Authentication allows received to verify that message is authentic Message has not altered Message is from authentic source Message timeline
Authentication Using Encryption Assumes sender and receiver are only entities that know key Message includes: Error detection code Time stamp Sequence number
Message Authentication Code Generate authentication code based on shar e d key and message Command key shared between A and B If only sender and receiver know key and code matches: Receiver assured message has not altered Receiver assured message is from alleged sender If message has sequence number, receiver assured of proper sequence
Authentication Without Encryption Authentication tag generated and appended to each message Message not encrypted Useful for: One side heavily loaded Encryption adds to worked Can authentication random message Message broadcast to multiple destinations Have one destination responsible for authentication Program authentication without encryption and can be executed ( without decoding)
Message Authentication Using Message Authentication Code
Cryptography-based protocols, applications & solutions Secure Socket Layer (SSL/TLS) Digital Signatures Digital Certificates Secure Electronic Transaction (SET) Authentication POP (APOP) Pretty Good Privacy (PGP/GPG) Kerberos Secure shell (SSH)
Pretty Good Privacy (PGP/GPG) An application for encryption, digitally signing, decryption, and verifying the integrity and authenticity of messages. Allows user to encrypt/decrypt whole message using a veriety of public key encryption algorithms. Allow user to create and verify digital signatures. Now available, in a variety of ports and re- writes, for all popular operating systems.
Authentication POP (APOP) Pop is “Post Office Protocol”, a standard Internet protocol for downloading received email on a mail server to workstation’s mail reader. Pop Send user ID and password over network as plain text Almost universal APOP Encrypts password Used MD5 algorithm Only available to mail client that support APOP
Secure Electronic Transaction (SET) An open encryption and security specification for protecting payment card transaction on the internet Feature: 1) Protects privacy of transmitted payment and ordering 2) Ensures integrity of all transmitted data 3) Provides au t henti c ation that a payment card holder is a legitimate 4) Allows payment card holder to verify that the merchant has a relationship whit an institution that allow it to accept payment cards. Implemented by large e-commerce vendors for large finantial institutions….
SET – Sample Transaction 1.
- Fall '17