Simple authentication: 2 atte emp Alice (HelD KaB Bob Alice,Hello kab K AB Eve Hello K
11 Simple Authentication: 2nd Attempt Eve Alice Alice, {Hello}KAB Bob {Hello}KAB Alice, {Hello}KAB = KAB
Simple authentication: 3rd atte emp Detects replay Alice Alice,Alice, T KaB Bob Alice, Alice, T KAB K AB Eve aLice, T) KABI 12
12 Simple Authentication: 3rd Attempt Eve Alice Alice, {Alice, T}KAB Bob Alice, {Alice, T}KAB {Alice, T}KAB Detects replay = KAB
Authentication: Summary Proof of knowledge By text encrypted with secret key(authenticator Not by secret key itself Proof of freshness By included timevarying parameter Timestamp, counter, nonce(challenge-response) Alice Alice, Alice, N KAB Bob 13
13 Authentication: Summary • Proof of knowledge – By text encrypted with secret key (authenticator) – Not by secret key itself • Proof of freshness – By included timevarying parameter – Timestamp, counter, nonce (challenge-response) Alice Bob Alice, {Alice, N}KAB N
Variations/ extensions One-way vs mutual authentication Guaranteeing freshness Timestamps: simple, but requires clock synchronisation Nonces: requires more messages but no nchronised clocks Counters: extra state has to be kept
14 Variations / Extensions • One-way vs mutual authentication • Guaranteeing freshness: – Timestamps: simple, but requires clock synchronisation – Nonces: requires more messages, but no synchronised clocks – Counters: extra state has to be kept
passwords Passwords are the simplest (and weakest) means of authentication Hi! I'm Alice, my password is internet Alice Bob insecure channel Eve Password authentication is where a secret is shared between two parties. To authenticate one party reveals their identity and their password. Passwords are typically stored hashed on a server in a password file ( so if the server is compromised the passwords still needs to be cracked) 15
15 passwords • Passwords are the simplest (and weakest) means of authentication. • Password authentication is where a secret is shared between two parties. To authenticate, one party reveals their identity and their password. • Passwords are typically stored hashed on a server in a password file (so if the server is compromised, the passwords still needs to be cracked). Alice Bob insecure channel Eve Hi! I’m Alice, my password is “internet