CIS 5371 Cryptography

1
CIS 5371 Cryptography

• 11. Authentication

2
Authentication

• Data Origin Authentication, or Message
  Authentication involves the integrity of
  communicated data.
• Entity Authentication, is a communication process
  in which the liveliness of the corresponding
  principal (entity) is established.
• Authenticated Key Exchange, is a means by which
  entities can bootstrap secure communication at a
  higher or application level.

3
Basic Authentication techniques
4
Challenge-Response, 1

• Bob ? Alice NB
• Alice ? Bob EKAB (M,NB)
• Bob decrypts the cipher and accepts if he sees
  NB. Else he rejects.
• Remark
• Uses an encryption mechanism for integrity.
• Does not offer a proper data integrity mechanism.
  Bob cannot establish the freshness of the message
  M.

5
Challenge-Response, 2

• Bob ? Alice NB
• Alice ? Bob MDC(KAB ,M,NB)
• Bob reconstruct the MDC and accepts if the two
  are the same. Else he rejects.

6
Challenge-Response, 3

• Bob ? Alice RB text1
• Alice ? Bob Token AB
• Token AB text 3 EKAB (RB B text
  2)
• On receiving the token, Bob should decrypt it and
  check it for correctness and reject it if it
  incorrect.

7
Timestamp mechanisms, 1

• Alice ? Bob EKAB (M,TA)
• Bob decrypts the cipher and accepts if TA if
  deemed to be valid.
  Else he
  rejects.

8
Timestamp mechanisms, 2

• Alice ? Bob MDC(KAB ,M,TA)
• Bob reconstruct the MDC and accepts if the two
  are the same, and TA is deemed valid. Else he
  rejects.
• We can also use asymmetric techniques
• Alice ? Bob sigA(M,TA)
• Bob verifies the signature and that TA is valid
  if so he accepts. Else he rejects.

9
(No Transcript)
10
(No Transcript)