5.3 Message authentication versus entity authentication What happens if message authentication or entity authentication fails? We can answer this question by looking at Figure 5.2 again. There are two ways in which Eve can manipulate messages sent from Bob to Alice. Eve’s first option, illustrated on the left-hand side in Figure 5.2, is to break…
4.3.2 The one-time pad The prime example of a perfectly secret encryption scheme is the so-called one-time pad, also known as the Vernam cipher. It was first described by Frank Miller in 1882 and re-invented by Gilbert Vernam in 1917, who also patented the cipher in 1919. The original version of the Vernam cipher had…
5.4 Password-based authentication Password-based authentication is arguably the most common way used to authenticate humans to electronic devices. An average internet user has about 70 to 80 passwords to identify themself to websites they visit and services they use [130]. Most existing password schemes use time-invariant passwords. The user initially chooses a string of characters,…
Modern operating systems such as Linux use hash functions to store the hash values of passwords rather than the passwords themselves. The rationale is that even if an attacker gets hold of a hashed password, they cannot use it to log in as the victim because the password system requires the plaintext password. Moreover, because…
5.4.1 Brief history of password-based authentication Password-based authentication was introduced in the early 1960s when the first time-sharing systems, such as the famous Compatible Time-Sharing System (CTSS) and, later on, Multics, were developed at the Massachusetts Institute of Technology. A key problem the designers of these systems faced is that they – unlike earlier mainframe…
5.4.3 Disadvantages of password-based authentication In the previous section, we learned of several disadvantages of password-based authentication related to password storage. It turns out that passwords have even more drawbacks related to usability, time invariance, and human psychology. From a usability perspective, the user must be able to correctly enter the password and, thus, successfully…
5.5 Challenge-response protocols The working principle of cryptographic challenge-response protocols is illustrated in Figure 5.5. Claimant Bob proves his identity to verifier Alice by demonstrating that he knows a secret that, by design, is known only to Bob (and, potentially, Alice). However, unlike with basic password-based authentication, as shown in Figure 5.3, Bob does not…
5.5.1 Ensuring freshness In challenge-response protocols, the freshness of messages describes the property of being recent in the sense of originating subsequent to the beginning of the protocol run [117]. Time-variant parameters provide uniqueness and timeliness guarantees and prevent replay and interleaving attacks [117]. Non-repeating challenges can be generated very simply by using pseudorandom numbers…
5.5.2 Challenge-response using symmetric keys In challenge-response protocols using symmetric keys, the claimant and the verifier share a (typically high-entropy) secret K. An obvious approach to entity authentication is to send a nonce as a challenge RAND to the claimant and to expect the encrypted challenge as a response: RES = EK(RAND) (see Figure 5.6)….
5.5.3 Challenge-response using (keyed) one-way functions The second option in a symmetric challenge-response protocol is to use one-way or hash functions to compute the responses. The shared secret K is hashed together with the random challenge RAND (see Figure 5.8). How this is done will be discussed in detail in Chapter 11, Hash Functions and…
