Challenge-Response protocols Goal: one entity authenticates to other entity proving the knowledge of a secret, 'challenge How to design this using the crypto tool we have earned? Approach: Use time-variant parameters to prevent replay, interleaving attackS, provide uniqueness and timeliness 16 Example: nonce(used only once), timestamps
Challenge-Response Protocols • Goal: one entity authenticates to other entity proving the knowledge of a secret, ‘challenge’ • How to design this using the crypto tool we have learned? • Approach: Use time-variant parameters to prevent replay, interleaving attacks, provide uniqueness and timeliness • Example: nonce (used only once), timestamps Topic 3: User Authentication 162/3/2021
Challenge-Response protocols Unilateral authentication( timestamp-based Ato B: MACK(tA, B) Unilateral authentication(nonce-based . bto a Ato B: MACK(rB, B) Mutual authentication(nonce-based b to a: Ato B: rA, MACK(rA, rB, B) B to A: MACK(rB, rA 17
Challenge-Response Protocols • Unilateral authentication (timestamp-based) • A to B: MACK(tA, B) • Unilateral authentication (nonce-based) • B to A: rB • A to B: MACK(rB, B) • Mutual authentication (nonce-based) • B to A: rB • A to B: rA, MACK(rA, rB, B) • B to A: MACK(rB, rA) Topic 3: User Authentication 172/3/2021
Public-key cryptography Cleverly use Digital Signature to authenticate to a party (This will be covered later)
Public-key Cryptography Cleverly use Digital Signature to authenticate to a party. (This will be covered later) Topic 3: User Authentication 182/3/2021
Passwords Oldest and most common form of authentication token due to its ease of deployment 1961 Compatible Time-Sharing System at MIT3 was most likely the first deployment of passwords Password was deployed in traditional computer systems like MULTICS and Unix in the 1970 19
Passwords • Oldest and most common form of authentication token due to its ease of deployment • 1961 Compatible Time-Sharing System at MIT was most likely the first deployment of passwords • Password was deployed in traditional computer systems like MULTICS and Unix in the 1970 Topic 3: User Authentication 192/3/2021
Variations of passwords Passphrase correct horse battery staple ° A sequence of words or other text used for FOR RANDOM sImilar purpose as password Set Passcode PIN Entry Passcode Enter your PIN to ENABLE Purchasing Blocked Purchase Personal 7 Identification 20 Number(PIN)
Variations of Passwords • Passphrase • A sequence of words or other text used for similar purpose as password • Passcode • Personal Identification Number (PIN) Topic 3: User Authentication 202/3/2021