Lec9 - Entity Authentication Sheng Zhong 1 Password...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
1 Entity Authentication Sheng Zhong
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 Password Authentication Oldest(?) way to authenticate an entity. Each user has a password. Host keeps a list of (user id, password). When a user needs to login, he sends the host his password. Host checks password before granting access.
Background image of page 2
3 Problems with Password Authentication The host’s list of (user id, password) may be revealed to adversary. This list becomes an attractive target of attack. The password may be eavesdropped in transmission.
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
4 No Password Storage in Clear We can address the first problem using one-way hash function. Host stores H(password) instead of password. Verifying password is still easy for host. Adversary can’t figure out password even if he sees H(password).
Background image of page 4
5 Lamport’s Hash Chain We can address the second problem using a hash chain. Let H() be a one-way hash function. Host keeps a list of (user id, H n (password)). When user needs to login for the ith time, he sends the host h=H n-i (password). The host checks H i (h)= H n (password).
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
6 Security of Lamport’s Hash Chain Suppose the adversary can see all communications and all storage of host. So he sees H n-1 (password), H n-2 (password), …, H n-(i-1) (password) in the i-1 previous sessions. He also sees H n (password) in the host’s storage. But he still can’t figure out H n-i (password), which is needed for login.
Background image of page 6
7 Vulnerability of Lamport’s Hash Chain The above “security analysis” assumes that adversary can’t find password from H(password) since H() is one-way. Unfortunately, normally this is not true. Most human memorizable passwords belong to a very small space: a few letters and digits with special meanings. So exhaustive search in this space is efficient. The most important part of the attack is construction of the space; usually we build it based on a dictionary. This is called “dictionary attack”.
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
8 Entity Authentication without Shared Secret Password-based authentication needs both parties to share a secret—the password. Can Alice authenticates to Bob who does not share any secret with her? Without further assumption this is impossible. Who is “Alice” anyway? What is the definition of Alice? With further assumption (e.g., trusted third party) this is possible.
Background image of page 8
9 Woo-Lam Authentication Assume there is a trusted third party: Trent. Alice shares a key KAT with Trent.
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 35

Lec9 - Entity Authentication Sheng Zhong 1 Password...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online