中国矿业大学：《密码学》课程教学资源（PPT讲稿）认证协议（Authentication Protocol）Introduction（主讲：曹天杰）

Authentication protocols 曹天杰 Cao tianjie ticao@cumt.edu.cn 中科院软件所信息安全国家重点实验室 2003.4.21

1 Authentication Protocols 曹天杰 Cao Tianjie tjcao@cumt.edu.cn 中科院软件所信息安全国家重点实验室 2003.4.21

Introduction Cryptographic protocol Distributed algorithm Based on cryptographic building blocks To achieve a security related goal Examples Entity Authentication Key establishment: Key Distribution(Key enveloping Key transport), Key agreement Electronic Payment

2 Introduction • Cryptographic protocol – Distributed algorithm – Based on cryptographic building blocks – To achieve a security related goal • Examples: – Entity Authentication – Key Establishment:Key Distribution(Key enveloping, Key transport), Key agreement – Electronic Payment – …

authentication Hi! Im Alice Alice Bob insecure channel Eve (Eve owns the channel!) How does bob know that alice is alice, not eve?

3 authentication Alice Bob How does Bob know that Alice is Alice, not Eve? insecure channel Eve (Eve owns the channel!) Hi! I’m Alice

authentication Authentication is a means by which identity is established It allows one party to gain assurances about the identity of another party in a protocol, and that the second has actively participated The goal of authentication is to achieve all this over an insecure channel with an active attacker and no shared secrets exchange to avoid session hijacking(afterey Note: authentication must be combined with ke authentication)

4 authentication • Authentication is a means by which identity is established. • It allows one party to gain assurances about the identity of another party in a protocol, and that the second has actively participated. • The goal of authentication is to achieve all this over an insecure channel with an active attacker and no shared secrets. • Note: authentication must be combined with key exchange to avoid session hijacking (after authentication)

objectives of identification protocols If Alice and Bob are both honest, a is able to successfully authenticate herself to Bob, i.e. Bob will complete the protocol having accepted Alice's identity. Bob cannot reuse an identification exchange with Alice so as to impersonate her in conversations with others The probability that Eve can successfully impersonate Alice to Bob is negligible(e. g. computationally difficult) All the above remain true even if Eve has seen many previous authentication sessions between Alice and Bob, has had experience in authenticating herself with both, and multiple authentication sessions are run simultaneously

5 objectives of identification protocols • If Alice and Bob are both honest, A is able to successfully authenticate herself to Bob, i.e. Bob will complete the protocol having accepted Alice’s identity. • Bob cannot reuse an identification exchange with Alice so as to impersonate her in conversations with others. • The probability that Eve can successfully impersonate Alice to Bob is negligible (e.g. computationally difficult). • All the above remain true even if Eve has seen many previous authentication sessions between Alice and Bob, has had experience in authenticating herself with both, and multiple authentication sessions are run simultaneously

basis of identification · Something you know Passwords, PINs, secret keys, your mother's maiden name Something you have Magnetic cards smart cards, physical keys handheld password generators · Something you are biometrics(DNA, signatures fingerprints voice, retinal patterns, hand geometries typing dialect/profiling)

6 basis of identification • Something you know – Passwords, PINs, secret keys, your mother’s maiden name • Something you have – Magnetic cards, smart cards, physical keys, handheld password generators. • Something you are – biometrics (DNA, signatures, fingerprints, voice, retinal patterns, hand geometries, typing dialect/profiling)

basis of identification Biometrics have major problems in real world situations How do you revoke keys? Biology is messy We leave dna, fingerprints everywhere just ask OJ How do you give a mugger your fingerprint? How do you authenticate if he's just hit ? you in the eye

7 basis of identification – Biometrics have major problems in real world situations • How do you revoke keys? • Biology is messy –We leave DNA, fingerprints everywhere - just ask OJ • How do you give a mugger your fingerprint? • How do you authenticate if he’s just hit you in the eye?

attacks on authentication Impersonation Replay · Interleaving impersonation involving selective combination of information from one or more previous or simultaneous sessions Reflection an interleaving attack involving sending information from an ongoing authentication session back to the originator

8 attacks on authentication • Impersonation • Replay • Interleaving – impersonation involving selective combination of information from one or more previous or simultaneous sessions • Reflection – an interleaving attack involving sending information from an ongoing authentication session back to the originator

attacks on authentication Forced delay adversary intercepts a message and relays it at some later point in time(note: not the same as replay) Chosen-text attack on challenge-response where an adversary chooses challenges in an attempt to extract the secret key

9 attacks on authentication • Forced delay – adversary intercepts a message and relays it at some later point in time (note: not the same as replay) • Chosen-text – attack on challenge-response where an adversary chooses challenges in an attempt to extract the secret key

Simple authentication: 1 st Attempt Alice Alice.k③象 Bob 分=K AB Eve

10 Eve Simple Authentication: 1st Attempt Alice Bob Alice, KAB = KAB