My Cryptographic Authentication Final
-
Upload
nirmal-poddar -
Category
Documents
-
view
223 -
download
0
Transcript of My Cryptographic Authentication Final
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 1/51
CRYPTOGRAPHIC
AUTHENTICATION
SUBMITTED BY
NIRMAL PODDAR
REG NO ± 95580028
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 2/51
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 3/51
What is Cryptogr aphic Authentication ?
Establish and verify Identity
Authentication is the concept of pr oving
user identity, typically in or to establish
communication or der to gain access to
a system or network.
The pr ocess of identifying one¶s identity
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 4/51
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 5/51
The most basic f or m of authentication
involves the use of a login name and
passwor d. Another f or m of authentication involves the use of digital cer tificates (f or
example when accessing secur e web
sites).
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 6/51
Ther e ar e thr ee basic authentication means by
which an individual may authenticate his
identity.
Something you have Can be stolen
Such as key , car d
Something you know Can be guessed , shar ed , stolen
Such as passwor d ,
Something you ar e Can be costly , copied
Such as biometrics
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 7/51
Something you have OTP Car ds (e.g. SecurID): gener ates new
passwor d each time user logs in
Smar t Car d: tamper-r esistant, stor es secr et inf or mation, enter ed into a car d-r eader
Token / Key (i.e., iButton)
ATM Car d Str ength of authentication depends on
difficulty of f or ging
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 8/51
Something You Know Example: Passwor ds
Pr os:
Simple to implement
Simple f or users to understand
Cons:
Easy to cr ack (unless users choose str ong ones)
Passwor ds ar e r eused many times
One-time Passwor ds (OTP): diff er ent passwor d used each time, but it is difficult f or user to r emember all of them
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 9/51
Something You ar e
Biometrics
Pr os: ³r aises the bar´
Cons: f alse negatives/positives, social acceptance,key management f alse positive: authentic user r ejected
f alse negative: impostor accepted
Technique Effectiveness Acceptance
Palm Scan 1 6
Iris Scan 2 1
Retinal Scan 3 7
Finger Print 4 5
Voice ID 5 3
Facial Recognition 6 4
Signatur e Dynamics 7 2
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 10/51
Two f actor authentication : For Str ong Authentication any two of the
basic methods can be combined
Such as :: ATM + PINFinger Print + OTP
etc
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 11/51
Who is Authenticating Who? Person ± to ± Person ?
Computer ± to ± Computer ?
Thr ee Types Client Authentication : server verifies client¶s id
Server Authentication : client verifies server ¶s id
Mutual Authentication : Client and Server
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 12/51
Authentication Methods : Authentication can be accomplished in many ways.
The impor tance of selecting an envir onment
appr opriate Authentication Method is per haps the most crucial decision in designing secur e systems.
Authentication pr otocols ar e capable of simply
authenticating the connecting par ty or
authenticating the connecting par ty as well as
authenticating itself to the connecting par ty.
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 13/51
Various types of methods :
Passwor ds
One Time Passwor ds
Public Key Cryptogr aphy
Zer o Knowledge Pr oofs
Digital Signatur es
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 14/51
Passwor ds :
Passwor ds ar e the most widely used f or m of
authentication Users pr ovide an identifier, a typed
in wor d or phr ase or per haps a token car d, along with a passwor d. In many systems the passwor ds,
on the host itself, ar e not stor ed as plain text but
ar e encrypted. Passwor d authentication does not
nor mally r equir e complicated or r obust har dwar e since authentication of this type is in gener al simple
and does not r equir e much pr ocessing power.
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 15/51
Passwor d :
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 16/51
Passwor ds :
Passwor d authentication has sever al
vulner abilities, some of the mor e obvious
ar e: Passwor d may be easy to guess.
Writing the passwor d down and placing it in a
highly visible ar ea. Discovering passwor ds by eavesdr opping or
even social engineering.
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 17/51
Passwor ds :
The risk of eavesdr opping can be managed
by using digests f or authentication.
The connecting par ty sends a value, typically
a hash of the client IP addr ess, time stamp,
and additional secr et inf or mation.
The system is, however, vulner able to active attacks such as the-man-in-the middle
attack.
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 18/51
One Time Passwor d :
To avoid the pr oblems associated with
passwor d r euse, one-time passwor ds wer e
developed.
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 19/51
One Time Passwor ds :
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 20/51
One Time Passwor ds :
Ther e ar e two types of one-time passwor ds : a challenge-r esponse passwor d
a passwor d list.
The challenge-r esponse passwor d r esponds with a
challenge value af ter r eceiving a user identifier. The
r esponse is then calculated fr om either the
r esponse value (with some electr onic device) or
select fr om a table based on the challenge.
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 21/51
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 22/51
A one-time passwor d list makes use of lists of
passwor ds which ar e sequentially used by the
person wanting to access a system.
The values ar e gener ated so that it is very har d to
calculate the next value fr om the pr eviously
pr esented values.
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 23/51
One-time-passwor d lists, or OTPs, ar e an
alter native to deploying a security grid f or user
authentication. With this appr oach, end-usersar e pr ovisioned with a list of r andomly gener ated
passwor ds that ar e typically printed on a sheet
of paper, or hidden under "scr atch car ds" that
ar e distributed to and carried by end-users.
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 24/51
One Time Passwor d List
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 25/51
One Time Passwor d List :
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 26/51
One Time Passwor d List :
For example,
R: x1=f(R), x2=f(f(R)), ..., xn=f(xn-1).
The f( ) is chosen so that f -1 is very difficult. First the xn is used, then the xn-1 is used.
It is impor tant to keep in mind that Passwor d
systems only authenticate the connecting par ty.
It does not pr ovide the connecting par ty with any
method of authenticating the system they ar e
accessing, so it is vulner able to spoofing or a
man-in-middle attack.
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 27/51
Public Key Cryptogr aphy
Public key cryptogr aphy is based on very
complex mathematical pr oblems that r equir e
very specialized knowledge. Public key cryptogr aphy makes use of two
keys, one private and the other public.
The two keys ar e linked together by way of an extr emely complex mathematical equation.
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 28/51
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 29/51
The private key is used to decrypt and also
to encrypt messages between the communi -
cating machines. Both encryption and verification of signatur e is accomplished with
the public key.
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 30/51
The integrity of the public key is of the utmost
impor tance. The integrity of a public key is
usually assur ed by completion of a cer tification pr ocess carried out by a cer tification authority
(CA). Once the CA has cer tified that the
cr edentials pr ovided by the entity securing the
public key ar e valid, the CA will digitally sign the key so that visitors accessing the material the
key is pr otecting will know the entity has been
cer tified.
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 31/51
Basically, the public-key authentication
pr ocess includes the f ollowing:
Client selects some r andom numbers and sends the r esults to the server as a message: Message 1.
The server then sends diff er ent r andom numbers
back to the client based on Message 1.
The Clients then computes the new value and sendsMessage 2 to the server.
The Server then uses the clients public key to verify
that the values r etur ned could have only been
computed using the private key.
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 32/51
One impor tant methods :
Elliptic Curve Cryptogr aphic Algorithm :
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 33/51
Zer o Knowledge Pr oofs :
Zer o-knowledge pr oofs make it possible f or
a Host to convince another Host to allow
access without r evealing any "secr et inf or mation". The hosts involved in this f or m
of authentication usually communicate
sever al times to finalize authentication.
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 34/51
The client will first cr eate a r andom but
difficult pr oblem to solve and then solves it
using inf or mation it has.
The client then commits the solution using a
bit-commitment scheme and then sends the
pr oblem and commitment to the server.
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 35/51
The server then asks the client to either
pr ove that the pr oblems ar e r elated or
open the committed solution and pr ove that it is the solution. The client complies
with the r equest.
Typically, about ten successful exchangeswill be r equir ed to take place bef or e the
authentication pr ocess is complete and
access is gr anted.
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 36/51
The zer o-knowledge pr oof can be made to
be non-inter actively. In this instance only one
message fr om client to server is needed.This method utilizes a one-way hash function
wher e the committing answers ar e based on
the output of that hash function. The number of pr oofs needed is gener ally lar ger (64 or
mor e), to avoid brute-f orce attacks.
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 37/51
Example :
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 38/51
The zer o-knowledge pr oof of identity has it
shar e of pr oblems. Per haps the most
vulner able one is that while Host A thinkshe is pr oving his identity to Host B, it is
possible f or Host B to simultaneously
authenticate to a thir d par ty, Host C, using Host A¶s cr edentials.
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 39/51
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 40/51
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 41/51
Example :
Let us consider an intuitive example called Ali Baba's Cave . Alice
wants to pr ove to Bob that she knows the secr et wor ds that will
open the por tal at R -S in the cave, but she does not wish to r eveal
the secr et to Bob. In this scenario, Alice's commitment is to go to R or S . A typical r ound in the pr oof pr oceeds as f ollows: Bob goes
to P and waits ther e while Alice goes to R or S . Bob then goes
to Q and shouts to ask Alice to appear fr om either the right side or
the lef t side of the tunnel. If Alice does not know the secr et wor ds
(f or example, "Open Sesame"), ther e is only a 50 percent chance
she will come out fr om the right tunnel. Bob will r epeat this r ound asmany times as he desir es until he is cer tain Alice knows the secr et
wor ds. No matter how many times the pr oof r epeats, Bob does not
lear n the secr et wor ds.
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 42/51
Digital Signatur e :
To cr eate a digital signatur e fr om a
message, cr eate a hash value, also known
as a message digest, fr om the message. Then, use the signer 's private key to sign
the hash value. The f ollowing illustr ation
shows the pr ocess f or cr eating a digital signatur e.
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 43/51
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 44/51
To verify a digital signatur e, both the message and
the signatur e ar e r equir ed. First, a hash value must
be cr eated fr om the message in the same way as it was done when the signatur e was cr eated. This
hash value is then verified against the signatur e,
using the public key of the signer. If the hash value
and the signatur e match, you can be confident that the message is the one originally signed and that it
has not been tamper ed with. The f ollowing
illustr ation shows the pr ocess of verifying a digital
signatur e.
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 45/51
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 46/51
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 47/51
A hash value consists of a small amount of
binary data, typically 160 bits. It is pr oduced
using a hashing algorithm. All hash values shar e the f ollowing pr oper ties,
r egar dless of the algorithm used: A hash value is of a fixed length, r egar dless of the size of the
message. Every pair of nonidentical messages tr anslates into a
diff er ent hash value, even if the two messages diff er only by
a single bit. Using today's technology, it is not f easible to
discover a pair of messages that tr anslate to the same hash
value without br eaking the hashing algorithm.
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 48/51
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 49/51
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 50/51
Conclusion :
Other methods of authentication, that may be
mor e complex and r equir e mor e time to
implement and maintain, pr ovide str ong and r eliable authentication (pr ovided one keeps its
secr ets secr et, i.e. private keys and phr ases).
8/8/2019 My Cryptographic Authentication Final
http://slidepdf.com/reader/full/my-cryptographic-authentication-final 51/51
Conclusion :
That being said, one of the key f actors to be
consider ed in deter mining which method of
authentication to implement is usability. The usability f actor cannot be ignor ed when designing
authentication systems.
If the authentication methods ar e not deemed
usable by those f orced to utilize them, then theywill avoid using the system or persistently try to
bypass them. Usability is a key issue to the
adoption and maintenance of a security system.