Crypto U8 (part 3), entity authentication

jjanesko
Mind Map by jjanesko, updated more than 1 year ago
jjanesko
Created by jjanesko about 7 years ago
85
10

Description

IYM002 (Unit 8 - randomness, freshness, AKE) Mind Map on Crypto U8 (part 3), entity authentication, created by jjanesko on 04/23/2013.

Resource summary

Crypto U8 (part 3), entity authentication
1 assurance that an expected entity is involved and currently part of a communication session
1.1 need
1.1.1 identity assurance
1.1.2 freshness
1.2 2 kinds
1.2.1 mututal
1.2.1.1 both entities provide each other with assurance
1.2.2 unilateral
1.2.2.1 authentication of one entitiy to another
1.2.2.1.1 ex. ATM
1.3 can only be provided at one moment in time
2 used in 2 types of situatios
2.1 access control
2.2 part of more complex crypto processes
3 one approach to entity authentication: zero knowledge mechanisms??
3.1 wikipedia's article very clear!! :)

Annotations:

  • http://en.wikipedia.org/wiki/Zero-knowledge_proof#Abstract_example
3.2 useful when parties don't trust each other
3.3 With other authentication methods, some information about a key is leaked every time a transaction takes place.
3.4 2 entities
3.4.1 prover
3.4.2 verifier
3.5 expensive to use
4 information used to provide assurance of identity
4.1 what user has
4.1.1 dumb token
4.1.1.1 ex. card with mag stripe
4.1.2 smart token
4.1.2.1 sometimes have built in user interfaces
4.1.2.2 have memory, processor, better storage of crypto info
4.1.2.3 ex. smartcard
4.1.3 usually used in combination with some other form of identity assurance like a pin
4.1.4 needs some form of reader
4.2 something the user is
4.2.1 biometrics
4.2.1.1 static
4.2.1.1.1 measures fixed characteristic like fingerprints
4.2.1.2 dynamic
4.2.1.2.1 measures characteristics that change slightly like voice
4.2.1.3 measurements of biometric info are digitalized stored for use
4.3 something the user knows
4.3.1 passwords, pins, passphrases
4.3.1.1 most common
4.3.1.2 problems
4.3.1.2.1 length
4.3.1.2.2 low complexity
4.3.1.2.3 repeated across systems
4.3.1.2.4 social engineering
4.3.1.2.5 password database attacks
4.3.1.2.6 shoulder surfing
4.3.1.3 should be crypto protected at all times
4.3.1.4 example of Unix password DB
4.3.1.4.1 when user attempts login, system pulls user hash from DB & applies to special DES implementation
4.3.1.4.2 covert password to 56 bit DES key and encrypt plaintext of all 0s 25 times
4.3.1.4.3 check to see if resulting value equals value stored in DB for password
4.3.2 dynamic passwords

Attachments:

4.3.2.1 one time password schemes
4.3.2.1.1 2 parts
4.3.2.1.1.1 password function
4.3.2.1.1.1.1 implemented on a smart token
4.3.2.1.1.1.1.1 this results in 2 factor authentication
4.3.2.1.1.2 input
4.3.2.1.1.2.1 must be fresh (uses freshness mechanism)
4.3.2.1.2 analysis
4.3.2.1.2.1 every time new auth challenge issued
4.3.2.1.2.2 local use of pin
4.3.2.1.2.3 2 factor authentication
4.3.2.2 advantages
4.3.2.2.1 limits exposure
4.3.2.2.2 not repeatable
Show full summary Hide full summary

Similar

Crypto U8, example dynamic password scheme
jjanesko
Crypto U8 (part 2), Freshness
jjanesko
Crypto U8 (part 1), Randomness
jjanesko
Crypto U4, Block Cipher, Cipher Feedback Mode (CFB)
jjanesko
Crypto U1, Basic Principles
jjanesko
Crypto U3, Theoretical vs. Practical Security
jjanesko
Crypto U4, Block Cipher, Cipher Block Chaining Mode (CBC)
jjanesko
Crypto U4, Stream Cipher
jjanesko
Crypto U4, Block Cipher, Counter Mode
jjanesko
Crypto U4, Block Cipher, Electronic Codebook Mode (ECB)
jjanesko
Crypto U4, Block Cipher, Cipher Block Chaining Mode (CBC)
Luis Hudson