an old
message).
At the end of a correct run of the protocol, both principals should be in possession of the secret key Kab
newly generated by the server S and should believe that the other principal has the key. Rather, this is what
the protocol is intended to achieve. People have shown that it is an fact falwed. Many other protocols that
have used a trusted third party to generate and distribute keys in a similar way.
2.3 Public Key
Protocols using public key cryptography find numerous applications in authentication but the speed of encryp-
tion and decryption using public key algorithms has prevented their widespread use for general communication;
for example, Schneier states that RSA encryption is about 100 times slower than DES when both are imple-
mented in software (the fastest hardware implementation of RSA has a throughput of 64 Kbaud). However,
exchanging symmetric encryption keys using public key cryptography provides an excellent use of the tech-
nology and several such distribution schemes have been created.
Needham and Schroeder proposed the following protocol in their classic work:
(1)A → S : A, B
(2)S → A : E(Ks−1 : Kb, B)
(3)A → B : E(Kb : N a, A)
(4)B → S : B, A
(5)S → B : E(Ks−1 : Ka, A)
(6)B → A : E(Ka : N a, N b)
(7)A → A : E(Kb : N b)
The certification authoritys public key is generally assumed known to the principals. Messages (1), (2) and
(5), (6) are used by A and B to obtain each others public keys. Message (3) is encrypted under B s public
key and so can only be decrypted successfully by B. It contains a challenge Na together with A s identifier. B
decrypts this to obtain the challenge, forms a challenge of his own Nb and encrypts both challenges under A s
public key and sends the result as message (6). A then decrypts message (6). Since only B could have obtained
the information necessary to send this message A knows that B is operational and has just responded to his
recent challenge. A then encrypts B s challenge Nb using Bs public key Kb and sends message (7). B then
decrypts and checks that it contains his challenge and concludes that A is operational and indeed initiated
the protocol. This Protocol and reasoning above has only recently been shown to be flawed.
4
5. 2.4 Challenge Handshake Authentication Protocol
This is a secret key authentication method. This method of authentication is required (a MUST implent
to allow in-teroperability) by the iSCSI specification. The iSCSI specification specifies requirements to make
CHAP effective against current security threats. Those same iSCSI specifications for CHAP usage are required
by Fibre Channel interfaces.
When CHAP is performed over a non-encrypted channel, it is vulnerable to an offline dictionary attack.
Implementations shall support shared secrets of at least 96 bits unless encryption is used as specified with
the use of the ESP optional header. All secrets shall be machine generated using random generation techniques.
The secret should be at least the length of the hash value for the hashing algorithm chosen. Therefore,
when using MD5 the shared secret shall be at least 128 bits long. MD5 shall be supported. Other hash
algorithms may be supported such as SHA-1.
Besides a shared secret, CHAP requires use of a challenge and a response to the challenge. A unique
challenge value should be used each time by each initiator, to prevent reflection (i.e., playback) attacks. When
both entities authenticate each other it is called bidirectional authentication. Bi-directional authentication
shall be supported.
2.4.1 Switch to Switch
Secrets shall be sent in an encrypted form when transmitted over a link. Alternatively, a central server, can
be used to examine all challenge and response values.
2.4.2 Nx Port to Fabric
Secrets shall be sent in an encrypted form when transmitted over a link. Alternatively, a central server can
be used to examine all challenge and response values.
2.4.3 Nx port to Nx port
CHAP requires the secret be available in plain text form to the challenger or a central server. To avoid sending
the secret over other links in the network, it is typical that the challenge and response values be examined at
a central server, rather than each SAN attached device. If no central server is used, the secret shall be sent to
each Nx port in an encrypted form. Either case requires a trusted relationship. In addition, it is advisable to
not store the secret in plain text. A central server architecture to hold secrets would allow easier protection
of the information stored.
3 Authentication in vehicular ad hoc networks
3.1 Public Key Infrastructure (PKI)
The Public Key Infrastructure is widely used in VANET systems to ensure user validity. The Public Key
Infrastructure is based on the concept of asymmetric key cryptography. The PKI has two different types of
keys.
1 Public Key.
2 Private Key.
5
6. 3.2 TESLA
TESLA is an acronym for ”Timed Efficient Stream Loss-Tolerant Authentication. It is used as an authen-
tication method for multi-cast and broadcast network communications. In VANET systems, PKI is not the
only option to confirm User Authentication. There is a completely different technique called TESLA which
provides an efficient alternative to signatures.
Instead of using Asymmetric Cryptography, TESLA uses symmetric cryptography with delayed key disclo-
sure (which provides the necessary element of ”asymmetry”) to prove that the sender was the authenticated
source of the message. In other words, we can describe TESLA as a lightweight broadcast authentication
mechanism. TESLA performs broadcast authentication mechanism in the same manner and applies the same
approach that is applied in the unicast authentication mechanism.
4 Cookie-Based Authentication Scenarios
Different organizations set up cookie-based authentication rules for the Google Search Appliance’s Universal
Login in a variety of different ways. The selections that you, as a search appliance administrator, make by
using the Admin Console depend on your system’s capabilities and your organization’s requirements.
For example, an organization might have a relatively simple system where, when a user does not have the
correct credentials for a content server, the content server redirects the search appliance to a login system for
log in, then the login system’s server redirects the search appliance back to the content server after login.
4.1 Silent Authentication
With silent authentication, users are authenticated without being directed to a login page. Inbound cookie
forwarding from the content server to the search appliance can provide silent authentication without a verified
identity, if the sample URL check passes. If you require a verified identity, then silent authentication can only
be achieved with cookie cracking.
4.1.1 Cookie Cracking
Your system might require a verified user name and/or group, for example to use with authorization by means
of policy ACLs, SAML, or connectors. One way of getting a verified user name and/or group in addition to
silent authentication is to configure the sample URL’s content server for cookie cracking.
With cookie cracking, if a sample URL check for user credentials is successful, the sample URL’s content
server generates the following response HTTP headers in addition to the standard headers:
X − U sername : value
X − Groups : value1, value2
where value becomes a verified identity for the credential group that is associated with the sample URL.
The effect of the response header is that it has ”cracked” open the cookie and revealed the username
and/or group. To use cookie cracking, the administrator of the content server must modify the server so that
it returns the appropriate response header
4.2 Using Quoted-Printable Encoding in Response Headers
If special characters are used in an X-Groups or X-Username HTTP response header, the header must be en-
coded in UTF-8 as quoted-printable. When the search appliance receives the response header, it attempts to
decode the UTF-8 quoted-printable encoding. For example, the search appliance crawls the following content,
6
7. which contains special characters:
<html>
<head>
<meta http−e q u i v=”Content−Type” c o n t e n t=” t e x t / html ; c h a r s e t=UTF−8”>
<meta name=”g o o g l e : a c l u s e r s ” c o n t e n t=” s p e c i a l ”/>
<meta name=”g o o g l e : a c l u s e r s ” c o n t e n t=” ”/>
<meta name=”g o o g l e : a c l g r o u p s ” c o n t e n t=” s p e c i a l −group”/>
</head>
<body>
H e l l o Man Wassup ! ! ˆ ˆ
</body>
</html>
Because the user ”special” and group ”special-group” include special characters, the following encoded
headers should be used:
X − U sername : sp = C3 = A9cial(f orspecial)
X − Groups : sp = C3 = A9cial − group(f orspecial − group)
Because the user ”special” and group ”special-group” include special characters, the following encoded
headers should be used:
X − U sername : sp = C3 = A9cial(f orspecial)
X − Groups : sp = C3 = A9cial − group(f orspecial − group)
5 Token Based Authentication
A token is a packet of data created by server, and contains information to identify a particular user and token
validity. The token will contain the user’s information, as well as a special token code that user can pass to the
server with every method that supports authentication, instead of passing a username and password directly.
Token-based authentication is a security technique that authenticates the users who attempt to log in to
a server, a network, or some other secure system, using a security token provided by the server.
An authentication is successful if a user can prove to a server that he or she is a valid user by passing a
security token. The service validates the security token and processes the user request.
After the token is validated by the service, it is used to establish security context for the client, so the
service can make authorization decisions or audit activity for successive user requests.
User passes their username and password to the server for the first time for authentication, and to obtain
a token which will allow them to access a specific resource on the server. Once the token has been obtained
from the server, user can offer this token to the server in subsequent requests (without passing username and
password), which offers access to a specific resource for a time period i.e. till the token expires.
6 Biometric Authentication
1. Introduction: Biometrics is a technology which uses physiological or behavioural characteristics to
identify or verify a person. Typical characteristics used for authentication include fingerprint, face, and
7
8. iris. A conventional biometric authentication system consists of two phases: enrolment and verification.
During the enrolment phase, a biometric feature set is extracted from users biometric data and a template
is created and stored. During the verification phase, the same feature extraction algorithm is applied
to query biometric data, and the resulting query feature set is used to construct a query template. The
query template is matched against the stored template(s) for authentication.
2. Principle: The conventional biometric authentication collects biometric data from an enrolling user
and extracts a biometric feature set from the biometric data; from the feature set a template is gener-
ated. Different from conventional biometric authentication approaches, during the enrolment phase, the
proposed approach selects a reference feature set (or extract a reference feature set from a Reference
Subject) and computes the difference between the users feature set and the reference feature set, then
from the difference generates a Bio-Capsule to uniquely represent the enrolling user (as. In the verication
phase, a query biometric feature set from a user and the same reference feature set are used to generate a
query Bio-Capsule which is compared against the registered Bio-Capsule). If the registered Bio-Capsule
and the query Bio-Capsule are within a certain distance, the user is successfully authenticated.
7 References
1. Biometric Based Authentication: a New Approach By Yan Sui, Xukai Zou and Yingzi Dut, at Proceed-
ings of 20th International Conference On Computer Communications and Networks, August 2011.
2. A survey on securing user authentication in vehicular ad hoc networks by Mrs. Arzoo Dahiya and Mr.
Vaibhav Sharma at National Conference on Recent Drifts, Break in ’Applied Sciences and its technology
for Innovation Management (NCRDBAIM)’.
3. http://developers.google.com/searchappliance/documentation/68/secure_search/secure_search_
cookieauthscenarios
4. http://developergeeks.com/article/18/introduction-to-token-based-authentication
8