Authentication Techniques

Outline

Security Classification
Security Requirements
Classification of Authentication Techniques
Secret Key based Authentication
Public Key based Authentication
 Unconditional Security

Cryptosystems that are provably 100% secure

An opponent cannot break the scheme:

even if unlimited text is available
even if unlimited time is available
even if unlimited computing power is available

Strength of scheme relies on a mathematical proof

that the opponent does not have enough information
to break the cryptographic scheme.
 Conditional Security

Cryptosystems, for which we do not have a

mathematical proof that they are 100% secure

An opponent can break the scheme:

if unlimited text is available
if unlimited time is available
if unlimited computing power is available

Strength of such a scheme relies on the assumption

that the opponent does not have sufficient resources
(text, time, computers, money, etc.) to break the
scheme.
 Security Requirements
Security in any applications primarily caters into one or
more of the following:
Authentication : the recipient can be sure that a
message really came from the genuine source.
Privacy : only authorized entities can read
information.
Integrity : data are not altered during transmission
Non-repudiation : prevent the denial of previous
commitments
Availability : information/computing resource
available when needed

 Data Origin Authentication
Symmetric key
Authentication Asymmetric Key

Entity Authentication
Password/Public Key
Something you know
Something you have
Something you are
Somebody you know
Privacy: data are available to authorized entity
Access control: policy , procedure,
indoctrination and inculcation
Encryption: Symmetric and Asymmetric

1001 0101 1011 1101 = 0010 1000

Message Key Cipher
 Classifications of Authentication

Entity Authentication
Data Origin Authentication
- One-way Authentication
- Mutual Authentication
- Multi-factor Authentication
-
 Authentication by Secret-Key (MAC)

Plaintext
Bob Alice

Generate Auth Code Verify Yes/No

Auth Code Auth Code

Key Key
 Authentication by Public-Key (Digital Signature)
Purchase #
is approved Bob's
Private Key
Bobs signature
Hash
Generation Value Digital
Signature
Hash MF4&7CEFF

Function
AE03$17DB
AA567C29
encrypt 01010111100000101
10111101011110111

Purchase #
is approved

01010111100000101 Hash MF4&7CEFF

10111101011110111 AE03$17DB

Signature Function AA567C29

Purchase #
Verification is approved Signature is valid

decrypt
MF4&7CEFF
AE03$17DB
AA567C29

Bob's
Public Key
 One-Way Function
Given an algorithm for computing f(x), it is easy to compute
y = f(x) for any x

Given the value of y = f(x), it is hard (i.e., computationally

infeasible) to compute x

Given x, it is hard to find z such that f(x) = f(z)

One-bit change to x produces a very different output, f(x)

Two Popular Message Digest Algorithms

- Message Digest (MD5)
- Secure Hash Algorithm (SHA)
 3 ways to Authenticate

Authentication is normally done by one or more of:

1. What you know (typically a password)
2. What you have (typically a chip/card of some sort)
3. What you are (biometrics)

All of these can fail!

A typical Authentication system
Static Authentication - Office Net login
Office Net Login (contd)
 Common Problems

Potential threats:
Stolen verifier attacks
Guessing attacks
Gaining control over other systems

 Dynamic Authentication (DA)

A technique that authenticates an entity dynamically

Could avoid the potential threats of static auth

Could be achieved in any mode, by any primitives,

heavyweight/lightweight

Several real-world applications rely on dynamic

authentication
 How can one devise DA?

Use the existing wheel without re-inventing it

Use a derived key from master key/password for

authenticating entity

Token-based approach is perfect, but demands cost;

Token-less approach is a challenging task
 Example: RSA SecureID
Two-factor authentication

Notion of One-time password

Values change, typically, every 30 or 60 seconds

Values generated from pseudo-random function

Security strength relies on 128-bit key

 Public Key Based Authentication-SSL/TLS

SSL is the most commonly deployed protocol for

secure connections to web servers

For example, if you want to buy a book at

amazon.com
You want to be sure you are dealing with Amazon
(authentication)
Your credit card information must be protected
in transit (confidentiality and/or integrity)
As long as you have money, Amazon doesnt care
who you are (authentication need not be mutual)
CAs not on the Trust List?
 How does SSL work?

Peer negotiation for algorithm support

the client and server negotiation uses cryptographic
algorithms

Certificate-based authentication and public key

encryption-based key exchange

Symmetric cipher-based traffic confidentiality

 Online Shopping - SSL/TLS

You (client) Merchant (server)

Client Hello - Here are the protocols and ciphers I understand

Server Hello - I choose this protocol and ciphers.

Here is my public key and some other stuff

Here is a pre-master key, encrypted with your public key

Client and server both compute

PRF(pre-master secret, client nonce + server nonce)
 The SSL 3.0 handshake protocol

Client Server
C, VerC, SuiteC, NC

VerS, SuiteS, signCA{S, Spub}, NS

Choose random secret {VerC, Pre-master SecretC}Spub

(Pre-master SecretC)
{Hash(Messages 1- 3)}Secret(S,C)

{Hash(Messages 1- 4)}Secret(C,S)
 Finally Security Analysis is a must

Adversarial Model
Analysis and validates the protocol using some well-
defined model:
State based approach
Process algebra
Model checker

 Cryptanalytic Attacks

Known Cipehrtext
Only the ciphertext is known to attacker
Cryptanalysis to reveal the plaintext and/or the key

Known Plaintext
Pairs of (plaintext , ciphertext) are known to attacker
Cryptanalysis to reveal the key
Relevant when plaintext is known / can be obtained

Chosen Plaintext
Attacker chooses the plaintext and receives the ciphertext
Cryptanalysis to reveal the key
Relevant when attacker can inject plaintext messages
 Cryptanalytic Attacks

Chosen Ciphertext
Attacker chooses the ciphertext and receives the
corresponding plaintext
Cryptanalysis to reveal the key
Relevant when attacker can inject ciphertext
messages to the decryption module

Adaptive Chosen Text

Attacker chooses successive plaintext and/or the
ciphertext messages in accordance to attack plan
Cryptanalysis to reveal the key
Relevant when attacker can control the
encryption and decryption modules w. r. to respect
chosen messages
 Non-cryptanalytic Attacks

Replay: replaying intercepted message

Guessing: guessing PIN/password
Impersonation: MITM
Stolen-verifier: password/verifier table
Sniffing: listening to the communication
Snooping: stealing secrets or sensitive data
Spoofing: impersonating as another entity
Code Injection: viruses, applets
Reflection: parallel session
Denial-of-Service: flooding
Physical Attacks: tampering
Exhaustive search
 Conclusion
Design authentication protocol according to applications
requirements

Avoid proprietary tools/guidelines (security through

obscurity is not a good approach)

Dynamic authentication is a need to safeguard

applications from increasing vulnerabilities

End-user capability is an important concern

Technology + Policy + Management = Security Solution

Dont spend $10M to protect $1M

Dont protect $1B with crypto that can be broken for $1M