![USER REGISTRATION AND CLIENT-SERVER AUTHENTICATION
PROTOCOL
1. Sending timestamps along with user name and
passwords.
2. Server replies with a ‘Hello’ along with a T2
encrypted with public key of the client.
3. Key Establishment and Authentication happens in
a Diffie Hellman Exchange.
4. Password Hashes and User list is forwarded from
the server to the client along with message
integrity and authentication.
(u_name, pwd) : T1
{ga, T2+1}S, {N1}S
{gs(+) (N1+1)}A
Hello, {T2}A
{R1}gas
{R1+1}gas, {R2}gas
{R2 – 1}gas
A S
g,p,a,kS s,g,p, KA
[Pwd, N] gas, [H(pwd)] gas
[H(u_list)] gas, [u_list] gas](https://image.slidesharecdn.com/finalprojectslides-170702194659/85/Secure-messaging-using-PKI-4-320.jpg)
Uploaded bywolverinetyagi
Secure messaging using PKI
1. The document describes a client-server authentication protocol that uses mutual authentication and key establishment between a client and server. 2. It involves the client sending a username and timestamp to the server, which responds with an encrypted challenge. They then perform Diffie-Hellman key exchange to establish a shared key. 3. The protocol specifications include using asymmetric encryption for challenges, SHA-256 for integrity, and restricting usernames and passwords to 8 bytes.
Secure messaging using PKI
- 1. By: Anuj Tyagi Anshul Jain RahulKulkarni
- 2. ARCHITECHTURE • Client –Server System Server Client A Client BMutual Authentication Shared Key generation
- 3. USER REGISTRATION ANDCLIENT-SERVER AUTHENTICATION PROTOCOL ASSUMPTIONS • Server holds the public key of all the Clients along with its own public key and shard key is generated to be used with respective clients. • Server has a list of Registered Usernames and Passwords. • Client is aware of server’s registration connection port and ip. • Client sends the user name and challenge in its first contact with the server as an argument.
- 4. USER REGISTRATION ANDCLIENT-SERVER AUTHENTICATION PROTOCOL 1. Sending timestamps along with user name and passwords. 2. Server replies with a ‘Hello’ along with a T2 encrypted with public key of the client. 3. Key Establishment and Authentication happens in a Diffie Hellman Exchange. 4. Password Hashes and User list is forwarded from the server to the client along with message integrity and authentication. (u_name, pwd) : T1 {ga, T2+1}S, {N1}S {gs(+) (N1+1)}A Hello, {T2}A {R1}gas {R1+1}gas, {R2}gas {R2 – 1}gas A S g,p,a,kS s,g,p, KA [Pwd, N] gas, [H(pwd)] gas [H(u_list)] gas, [u_list] gas
- 5. Specifications • Size ofR1 = 8 bytes. • Restrict the user name and password to 8 bytes in length. • Asymmetric Encryption is used for solving challenges. • SHA-256 is used for message integrity.
- 6. MUTUAL AUTHENTICATION ANDKEY ESTABILSHMENT PROTOCOL Assumptions • Server holds the public key of all the Clients along with its own public key and shared key with each of its clients. • Usage of NONCE assuming each NONCE is difficult to replicate by any outsider. • Authentication and Key Establishment occurs between active clients only. • Diffie Hellman Keys are dropped once a session is complete between any two clients.
- 7. MUTUAL AUTHENTICATION ANDKEY ESTABILSHMENT PROTOCOL u_name, T1 {ga, T2+1}S, {N1}S {gS(+) (N1+1)}A Hello, {T2}A {R1}gas {R1+1}gas, {R2}gas {R2 – 1}gas A S g,p,a,kS s,g,p, KA
- 8. Specifications • Size ofN1 = 8 bytes. • Restrict the user name and password to 8 bytes in length. • ‘a’ -> private key for Diffie Hellman Exchange. • ‘g’ -> function to calculate shared key • ‘p’ -> Large Prime Number used in Diffie Hellman Exchange. • Asymmetric Encryption is used for solving challenges. • SHA-256 is used for message integrity.
- 9. Safety and Integrity •Reflection Attacks • Man In the Middle Attack • Replay Attack
- 10. Peer to PeerCommunication User A User B KAB { T1, Message1} KAB { T2, Message2} KAB = gab mod p T1 = Timestamp
- 11. Logout process User AUser B Logout, KAB {UserA, T1} KAB { T2} KAB = Symmetric Key T1 = Timestamp