Chapter 15

User Authentication
 User Authentication
• The process of verifying an identity claimed by
or for a system entity
• An authentication process consists of two steps:
– Identification: Presenting an identifier to the security
system.
– Verification: generating authentication information
that confirms binding between entity and identifier.
 Means of User Authentication
• There are four general means of authenticating a user's identity
1. Something the user knows: Includes a password, a personal identification
number (PIN), or answers to a prearranged set of questions.
2. Something the user possesses: Include electronic keycards, smart cards,
and physical keys. Authenticator type is referred to as a token.
3. Something the user is (static biometrics): Include recognition by
fingerprint, retina, and face.
4. Something the user does (dynamic biometrics): Include recognition by
voice pattern, handwriting characteristics, and typing rhythm.

• All of these methods, implemented and used.

• Each method has problems and an adversary (attacker) may be able to guess
or steal it.
 Authentication Protocols
• Parties know each others identity and to
exchange session keys.
• key issues are
o confidentiality – to protect session keys
o timeliness – to prevent replay attacks
 Replay Attacks
where a valid signed message is copied and later resent
• Simple replay: The opponent simply copies a message and replays it later.
• Repetition that can be logged: An opponent can replay a timestamped message
within the valid time window.
• Repetition that cannot be detected: Original message could have been suppressed
and thus did not arrive at its destination; only the replay message arrives.
• Backward replay without modification: This is a replay back to the message
sender. This attack is possible if symmetric encryption is used and the sender
cannot easily recognize the difference between messages sent and messages
received on the basis of content.

• countermeasures include the use of:

– Sequence numbers (generally impractical since must remember last number with
every communicating party)
– timestamps (needs synchronized clocks)
– challenge/response (using unique, random, unpredictable nonce)
 One-Way Authentication

• Example: E-mail
Sender & Receiver are not in communications at same time.
Requirements
• Header of the email message in clear so that can be
delivered by Store and Froward e-mail protocol
[Simple Mail Transfer Protocol “SMTP”]
• Contents of body protected & sender authenticated
 Using Symmetric Encryption

• Mutual Authentication: A two-level hierarchy of symmetric

encryption keys can be used to provide confidentiality for
communication in a distributed environment.
Involving the use of a trusted Key Distribution Center (KDC)
– each party shares own master key (secret key) with KDC
– KDC generates session keys used for connections between
parties for a short time.
– KDC distributes session keys using master keys to protect
the distribution.
 Needham-Schroeder Protocol

• Third-party key distribution protocol for session

between A B mediated by KDC protocol overview is:
A has a master key (Ka) known only to itself and the KDC; similarly, B shares the master key (Kb) with the KDC.
1. A issues a request to the KDC for a session key to protect a logical connection to B. The message includes the identity of A
and B and a unique identifier, N1 (nonce) for this transaction.
2. The KDC responds with a message encrypted using Ka. Thus, A is the only one who can successfully read the message
which include:
• The one-time session key, Ks, to be used for the session
• An identifier of B (e.g., its network address), IDB and Nonce N1
In addition, the message includes two items intended for B:
• The one-time session key, Ks , to be used for the session
• An identifier of A (e.g., its network address), IDA
3. A stores the session key for use in upcoming session and forwards to B the information that originated at the KDC for B.
4. Using the newly session key for encryption, B sends a nonce, N2, to A.
5. Also, using Ks, A responds with f(N2), where f is a function that performs some transformation on (e.g., adding one).
 Needham-Schroeder Protocol

• Used to securely distribute a new session key

for communications between A & B
• In danger to a replay attack if an old session
key has been compromised
– then message 3 can be resent convincing B that is
communicating with A
• modifications to address this require:
– timestamps in steps 2 & 3 (Denning 81)
– using an extra nonce (Neuman 93)
 One-Way Authentication

• To avoid requiring that the recipient (B) be on line at the same

time as the sender (A), steps 4 & 5 must be eliminated. For a
message with content M, the sequence is as follows:

• provides encryption & some authentication

The approach guarantees that only the intended recipient of a
message will be able to read it
• does not protect from replay attack
 Kerberos

• An authentication service which provides centralised

private-key authentication in a distributed network
Allows users access to services distributed through
network without needing to trust all workstations, rather
all trust a central authentication server
• Two versions in use: 4 & 5
 Kerberos Requirements

• its first report identified requirements as:

– Secure: A network eavesdropper should not be able to obtain the
necessary information to impersonate a user.
– Reliable: Lack of availability of the Kerberos service means lack of
availability of the supported services. Hence, Kerberos should be
highly reliable.
– Transparent: Ideally, the user should not be aware that authentication
is taking place, beyond the requirement to enter a password.
– Scalable: The system should be capable of supporting large numbers
of clients and servers.
• implemented using an authentication protocol based on
Needham-Schroeder
Kerberos 4 Overview
Kerberos v4 Dialogue
 Kerberos Realms
The authentication messages where service is being requested from another domain. The
ticket presented to the remote server indicates the realm in which the user was originally
authenticated. The server chooses whether to honor the remote request.
One problem presented by the approach is that it does not scale well to many realms, as
each pair of realms need to share a key.
 Kerberos Version 5

• developed in mid 1990’s

• specified as Internet standard RFC 1510
• provides improvements over v4
– addresses environmental shortcomings
• encryption alg, network protocol, byte order, ticket lifetime,
authentication forwarding, interrealm auth
– and technical deficiencies
• double encryption, non-std mode of use, session keys, password
attacks
Kerberos v4 Kerberos v5
Dialogue Dialogue