Overview of Authentication

Systems

1
 Password-based Authentication
Use a secret quantity (the password) that you state to
prove you know it

Alice Im Alice, the password is fiddlesticks

Bob

Threat: eavesdropping/password guessing/dictionary

attack
Needed for dumb end systems
Cellular phone cloning
Single password across multiple hosts

2
 Password-based Authentication
Password Guessing
Off-line: dictionary attack
On-line: limit tries
Storing user passwords
1. Authentication information is individually configured into
every server Alice will use
2. Authentication storage node: retrieved by node (NIS)
3. Authentication facilitators node: server say yes/no
For 2 and 3
Need to authenticate node asked
Store hash only
Store encrypted with good, protected key
Keep secret of the nodes key 3
 Address-based Authentication
Identity of the source can be inferred based on the
network address from which the packets arrive
Berkeley rtools (rsh, rlogin, etc.)
/etc/hosts.equiv file: trusted hosts
Per user .rhosts file
Safe from eavesdropping
Threat:
Break in one, break in all
Network address impersonation

4
 Cryptographic Authentication Protocols
Can be much more secure than either password-based
or address-based authentication
Basic idea
Alice proves her identity to Bob by performing a cryptographic
operation on a quantity Bob supplies
Based on Alices secret
A secret key
The private key of her public/private key pair

5
 Who is Being Authenticated?

Humans:
Short, memorable key (8 characters, 48 bits),
directly or as key for longer key
Computers:
(Long) high-quality secret
Hidden key (encrypted by password), directly
(e.g., hash of the password)

6
Eavesdropping and Server Database Reading
Public key: need to secure Alices private key
Alice uses her private key to sign a value Bob
supplies
Use good password
Eavesdropping
What if Bob stores Alices actual secret?
Difficult to protect against eavesdropping and
server database disclosure without public key
cryptography -> Lamport hash

7
 Trusted Intermediaries
Cannot do pair-wise authentication with secret
key technology
Each computer needs to know n-1 keys
Key Distribution Center (KDC)
Certification Authorities (CAs)
Certificate

8
 Key Distribution Center
Use a trusted node known as Key Distribution Center (KDC)
Secret key cryptography
The KDC knows keys for all nodes
asks KDC for secret (securely) to talk to
KDC encrypts R with the key shared between and KDC, send to
KDC encrypts R with the key shared between and KDC, send to :
ticket

Disadvantages:
KDC can impersonate anyone
KDC is a single point of failure
KDC might be a performance bottleneck

9
 Certification Authorities (CAs)
Public key cryptography
Problem: How can you be sure that the public keys are correct?
CA: ensure validity of public keys
Certificates
Signed messages specifying a name (Alice) and the corresponding public
key
Signed with the private key of the CA
All nodes need to be preconfigured with the CAs public key
Advantage of CAs over KDCs
CA does not need to be on-line
CA can be more secure
Networks will not be disabled if the CA crashes
Certificates are not security-sensitive only CA can generate signatures
A compromised CA cannot decrypt conversations
A compromised CA can fool Alice into accepting Bobs incorrect public key
10
 Certification Authorities (CAs)
Problem: How to deal with revoked certificates
before they expire?
Certificate Revocation
Certificate Revocation List (CRL)
List of revoked certificates
Must be signed and recent
A certificate is valid if
It has a valid CA signature
Not expired
Is not listed in CRL
How to distribute CRLs in a timely and reliable
manner is a critical and difficult problem
11
Multiple Trusted Intermediaries
Multiple KDC Domains

12
Multiple KDC Domains

13
 Multiple CA Domains
Alice obtains Bobs CAs certificate stating that its
public key is P1, signed by her own CA
Alice obtains Bobs certificate stating that his public
key is P2, signed with P1.
CA issues certificates to each other

14
 Using One time password
Lamports Hash
Safe from eavesdropping, database reading
No public key cryptography
Alice (human + workstation): password
Bob (server): username, n (decremented on login),
hashn(password)
Authentication

15
 Lamports hash - salted
Random number r (salt), stored at Bob
Transmit hashn(password|r)
Different r for different servers
Advantage of using Salt:
Allows Alice to securely use the same password on multiple servers
as long as different salt value is used when installing the password on
each of the other servers
Alice does not need to change her password when n decrements to 1
different salt value

16
 Lamports hash Small n Attack
No mutual authentication
Alice does not know she is definitely talking to
Bob
Small n Attack
Trudy impersonates Bob, sends small n, say 50
Alice sends hash50(password)
Assume the actual n at Bob is > 50

17
 Small n Attack

kiwifruit n, y=hashn(kiwifruit)

Real n
Fake, small m ?
Verifies y=hash(x)
hashm(kiwifruit) Yes!
x=hashn(kiwifruit)
Alice Bob
Easy to compute hashn()
if know hashm() with m<n

18