Simple authentication: 2nd Attempt Alice Ace,(HeOA KaB Bob Alice, Hello KaB 分=K AB Eve HEllo KaB
11 Simple Authentication: 2nd Attempt Eve Alice Alice, {Hello}KAB Bob {Hello}KAB Alice, {Hello}KAB = KAB
Simpl ole authentication: 3 Attempt Detects replay Alice Alice, Alice, T KAB Bob Alice, Alice, T)KAB 分=K AB Eve ALice, T KABI 12
12 Simple Authentication: 3rd Attempt Eve Alice Alice, {Alice, T}KAB Bob Alice, {Alice, T}KAB {Alice, T}KAB Detects replay = KAB
Authentication: Summary ° Proof of knowledge By text encrypted with secret key(authenticator Not by secret key itself Proof of freshness By included timevarying parameter Timestamp, counter, nonce(challenge-response) Alice Alice, Alice, N KaB Bob
13 Authentication: Summary • Proof of knowledge – By text encrypted with secret key (authenticator) – Not by secret key itself • Proof of freshness – By included timevarying parameter – Timestamp, counter, nonce (challenge-response) Alice Bob Alice, {Alice, N}KAB N
Variations/ extensions One-way vs mutual authentication Guaranteeing freshness Timestamps: simple but requires clock synchronisation Nonces: requires more messages but no Synchronised clOCKs Counters: extra state has to be kept
14 Variations / Extensions • One-way vs mutual authentication • Guaranteeing freshness: – Timestamps: simple, but requires clock synchronisation – Nonces: requires more messages, but no synchronised clocks – Counters: extra state has to be kept
passwords Passwords are the simplest(and weakest means of authentication Hi! I'm Alice my password is internet Alice →Bob insecure channel Eve Password authentication is where a secret is shared between two parties To authenticate, one party reveals their identity and their password Passwords are typically stored hashed on a server in a password file so if the server is compromised, the passwords still needs to be cracked). 15
15 passwords • Passwords are the simplest (and weakest) means of authentication. • Password authentication is where a secret is shared between two parties. To authenticate, one party reveals their identity and their password. • Passwords are typically stored hashed on a server in a password file (so if the server is compromised, the passwords still needs to be cracked). Alice Bob insecure channel Eve Hi! I’m Alice, my password is “internet