Crypto U8 (part 3), entity authentication

Description

IYM002 (Unit 8 - randomness, freshness, AKE) Mind Map on Crypto U8 (part 3), entity authentication, created by jjanesko on 23/04/2013.
jjanesko
Mind Map by jjanesko, updated more than 1 year ago
jjanesko
Created by jjanesko over 11 years ago
98
10

Resource summary

Crypto U8 (part 3), entity authentication
  1. assurance that an expected entity is involved and currently part of a communication session
    1. need
      1. identity assurance
        1. freshness
        2. 2 kinds
          1. mututal
            1. both entities provide each other with assurance
            2. unilateral
              1. authentication of one entitiy to another
                1. ex. ATM
            3. can only be provided at one moment in time
            4. used in 2 types of situatios
              1. access control
                1. part of more complex crypto processes
                2. one approach to entity authentication: zero knowledge mechanisms??
                  1. wikipedia's article very clear!! :)

                    Annotations:

                    • http://en.wikipedia.org/wiki/Zero-knowledge_proof#Abstract_example
                    1. useful when parties don't trust each other
                      1. With other authentication methods, some information about a key is leaked every time a transaction takes place.
                        1. 2 entities
                          1. prover
                            1. verifier
                            2. expensive to use
                            3. information used to provide assurance of identity
                              1. what user has
                                1. dumb token
                                  1. ex. card with mag stripe
                                  2. smart token
                                    1. sometimes have built in user interfaces
                                      1. have memory, processor, better storage of crypto info
                                        1. ex. smartcard
                                        2. usually used in combination with some other form of identity assurance like a pin
                                          1. needs some form of reader
                                          2. something the user is
                                            1. biometrics
                                              1. static
                                                1. measures fixed characteristic like fingerprints
                                                2. dynamic
                                                  1. measures characteristics that change slightly like voice
                                                  2. measurements of biometric info are digitalized stored for use
                                                3. something the user knows
                                                  1. passwords, pins, passphrases
                                                    1. most common
                                                      1. problems
                                                        1. length
                                                          1. low complexity
                                                            1. repeated across systems
                                                              1. social engineering
                                                                1. password database attacks
                                                                  1. shoulder surfing
                                                                  2. should be crypto protected at all times
                                                                    1. example of Unix password DB
                                                                      1. when user attempts login, system pulls user hash from DB & applies to special DES implementation
                                                                        1. covert password to 56 bit DES key and encrypt plaintext of all 0s 25 times
                                                                          1. check to see if resulting value equals value stored in DB for password
                                                                        2. dynamic passwords

                                                                          Attachments:

                                                                          1. one time password schemes
                                                                            1. 2 parts
                                                                              1. password function
                                                                                1. implemented on a smart token
                                                                                  1. this results in 2 factor authentication
                                                                                2. input
                                                                                  1. must be fresh (uses freshness mechanism)
                                                                                3. analysis
                                                                                  1. every time new auth challenge issued
                                                                                    1. local use of pin
                                                                                      1. 2 factor authentication
                                                                                    2. advantages
                                                                                      1. limits exposure
                                                                                        1. not repeatable
                                                                                  Show full summary Hide full summary

                                                                                  Similar

                                                                                  Crypto U8, example dynamic password scheme
                                                                                  jjanesko
                                                                                  Crypto U8 (part 2), Freshness
                                                                                  jjanesko
                                                                                  Crypto U8 (part 1), Randomness
                                                                                  jjanesko
                                                                                  Crypto U4, Block Cipher, Cipher Feedback Mode (CFB)
                                                                                  jjanesko
                                                                                  Crypto U4, Block Cipher, Cipher Block Chaining Mode (CBC)
                                                                                  jjanesko
                                                                                  Crypto U3, Theoretical vs. Practical Security
                                                                                  jjanesko
                                                                                  Crypto U1, Basic Principles
                                                                                  jjanesko
                                                                                  Crypto U4, Stream Cipher
                                                                                  jjanesko
                                                                                  Crypto U4, Block Cipher, Counter Mode
                                                                                  jjanesko
                                                                                  Crypto U4, Block Cipher, Electronic Codebook Mode (ECB)
                                                                                  jjanesko
                                                                                  Crypto U2, Crypto design principles
                                                                                  jjanesko