Proposals of Authentication Token Cryptography-based Others Passwords Biometrics Graphical passwords 2-factor authentication Out of band authentication 11
Proposals of Authentication Token • Cryptography-based • Others • Passwords • Biometrics • Graphical passwords • 2-factor authentication • Out of band authentication Topic 3: User Authentication 112/3/2021
Cryptography-based Designs One-time passwords Each password is used only once Defend against adversary who can eavesdrop and later impersonate Challenge-response Send a response related to the password and a challenge Zero-knowledge proof of knowledge Prove knowledge of a value without revealing it (Out of scope) 12
Cryptography-based Designs • One-time passwords • Each password is used only once • Defend against adversary who can eavesdrop and later impersonate • Challenge-response • Send a response related to the password and a challenge • Zero-knowledge proof of knowledge • Prove knowledge of a value without revealing it (Out of scope) Topic 3: User Authentication 122/3/2021
One-Time Passwords(OTP Two parties share a list of one-time passwords Time synchronized OTP 35912喜 Example: MACK(t) where t is the RSA Secur|D⑤ current time b Using a hash chain (Proposed by Lamport) H(s),H(H(s),,,H15) 13 Use these hash values in reverse order
One-Time Passwords (OTP) • Two parties share a list of one-time passwords • Time synchronized OTP • Example: MACK(t) where t is the current time • Using a hash chain (Proposed by Lamport) • H(s), H(H(s)), …, H1000(s) • Use these hash values in reverse order Topic 3: User Authentication 132/3/2021
Leslie B Lamport The winner of the 2013 Turing Award Developer of the Leslie lamport document preparation system LaTeX °2013 Turing Award for imposing clear, well- defined coherence on the seemingly chaotic behavior of distributed computing systems 14 Born February 7, 1941(age 75) New York City New York
Leslie B. Lamport The winner of the 2013 Turing Award • Developer of the document preparation system LaTeX • 2013 Turing Award for imposing clear, well - defined coherence on the seemingly chaotic behavior of distributed computing systems Topic 3: User Authentication 142/3/2021
Lamport's One-Time Password Setting: A wants to authenticate itself to B Initialization A selects an arbitrary value S, a hash function Ho, and integer value t A computes Wo= H(S)and sends Wo, and Ho to B B stores Wo Protocol: To authenticate to b at time i where 1<=i<= t A sends to B: A, i, W;=Ht(S) B checks: i=A, H Wi=Wi-1 If both holds, IA =IA 15
Lamport’s One-Time Password • Setting: A wants to authenticate itself to B • Initialization: • A selects an arbitrary value S, a hash function H(), and integer value t • A computes w0 = Ht (S) and sends w0 , and H() to B • B stores w0 • Protocol: To authenticate to B at time i where 1 <= i <= t • A sends to B: A, i, wi = Ht-i (S) • B checks: i = iA, H(wi ) = wi-1 • If both holds, iA = iA + 1 Topic 3: User Authentication 152/3/2021