54836
Crypto U8 (part 3),
entity authentication
- assurance that an expected entity is involved
and currently part of a communication session
- need
- identity assurance
- freshness
- identity assurance
- 2 kinds
- mututal
- both entities
provide each other
with assurance
- both entities
provide each other
with assurance
- unilateral
- authentication
of one entitiy to
another
- ex. ATM
- ex. ATM
- authentication
of one entitiy to
another
- mututal
- can only be
provided at one
moment in time
- need
- used in 2
types of
situatios
- access control
- part of more complex
crypto processes
- access control
- one approach to entity
authentication: zero
knowledge mechanisms??
- wikipedia's article very clear!! :)
Annotations:
- http://en.wikipedia.org/wiki/Zero-knowledge_proof#Abstract_example
- useful when parties don't trust each other
- With other authentication methods, some information about
a key is leaked every time a transaction takes place.
- 2 entities
- prover
- verifier
- prover
- expensive to use
- wikipedia's article very clear!! :)
- information
used to provide
assurance of
identity
- what user has
- dumb token
- ex. card with mag stripe
- ex. card with mag stripe
- smart token
- sometimes
have built in
user interfaces
- have memory,
processor, better
storage of crypto info
- ex. smartcard
- sometimes
have built in
user interfaces
- usually used in combination
with some other form of
identity assurance like a pin
- needs some
form of reader
- dumb token
- something the user is
- biometrics
- static
- measures fixed
characteristic like
fingerprints
- measures fixed
characteristic like
fingerprints
- dynamic
- measures
characteristics that
change slightly
like voice
- measures
characteristics that
change slightly
like voice
- measurements of
biometric info are
digitalized stored for use
- static
- biometrics
- something the user knows
- passwords, pins, passphrases
- most
common
- problems
- length
- low complexity
- repeated
across
systems
- social engineering
- password database attacks
- shoulder surfing
- length
- should be crypto
protected at all times
- example of Unix password DB
- when user attempts login, system pulls user hash
from DB & applies to special DES implementation
- covert password to 56 bit DES key and
encrypt plaintext of all 0s 25 times
- check to see if resulting value equals
value stored in DB for password
- when user attempts login, system pulls user hash
from DB & applies to special DES implementation
- most
common
- dynamic passwords
- one time password schemes
- 2 parts
- password function
- implemented on
a smart token
- this results in 2 factor authentication
- this results in 2 factor authentication
- implemented on
a smart token
- input
- must be fresh (uses
freshness mechanism)
- must be fresh (uses
freshness mechanism)
- password function
- analysis
- every time new auth
challenge issued
- local use of pin
- 2 factor authentication
- every time new auth
challenge issued
- 2 parts
- advantages
- limits exposure
- not repeatable
- limits exposure
- one time password schemes
- passwords, pins, passphrases
- what user has
Want to create your own Mind Maps for free with GoConqr? Learn more.