Authentication protocols 曹天杰 Cao tianjie ticao@cumt.edu.cn 中科院软件所信息安全国家重点实验室 2003.4.21
1 Authentication Protocols 曹天杰 Cao Tianjie tjcao@cumt.edu.cn 中科院软件所信息安全国家重点实验室 2003.4.21
Introduction Cryptographic protocol Distributed algorithm Based on cryptographic building blocks To achieve a security related goal Examples Entity Authentication Key establishment: Key Distribution(Key enveloping Key transport), Key agreement Electronic Payment
2 Introduction • Cryptographic protocol – Distributed algorithm – Based on cryptographic building blocks – To achieve a security related goal • Examples: – Entity Authentication – Key Establishment:Key Distribution(Key enveloping, Key transport), Key agreement – Electronic Payment – …
authentication Hi! Im Alice Alice Bob insecure channel Eve (Eve owns the channel!) How does bob know that alice is alice, not eve?
3 authentication Alice Bob How does Bob know that Alice is Alice, not Eve? insecure channel Eve (Eve owns the channel!) Hi! I’m Alice
authentication Authentication is a means by which identity is established It allows one party to gain assurances about the identity of another party in a protocol, and that the second has actively participated The goal of authentication is to achieve all this over an insecure channel with an active attacker and no shared secrets exchange to avoid session hijacking(afterey Note: authentication must be combined with ke authentication)
4 authentication • Authentication is a means by which identity is established. • It allows one party to gain assurances about the identity of another party in a protocol, and that the second has actively participated. • The goal of authentication is to achieve all this over an insecure channel with an active attacker and no shared secrets. • Note: authentication must be combined with key exchange to avoid session hijacking (after authentication)
objectives of identification protocols If Alice and Bob are both honest, a is able to successfully authenticate herself to Bob, i.e. Bob will complete the protocol having accepted Alice's identity. Bob cannot reuse an identification exchange with Alice so as to impersonate her in conversations with others The probability that Eve can successfully impersonate Alice to Bob is negligible(e. g. computationally difficult) All the above remain true even if Eve has seen many previous authentication sessions between Alice and Bob, has had experience in authenticating herself with both, and multiple authentication sessions are run simultaneously
5 objectives of identification protocols • If Alice and Bob are both honest, A is able to successfully authenticate herself to Bob, i.e. Bob will complete the protocol having accepted Alice’s identity. • Bob cannot reuse an identification exchange with Alice so as to impersonate her in conversations with others. • The probability that Eve can successfully impersonate Alice to Bob is negligible (e.g. computationally difficult). • All the above remain true even if Eve has seen many previous authentication sessions between Alice and Bob, has had experience in authenticating herself with both, and multiple authentication sessions are run simultaneously