Cryptography and

Network Security
Seventh Edition, Global Edition
by William Stallings

© 2017 Pearson Education, Ltd., All rights reserved.

 Chapter 15
User Authentication

© 2017 Pearson Education, Ltd., All rights reserved.

 Remote User-Authentication
Principles
• The process of verifying an identity claimed by or
for a system entity

• An authentication process consists of two steps:

Verification
• Presenting an step
identifier to the •Presenting or generating
security system authentication information
that corroborates the binding
between the entity and the
Identification identifier
step

© 2017 Pearson Education, Ltd., All rights reserved.

© 2017 Pearson Education, Ltd., All rights reserved.
 Means of User Authentication
Something the individual knows Something the individual possesses
• Examples include a password, a • Examples include cryptographic
personal identification number keys, electronic keycards, smart
(PIN), or answers to a prearranged cards, and physical keys
set of questions • This is referred to as a token
There are four general
means of authenticating a
user’s identity, which can
be used alone or in
combination
Something the individual is (static Something the individual does
biometrics) (dynamic biometrics)
• Examples include recognition by • Examples include recognition by
fingerprint, retina, and face voice pattern, handwriting
characteristics, and typing rhythm

• For network-based user authentication, the most important

methods involve cryptographic keys and something the
individual knows, such as a password
© 2017 Pearson Education, Ltd., All rights reserved.
 Mutual Authentication
• Protocols which enable communicating parties to
satisfy themselves mutually about each other’s
identity and to exchange session keys
Central to the
problem of
authenticated
key exchange
are two issues:
Timeliness
•Important because of the
threat of message replays Confidentiality
•Such replays could allow an •Essential identification
opponent to: and session-key
•compromise a session key information must be
•successfully impersonate communicated in
another party encrypted form
•disrupt operations by •This requires the prior
presenting parties with existence of secret or
messages that appear public keys that can be
genuine but are not used for this purpose

© 2017 Pearson Education, Ltd., All rights reserved.

 Replay Attacks
1. The simplest replay attack is one in which the opponent
simply copies a message and replays it later

2. An opponent can replay a timestamped message within the

valid time window

3. An opponent can replay a timestamped message within the

valid time window, but in addition, the opponent
suppresses the original message; thus, the repetition
cannot be detected

4. Another attack involves a backward replay without

modification and is possible if symmetric encryption is used
and the sender cannot easily recognize the difference
between messages sent and messages received on the
basis of content
© 2017 Pearson Education, Ltd., All rights reserved.
 Approaches to Coping
With Replay Attacks
• Attach a sequence number to each message used in an
authentication exchange
• A new message is accepted only if its sequence number is in the proper
order
• Difficulty with this approach is that it requires each party to keep track
of the last sequence number for each claimant it has dealt with
• Generally not used for authentication and key exchange because of
overhead

• Timestamps
• Requires that clocks among the various participants be synchronized
• Party A accepts a message as fresh only if the message contains a
timestamp that, in A’s judgment, is close enough to A’s knowledge of
current time

• Challenge/response
• Party A, expecting a fresh message from B, first sends B a nonce
(challenge) and requires that the subsequent message (response)
received from B contain the correct nonce value
© 2017 Pearson Education, Ltd., All rights reserved.
 One-Way Authentication
One application for which
encryption is growing in A second requirement is
popularity is electronic that of authentication
mail (e-mail)
• Header of the e-mail message • The recipient wants some
must be in the clear so that assurance that the message is
the message can be handled from the alleged sender
by the store-and-forward
e-mail protocol, such as SMTP
or X.400
• The e-mail message should be
encrypted such that the mail-
handling system is not in
possession of the decryption
key

© 2017 Pearson Education, Ltd., All rights reserved.

 Remote User-Authentication
Using Symmetric Encryption
A two-level hierarchy of symmetric keys can be used
to provide confidentiality for communication in a
distributed environment
•Strategy involves the use of a trusted key
distribution center (KDC)
•Each party shares a secret key, known as a master
key, with the KDC
•KDC is responsible for generating keys to be used
for a short time over a connection between two
parties and for distributing those keys using the
master keys to protect the distribution
© 2017 Pearson Education, Ltd., All rights reserved.
 Suppress-Replay Attacks
• The Denning protocol requires reliance on clocks that
are synchronized throughout the network

• A risk involved is based on the fact that the distributed

clocks can become unsynchronized as a result of
sabotage on or faults in the clocks or the
synchronization mechanism

• The problem occurs when a sender’s clock is ahead of

the intended recipient’s clock
• An opponent can intercept a message from the sender
and replay it later when the timestamp in the message
becomes current at the recipient’s site
• Such attacks are referred to as suppress-replay attacks
© 2017 Pearson Education, Ltd., All rights reserved.
 Kerberos
• Authentication service developed as part of Project Athena at
MIT

• A workstation cannot be trusted to identify its users correctly to

network services
• A user may gain access to a particular workstation and pretend to be
another user operating from that workstation
• A user may alter the network address of a workstation so that the
requests sent from the altered workstation appear to come from the
impersonated workstation
• A user may eavesdrop on exchanges and use a replay attack to gain
entrance to a server or to disrupt operations

• Kerberos provides a centralized authentication server whose

function is to authenticate users to servers and servers to users
• Relies exclusively on symmetric encryption, making no use of public-
key encryption

© 2017 Pearson Education, Ltd., All rights reserved.

 Kerberos Requirements
• The first published report on Kerberos listed the
following requirements:
•A network eavesdropper •Should be highly
should not be able to reliable and should
obtain the necessary employ a distributed
information to server architecture
impersonate a user with one system able
to back up another
Secure Reliable

Scalable Transparent

•The system should be •Ideally, the user should not be

capable of supporting aware that authentication is
large numbers of clients taking place beyond the
and servers requirement to enter a password
© 2017 Pearson Education, Ltd., All rights reserved.
 Kerberos Version 4
• Makes use of DES to provide the authentication service

• Authentication server (AS)

• Knows the passwords of all users and stores these in a centralized database
• Shares a unique secret key with each server

• Ticket
• Created once the AS accepts the user as authentic; contains the user’s ID and
network address and the server’s ID
• Encrypted using the secret key shared by the AS and the server

• Ticket-granting server (TGS)

• Issues tickets to users who have been authenticated to AS
• Each time the user requires access to a new service the client applies to the
TGS using the ticket to authenticate itself
• The TGS then grants a ticket for the particular service
• The client saves each service-granting ticket and uses it to authenticate its
user to a server each time a particular service is requested
© 2017 Pearson Education, Ltd., All rights reserved.
 The Version 4
Authentication Dialogue
The lifetime associated with the
ticket-granting ticket creates a
problem: A network service (the TGS or an
application service) must be able to
•If the lifetime is very short (e.g., minutes), the
user will be repeatedly asked for a password prove that the person using a ticket
•If the lifetime is long (e.g., hours), then an is the same person to whom that
opponent has a greater opportunity for replay ticket was issued

Servers need to authenticate

themselves to users

© 2017 Pearson Education, Ltd., All rights reserved.

 Table 15.1 (page 470 in textbook)
Summary of Kerberos Version 4 Message Exchanges

© 2017 Pearson Education, Ltd., All rights reserved.

© 2017 Pearson Education, Ltd., All rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
 (This table can be found on pages 473 – 474 in the textbook)
© 2017 Pearson Education, Ltd., All rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
 (page 3 of 3)

© 2017 Pearson Education, Ltd., All rights reserved.

 Kerberos Realms
and Multiple Kerberi
• A full-service Kerberos environment consisting of
a Kerberos server, a number of clients, and a
number of application servers requires that:
• The Kerberos server must have the user ID and
hashed passwords of all participating users in its
database; all users are registered with the Kerberos
server
• The Kerberos server must share a secret key with
each server; all servers are registered with the
Kerberos server
• The Kerberos server in each interoperating realm
shares a secret key with the server in the other
realm; the two Kerberos servers are registered with
each other
© 2017 Pearson Education, Ltd., All rights reserved.
 Kerberos Realm
• A set of managed nodes that share the same Kerberos
database
• The database resides on the Kerberos master
computer system, which should be kept in a physically
secure room
• A read-only copy of the Kerberos database might also
reside on other Kerberos computer systems
• All changes to the database must be made on the
master computer system
• Changing or accessing the contents of a Kerberos
database requires the Kerberos master password
© 2017 Pearson Education, Ltd., All rights reserved.
 Kerberos Principal

• A service or user that is A service

known to the Kerberos An or user
name
system instance
name

• Identified by its A realm

principal name name

Three parts of a principal

name

© 2017 Pearson Education, Ltd., All rights reserved.

© 2017 Pearson Education, Ltd., All rights reserved.
 Differences Between
Versions 4 and 5
Version 5 is intended to
address the limitations of
version 4 in two areas:
Environmental shortcomings Technical deficiencies
•Encryption system dependence •Double encryption
•Internet protocol dependence •PCBC encryption
•Message byte ordering •Session keys
•Ticket lifetime •Password attacks
•Authentication forwarding
•Interrealm authentication
© 2017 Pearson Education, Ltd., All rights reserved.
 Table 15.3 (page 479 in textbook)
Summary of Kerberos Version 5 Message Exchanges

© 2017 Pearson Education, Ltd., All rights reserved.

 Table 15.4

Kerberos
Version 5
Flags

(Table can be found on

page 480 in textbook)
© 2017 Pearson Education, Ltd., All rights reserved.
 Mutual Authentication
• Public-key encryption for session key distribution
• Assumes each of the two parties is in possession of the
current public key of the other
• May not be practical to require this assumption

• Denning protocol using timestamps

• Uses an authentication server (AS) to provide public-
key certificates
• Requires the synchronization of clocks

• Woo and Lam makes use of nonces

• Care needed to ensure no protocol flaws

© 2017 Pearson Education, Ltd., All rights reserved.

 One-Way Authentication
• Have public-key approaches for e-mail
• Encryption of message for confidentiality,
authentication, or both
• The public-key algorithm must be applied once
or twice to what may be a long message

• For confidentiality encrypt message with one-

time secret key, public-key encrypted

• If authentication is the primary concern, a

digital signature may suffice
© 2017 Pearson Education, Ltd., All rights reserved.
 Federated Identity
Management
• Relatively new concept dealing with the use of a
common identity management scheme across multiple
enterprise and numerous applications and supporting
many users
• Services provided include:
• Point of contact
• SSO protocol services
• Trust services
• Key services
• Identity services
• Authorization
• Provisioning
• Management
© 2017 Pearson Education, Ltd., All rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
 Key Standards
Security
The Extensible The Simple
Assertion
Markup Object Access WS-Security
Markup
Language (XML) Protocol (SOAP)
Language (SAML)

A markup
language that
Enables
uses sets of
applications to
embedded tags An XML-based
request services A set of SOAP
or labels to language for
from one extensions for
characterize the exchange of
another with implementing
text elements security
XML-based message
within a information
requests and integrity and
document so as between online
receive confidentiality
to indicate their business
responses as in Web services
appearance, partners
data formatted
function,
with XML
meaning, or
context

© 2017 Pearson Education, Ltd., All rights reserved.

© 2017 Pearson Education, Ltd., All rights reserved.
 Personal Identity Verification
• User authentication based on the possession of a smart card is
becoming more widespread
• Has the appearance of a credit card
• Has an electronic interface
• May use a variety of authentication protocols

• A smart card contains within it an entire microprocessor,

including processor, memory, and I/O ports

• A smart card includes three types of memory:

• Read-only memory (ROM) stores data that does not change during
the card’s life
• Electronically erasable programmable ROM (EEPROM) holds
application data and programs; also holds data that may vary with
time
• Random access memory (RAM) holds temporary data generated
when applications are executed

© 2017 Pearson Education, Ltd., All rights reserved.

© 2017 Pearson Education, Ltd., All rights reserved.
 PIV Documentation
• FIPS 201-2—Personal Identity Verification (PIV) of
Federal Employees and Contractors
• Specifies the physical card characteristics,
storage media, and data elements that make up
the identity credentials resident on the PIV card
• SP 800-73-3—Interfaces for Personal Identity
Verification
• Specifies the interfaces and card architecture
for storing and retrieving identity credentials
from a smart card, and provides guidelines for
the use of authentication mechanisms and
protocols
• SP 800-76-2—Biometric Data Specification for
Personal Identity Verification
• Describes technical acquisition and formatting
specifications for the biometric credentials of
the PIV system
• SP 800-78-3—Cryptographic Algorithms and Key
Sizes for Personal Identity Verification
• Identifies acceptable symmetric and
asymmetric encryption algorithms, digital
signature algorithms, and message digest
algorithms, and specifies mechanisms to
identify the algorithms associated with PIV keys
or digital signatures
© 2017 Pearson Education, Ltd., All rights reserved.
• SP 800-104—A Scheme for PIV Visual Card
Topography
• Provides additional recommendations on the
PIV card color-coding for designating
employee affiliation
• SP 800-116—A Recommendation for the Use of PIV
Credentials in Physical Access Control Systems
(PACS)
• Describes a risk-based approach for selecting
appropriate PIV authentication mechanisms to
manage physical access to Federal
government facilities and assets
• SP 800-79-1—Guidelines for the Accreditation of
Personal Identity Verification Card Issuers
• Provides guidelines for accrediting the
reliability of issuers of PIV cards that collect,
store, and disseminate personal identity
credentials and issue smart cards
• SP 800-96—PIV Card to Reader Interoperability
Guidelines
• Provides requirements that facilitate
interoperability between any card and any
reader
 PIV Credentials and Keys
• Personal Identification Number (PIN)
• Required to activate the card for privileged
operation
• Cardholder Unique Identifier (CHUID)
• Includes the Federal Agency Smart Credential
Number (FASC-N) and the Global Unique
Identification Number (GUID), which
uniquely identify the card and the cardholder
• PIV Authentication Key
• Asymmetric key pair and corresponding
certificate for user authentication
• Two fingerprint templates
• For biometric authentication
• Electronic facial image
• For biometric authentication
• Asymmetric Card Authentication Key
• Asymmetric key pair and corresponding
certificate used for card authentication
© 2017 Pearson Education, Ltd., All rights reserved.
Optional elements include the following:
• Digital Signature Key
• Asymmetric key pair and corresponding
certificate that supports document
signing and signing of data elements such
as the CHUID
• Key Management Key
• Asymmetric key pair and corresponding
certificate supporting key establishment
and transport
• Symmetric Card Authentication Key
• For supporting physical access
applications
• PIV Card Application Administration Key
• Symmetric key associated with the card
management system
• One or two iris images
• For biometric authentication
 Table 15.5
PIV Algorithms and Key Sizes

© 2017 Pearson Education, Ltd., All rights reserved.

 Authentication
• Using the electronic credentials
resident on a PIV card, the card
supports the following authentication
mechanisms:
• CHUID
The cardholder is authenticated using the
signed CHUID data element on the card.
The PIN is not required. This mechanism is
useful in environments where a low level
of assurance is acceptable and rapid
contactless authentication is necessary
• Card Authentication Key
The PIV card is authenticated using the
Card Authentication Key in a challenge
response protocol. The PIN is not
required. This mechanism allows contact
(via card reader) or contactless (via radio
waves) authentication of the PIV card
without the holder’s active participation,
and provides a low level of assurance
© 2017 Pearson Education, Ltd., All rights reserved.
• BIO
The cardholder is authenticated by matching his or her
fingerprint sample(s) to the signed biometric data element in
an environment without a human attendant in view. The PIN
is required to activate the card. This mechanism achieves a
high level of assurance and requires the cardholder’s active
participation is submitting the PIN as well as the biometric
sample
• BIO-A
The cardholder is authenticated by matching his or her
fingerprint sample(s) to the signed biometric data element in
an environment with a human attendant in view. The PIN is
required to activate the card. This mechanism achieves a very
high level of assurance when coupled with full trust validation
of the biometric template retrieved from the card, and
requires the cardholder’s active participation is submitting
the PIN as well as the biometric sample
• PKI
The cardholder is authenticated by demonstrating control of
the PIV authentication private key in a challenge response
protocol that can be validated using the PIV authentication
certificate. The PIN is required to activate the card. This
mechanism achieves a very high level of identity assurance
and requires the cardholder’s knowledge of the PIN
© 2017 Pearson Education, Ltd., All rights reserved.
 Summary
• Remote user-authentication
principles • Remote user-authentication
using asymmetric
• The NIST model for encryption
electronic user
authentication • Mutual authentication
• Means of authentication • One-way authentication
• Mutual authentication
• Federated identity
• One-way authentication management
• Identity management
• Remote user-authentication
using symmetric encryption • Identity federation
• Mutual authentication
• Personal identity
• One-way authentication verification
• PIV system model
• Kerberos
• PIV documentation
• Motivation
• PIV credentials and keys
• Kerberos V4 and V5
• Authentication
© 2017 Pearson Education, Ltd., All rights reserved.