
15
AUTHENTICATION PROTOCOLS
Two types of authentication protocols are
Mutual authentication
One way authentication
MUTUAL AUTHENTICATION
Mutual authentication protocols enable communicating parties to satisfy themselves mutually
about each other’s identity and exchange session keys.
Problems faced by authenticated key
exchange are
o Confidentiality
o Timeliness
Following are the examples of replay attack
Simple replay: The opponent simply copies a message and replays it later.
Repetition that can be logged: An opponent can replay a time stamped message within the valid
time window.
Repetition that cannot be detected: This situation could arise because the original message could
have been suppressed and thus did not arrive at its destination; only the replay message arrives.
Backward replay without modification: This is a replay back to the message sender. This attack is
possible if symmetric encryption is used and the sender cannot easily recognize the difference
between messages sent and messages received on the basis of content.
Countermeasures include
Timestamps: Party A accepts a message as fresh only if the message contains a timestamp that, in
A's judgment, is close enough to A's knowledge of current time. This approach requires that clocks
among the various participants be synchronized.
Challenge/response: Party A, expecting a fresh message from B, first sends B a nonce (challenge)
and requires that the subsequent message (response) received from B contain the correct nonce
value.
USING SYMMETRIC ENCRYPTION
Two-level hierarchy of symmetric key encryption can be used to provide confidentiality for the
distribution of key. Here, a trusted Key Distribution Center (KDC) is used for the distribution of session
key.
Needham-Schroeder Protocol for Distribution of session key
The purpose of this protocol is to distribute securely a session key Ks to A and B. Secret keys
Ka and Kb are shared between A and KDC; and KDC and B respectively.
1.
A→KDC:
ID
A
||
ID
B
||
N
1
2. KDC→A: E
Ka
[Ks ||
ID
B
||
N
1
|| E
Kb
[
Ks
||
ID
A
] ]
3.
A→B:
E
Kb
[
Ks
||
ID
A
]
4.
B→A:
E
Ks
[
N
2
]
5.
A→B:
E
Ks
[f(
N
2
)]
This protocol is vulnerable to a replay attack. Consider that opponent X has got the old session key that
was used by A and B, Now, X can impersonate A and trick B using the old key, replay step3. To
overcome this attack another protocol was proposed by Denning.
Denning Protocol
In this protocol a timestamp T was used that assures A and B that the session key has only just been
generated.
1.
A→KDC:
ID
A
||
ID
B
2. KDC→A: E
Ka
[Ks ||
ID
B
||T || E
Kb
[
Ks
||
ID
A||T
] ]
3.
A→B:
E
Kb
[
Ks
||
ID
A||T
]
4.
B→A:
E
Ks
[
N
2
]
5.
A→B:
E
Ks
[f(
N
2
)]
USING PUBLIC-KEY ENCRYPTION
Protocol 1:Denning AS Protocol
Denning 81 presented the following:
1.
A→AS:
ID
A
||
ID
B
2.
AS→A: E
KRas
[
ID
A
||KU
a
||T] || E
KRas
[
ID
B
||KU
b
||T]
3.
A→B: E
KRas
[
ID
A
||KU
a
||T] || E
KRas
[
ID
B
||KU
b
||T] || E
KUb
[E
KRas
[K
s
||T]]
AS is an authentication server which provides the certificate.

