Documente Academic
Documente Profesional
Documente Cultură
Outline
Security Classification
Security Requirements
Classification of Authentication Techniques
Secret Key based Authentication
Public Key based Authentication
Unconditional Security
Entity Authentication
Password/Public Key
Something you know
Something you have
Something you are
Somebody you know
Privacy: data are available to authorized entity
Access control: policy , procedure,
indoctrination and inculcation
Encryption: Symmetric and Asymmetric
Entity Authentication
Data Origin Authentication
- One-way Authentication
- Mutual Authentication
- Multi-factor Authentication
-
Authentication by Secret-Key (MAC)
Plaintext
Bob Alice
Key Key
Authentication by Public-Key (Digital Signature)
Purchase #
is approved Bob's
Private Key
Bobs signature
Hash
Generation Value Digital
Signature
Hash MF4&7CEFF
Function
AE03$17DB
AA567C29
encrypt 01010111100000101
10111101011110111
Purchase #
is approved
decrypt
MF4&7CEFF
AE03$17DB
AA567C29
Bob's
Public Key
One-Way Function
Given an algorithm for computing f(x), it is easy to compute
y = f(x) for any x
Potential threats:
Stolen verifier attacks
Guessing attacks
Gaining control over other systems
Dynamic Authentication (DA)
Client Server
C, VerC, SuiteC, NC
{Hash(Messages 1- 4)}Secret(C,S)
Finally Security Analysis is a must
Adversarial Model
Analysis and validates the protocol using some well-
defined model:
State based approach
Process algebra
Model checker
Cryptanalytic Attacks
Known Cipehrtext
Only the ciphertext is known to attacker
Cryptanalysis to reveal the plaintext and/or the key
Known Plaintext
Pairs of (plaintext , ciphertext) are known to attacker
Cryptanalysis to reveal the key
Relevant when plaintext is known / can be obtained
Chosen Plaintext
Attacker chooses the plaintext and receives the ciphertext
Cryptanalysis to reveal the key
Relevant when attacker can inject plaintext messages
Cryptanalytic Attacks
Chosen Ciphertext
Attacker chooses the ciphertext and receives the
corresponding plaintext
Cryptanalysis to reveal the key
Relevant when attacker can inject ciphertext
messages to the decryption module
Dont protect $1B with crypto that can be broken for $1M