Cryptograph

y and
Network
Security
Sixth Edition
by William Stallings
Chapter 15
User Authentication
 Remote User-
Authentication Principles
• The process of verifying an identity claimed by
or for a system entity
• An authentication process consists of two
steps:

Verificatio
• Presenting an n step
identifier to the • Presenting or generating
security system authentication
information that
corroborates the binding
Identificati between the entity and
the identifier
on step
 Means of User
Authentication
Something the individual Something the individual
knows possesses
• Examples include a password, • Examples include
a personal identification cryptographic keys, electronic
number (PIN), or answers to a are keycards,
There four
smart cards, and
prearranged set of questions physical
general means of keys
• This
authenticating a is referred to as a token
user’s identity,
which can be used
alone or in
combination
Something the individual is Something the individual
(static biometrics) does (dynamic biometrics)
• Examples include recognition • Examples include recognition
by fingerprint, retina, and by voice pattern, handwriting
face characteristics, and typing
rhythm

• For network-based user authentication, the most

important methods involve cryptographic keys and
something the individual knows, such as a password
 Mutual
Authentication
• Protocols which enable communicating parties to
satisfy themselves mutually about each other’s
identity and to exchange session keys
Central to the
problem of
authenticate
d key
exchange are
two issues:
Timeliness
• Important because of the
threat of message replays Confidentiality
• Such replays could allow • Essential identification
an opponent to: and session-key
• compromise a session key information must be
• successfully impersonate communicated in
another party encrypted form
• disrupt operations by • This requires the prior
presenting parties with existence of secret or
messages that appear public keys that can
genuine but are not be used for this
purpose
 Replay Attacks
1. The simplest replay attack is one in which the
opponent simply copies a message and replays it later

2. An opponent can replay a timestamped message

within the valid time window

3. An opponent can replay a timestamped message

within the valid time window, but in addition, the
opponent suppresses the original message; thus, the
repetition cannot be detected

4. Another attack involves a backward replay without

modification and is possible if symmetric encryption is
used and the sender cannot easily recognize the
difference between messages sent and messages
received on the basis of content (Reflection Attack)
 Approaches to
Coping With Replay
Attacks
• Attach a sequence number to each message used in an authentication
exchange
• A new message is accepted only if its sequence number is in the proper
order
• Difficulty with this approach is that it requires each party to keep track of the
last sequence number for each claimant it has dealt with
• Generally not used for authentication and key exchange because of
overhead

• Timestamps
• Requires that clocks among the various participants be synchronized
• Party A accepts a message as fresh only if the message contains a timestamp
that, in A’s judgment, is close enough to A’s knowledge of current time

• Challenge/response
• Party A, expecting a fresh message from B, first sends B a nonce (challenge)
and requires that the subsequent message (response) received from B contain
the correct nonce value

• Binding – In all cases, cryptographic means must be used to insure that

neither cut-and-paste nor message modification is possible without
detection
 One-Way
Authentication
One application for
which encryption is A second requirement
growing in popularity is is that of
electronic mail (e- authentication
mail)
• Header of the e-mail • The recipient wants some
message must be in the assurance that the
clear so that the message is from the
message can be handled alleged sender
by the store-and-forward
e-mail protocol, such
as SMTP or X.400
• The e-mail message
should be encrypted such
that the mail-handling
system is not in
possession of the
decryption key
See Chapter 19 on securing email
Remote User-Authentication
Using Symmetric Encryption
A two-level hierarchy of symmetric keys
can be used to provide confidentiality
for communication in a distributed
environment
• Strategy involves the use of a trusted key
distribution center (KDC)
• Each party shares a secret key, known as a
master key, with the KDC
• KDC is responsible for generating keys to
be used for a short time over a connection
between two parties and for distributing
those keys using the master keys to protect
the distribution
 Suppress-Replay
Attacks
• The Denning protocol requires reliance on clocks
that are synchronized throughout the network
• A risk involved is based on the fact that the
distributed clocks can become unsynchronized as a
result of sabotage on or faults in the clocks or the
synchronization mechanism
• The problem occurs when a sender’s clock is ahead
of the intended recipient’s clock
• An opponent can intercept a message from the
sender and replay it later when the timestamp in the
message becomes current at the recipient’s site
• Such attacks are referred to as suppress-replay
attacks
 Mutual
Authentication
• Public-key encryption for session key distribution
• Assumes each of the two parties is in possession
of the current public key of the other
• May not be practical to require this assumption

• Denning protocol using timestamps

• Uses an authentication server (AS) to provide
public-key certificates
• Requires the synchronization of clocks

• Woo and Lam makes use of nonces

• Care needed to ensure no protocol flaws
 One-Way
Authentication
• Have public-key approaches for e-mail
• Encryption of message for confidentiality,
authentication, or both
• The public-key algorithm must be applied
once or twice to what may be a long
message

• For confidentiality encrypt message with

one-time secret key, public-key encrypted
• If authentication is the primary concern, a
digital signature may suffice
• Password based Authentication -- Methods to Manage Password:

• There are a lot of good practices that we can follow to generate a strong
password and also the ways to manage them.

• (selection strategies) Strong and long passwords: A minimum length of

8 to 12 characters long, also it should contain at least three different
character sets (e.g., uppercase characters, lowercase characters, numbers, or
symbols)

• Password Encryption: Using irreversible end-to-end encryption is

recommended. In this way, the password remains safe even if it ends up in
the hands of cybercriminals.

• Multi-factor Authentication (MFA): Adding some security questions and a

phone number that would be used to confirm that it is indeed you who is
trying to log in will enhance the security of your password.

• Make the password pass the test: Yes, put your password through some
testing tools that you might find online in order to ensure that it falls under
the strong and safe password category.

• Avoid updating passwords frequently: Though it is advised or even made

mandatory to update or change your password as frequently as in 60 or 90
days.
 Remote user
authentication

• It is a mechanism in which the remote

server verifies the legitimacy of a user
over non-secure communication
channel.
• There are two types of remote user
authentication:
 RUA (asymmetric)Mutual

Authentication and solution using

Authentication Server
Mutual Authentication and solution
using KDC
 One way
Authentication
If confidentiality is the primary concern, then the following may be
more efficient:
A è B: E(PUb , Ks) || E(Ks , M)
In this case, the message is encrypted with a one-time secret key. A
also encrypts this one-time key with B’s public key. Only B will be
able to use the corresponding private key to recover the one-time
key and then use that key to decrypt the message. This scheme is
more efficient than simply encrypting the entire message with B’s
public key.
If authentication is the primary concern, then a digital signature
may suffice:
A è B: M || E(PRa , H(M))
RUA (symmetric) Mutual Authentication and

solution using KDC - Needham – Schroeder

Protocol
 Solution by Denning

Her proposal assumes that the master keys, K a and Kb, are secure, and it consists of the

𝐴 → 𝐾𝐷𝐶: 𝐼𝐷𝐴||𝐼𝐷𝐵
following steps.

𝐾𝐷𝐶 → 𝐴: 𝐸 (𝐾𝑎, [𝐾𝑠||𝐼𝐷𝐵||𝑇||𝐸 (𝐾𝑏, [𝐾𝑠||𝐼𝐷𝐴||𝑇])])

𝐴 → 𝐵: 𝐸 (𝐾𝑏, [𝐾𝑠||𝐼𝐷𝐴||𝑇])
𝐵 → 𝐴: 𝐸 (𝐾𝑠, 𝑁1)
𝐴 → 𝐵: 𝐸 (𝐾𝑠, 𝑓(𝑁1))