Crypto U8 (part 3), entity authentication

Mind Map by jjanesko, updated more than 1 year ago
Created by jjanesko about 7 years ago


IYM002 (Unit 8 - randomness, freshness, AKE) Mind Map on Crypto U8 (part 3), entity authentication, created by jjanesko on 04/23/2013.

Resource summary

Crypto U8 (part 3), entity authentication
1 assurance that an expected entity is involved and currently part of a communication session
1.1 need
1.1.1 identity assurance
1.1.2 freshness
1.2 2 kinds
1.2.1 mututal both entities provide each other with assurance
1.2.2 unilateral authentication of one entitiy to another ex. ATM
1.3 can only be provided at one moment in time
2 used in 2 types of situatios
2.1 access control
2.2 part of more complex crypto processes
3 one approach to entity authentication: zero knowledge mechanisms??
3.1 wikipedia's article very clear!! :)


3.2 useful when parties don't trust each other
3.3 With other authentication methods, some information about a key is leaked every time a transaction takes place.
3.4 2 entities
3.4.1 prover
3.4.2 verifier
3.5 expensive to use
4 information used to provide assurance of identity
4.1 what user has
4.1.1 dumb token ex. card with mag stripe
4.1.2 smart token sometimes have built in user interfaces have memory, processor, better storage of crypto info ex. smartcard
4.1.3 usually used in combination with some other form of identity assurance like a pin
4.1.4 needs some form of reader
4.2 something the user is
4.2.1 biometrics static measures fixed characteristic like fingerprints dynamic measures characteristics that change slightly like voice measurements of biometric info are digitalized stored for use
4.3 something the user knows
4.3.1 passwords, pins, passphrases most common problems length low complexity repeated across systems social engineering password database attacks shoulder surfing should be crypto protected at all times example of Unix password DB when user attempts login, system pulls user hash from DB & applies to special DES implementation covert password to 56 bit DES key and encrypt plaintext of all 0s 25 times check to see if resulting value equals value stored in DB for password
4.3.2 dynamic passwords

Attachments: one time password schemes 2 parts password function implemented on a smart token this results in 2 factor authentication input must be fresh (uses freshness mechanism) analysis every time new auth challenge issued local use of pin 2 factor authentication advantages limits exposure not repeatable
Show full summary Hide full summary


Crypto U8, example dynamic password scheme
Crypto U8 (part 2), Freshness
Crypto U8 (part 1), Randomness
Crypto U4, Block Cipher, Cipher Feedback Mode (CFB)
Crypto U1, Basic Principles
Crypto U3, Theoretical vs. Practical Security
Crypto U4, Block Cipher, Cipher Block Chaining Mode (CBC)
Crypto U4, Stream Cipher
Crypto U4, Block Cipher, Counter Mode
Crypto U4, Block Cipher, Electronic Codebook Mode (ECB)
Crypto U4, Block Cipher, Cipher Block Chaining Mode (CBC)
Luis Hudson