Unit-4: Digital Signatures and

Authentication Protocols
Authentication Basics
● Authentication is the verification of the credentials of the connection attempt. •
Authentication is the binding of an identity to a subject.
● This process consists of sending the credentials from the remote access
client to the remote access server in an either plaintext or encrypted form by
using an authentication protocol.
● The external entity must provide information to enable the system to confirm
its identity.
● This information comes from one (or more) of the following.
○ What the entity knows (such as passwords or secret information)
○ What the entity has (such as a badge or card)
○ What the entity is (such as fingerprints or retinal characteristics)
○ Where the entity is (such as in front of a particular terminal)
Passwords
● A password is an information associated with an entity that confirms the
entity’s identity.
● Passwords are an example of an authentication mechanism based on what
people know: the user supplies a password, and the computer validates it.
● If the password is the one associated with the user, that user’s identity is
authenticated.
● If not, the password is rejected and the authentication fails.
● The goal of an authentication system is to ensure that entities are correctly
identified.
● If one entity can guess another’s password, then the guesser can
impersonate the other.
● The authentication model provides a systematic way to analyze this problem.
● The goal is to:
○ Hide authentication information
○ Prevent access to the authentication functions.
Attacking a Password System
● The simplest attack against a password based system is to guess passwords.
● Attackers can guess passwords locally or remotely using either a manual or
automated approach.
● Most networks aren't configured to require long and complex passwords, and an
attacker needs to find only one weak password to gain access to a network.
● Automated password guessing programs and crackers use several different
approaches.
● A Dictionary attack is the guessing of a password by repeated trial and error.
● A hacker uses a program or script to try to login by cycling through combinations of
common words.
● Dictionary attacks work on the assumption that most passwords consist of whole
words, dates, or numbers taken from a dictionary.
● Dictionary attack tools require a dictionary input list.
Cont.
● In Brute Force attack, a hacker uses a computer program or script to try to
log in with possible password combinations, usually starting with the
easiest-to-guess passwords until the result is obtained.
● The most time consuming—and most successful—attack method is the
bruteforce attack, in which the attacker tries every possible combination of
characters for a password, given a character set (e.g.,
abcd…ABCD…1234…!@#$) and a maximum password length.
● Hybrid password guessing attacks assume that network administrators
push users to make their passwords at least slightly different from a word that
appears in a dictionary.
● Hybrid guessing rules vary from tool to tool, but most mix uppercase and
lowercase characters, add numbers at the end of the password, spell the
password backward or slightly misspell it, and include characters such as @!#
in the mix.
Cont.
● Keystroke logging, often referred to as keylogging or keyboard capturing, is
the action of recording (logging) the keys struck on a keyboard secretly so
that the person using the keyboard is unaware that their actions are being
monitored.
● Data can then be retrieved by the person operating the logging program.
● Attackers often find it much easier to reset passwords than to guess them.
● Many password cracking programs are actually password resetters.
● In most cases, the attacker boots from a floppy disk or CD-ROM to get around
the typical Windows protections.
● Most password resetters contain a bootable version of Linux that can mount
NTFS volumes and can help you locate and reset the Administrator's
password.
● A widely used password reset tool is the free Petter Nordahl-Hagen program.
Cont.
● Phishing:Phishing is a form of fraud in which an attacker masquerades as a
reputable entity or person in email or other communication channels.
● The attacker uses phishing emails to distribute malicious links or attachments
that can perform a variety of functions, including the extraction of login
credentials or account information from victims.
● Phishing is popular with cybercriminals, as it is far easier to trick someone into
clicking a malicious link in a seemingly legitimate phishing email than trying to
break through a computer's defenses.
● Phishing attacks are very simple to avoid.
● When you are asked to put your personal information into a website, look up
into the URL bar. If for example you are supposed to be on gmail.com and in
the URL bar it says something completely different like gmail.randomsite.com,
or gamilmail.com, then you know this is a fake.
● When you are on the real gmail website, the URL should begin with
www.gmail.com, everything else is a fake.
Password Aging
● Password aging is the requirement that a password be changed after some
period of time has passed or after some event has occurred.
● Guessing of passwords requires that access to the complement, the
complementation functions, and the authentication functions be obtained.
● If none of these have changed by the time the password is guessed, then the
attacker can use the password to access the system.
● Assume that the expected time to guess a password is 180 days.
● Then changing the password more frequently than every 180 days will, in
theory, reduce the probability that an attacker can guess a password that is
still being used.
● In practice, aging by itself ensures little, because the estimated time to guess
a password is an average; it balances those passwords that can be easily
guessed against those that cannot.
● If users can choose passwords that are easy to guess, the estimation of the
expected time must look for a minimum, not an average.
Cont.
● There are problems involved in implementing password aging.
● The first is forcing users to change to a different password.
● The second is providing notice of the need to change and a user-friendly
method of changing passwords.
● Password aging is useless if a user can simply change the current password
to the same thing.
● One technique to prevent this is to record the n previous passwords.
● When a user changes a password, the proposed password is compared with
these n previous ones.
● If there is a match, the proposed password is rejected.
● The problem with this mechanism is that users can change passwords n
times very quickly, and then change them back to the original passwords.
● This defeats the goal of password aging.
● An alternative approach is based on time. In this implementation, the user
must change the password to one other than the current password.
Challenge Response
● Passwords have the fundamental problem that they are reusable.
● If an attacker sees a password, she can later replay the password.
● The system cannot distinguish between the attacker and the legitimate user,
and allows access.
● An alternative is to authenticate in such a way that the transmitted password
changes each time.
● Then, if an attacker replays a previously used password, the system will reject
it.
● Let user U desire to authenticate himself to system S.
● Let U and S have an agreed-on secret function f.
● A challenge-response authentication system is one in which S sends a
random message m (the challenge) to U, and U replies with the
transformation r = f(m) (the response).
● S validates r by computing it separately.
● Challenge-response algorithms are similar to the IFF (identification—friend or
foe) techniques that military airplanes use to identify allies and enemies.
One-Time Passwords
● A one-time password is a password that is invalidated as soon as it is used.
● The ultimate form of password aging occurs when a password is valid for exactly
one use.
● In some sense, challenge-response mechanisms use one-time passwords.
● Think of the response as the password.
● As the challenges for successive authentications differ, the responses differ.
● A mechanism that uses one-time passwords is also a challenge-response
mechanism.
● The challenge is the number of the authentication attempt; the response is the
one-time password.
● The problems in any one-time password scheme are the generation of random
passwords and the synchronization of the user and the system.
● The former problem is solved by using a cryptographic hash function or enciphering
function such as the DES, and the latter by having the system inform the user which
password it expects—for example, by having all the user’s passwords numbered
and the system providing the number of the one-time password it expects.
Hardware-Supported Challenge-Response Procedures
● Hardware support comes in two forms: a program for a general-purpose computer and
special-purpose hardware support.
● Both perform the same functions.
● The first type of hardware device, informally called a token, provides mechanisms for hashing or
enciphering information.
● With this type of device, the system sends a challenge.
● The user enters it into the device. The device returns the appropriate response.
● Some devices require the user to enter a personal identification number or password, which is used
as a cryptographic key or is combined with the challenge to produce the response.
● The second type of hardware device is temporally based.
● Every 60 seconds, it displays a different number.
● The numbers range from 0 to 10^n – 1, inclusive.
● A similar device is attached to the computer.
● It knows what number the device for each registered user should display.
● To authenticate, the user provides his login name. The system requests a password.
● The user then enters the number shown on the hardware device, followed by a fixed (reusable)
password.
● The system validates that the number is the one expected for the user at that time and that the
reusable portion of the password is correct.
Challenge-Response and Dictionary Attacks
● Whether or not a challenge-response technique is vulnerable to a dictionary
attack depends on the nature of the challenge and the response.
● In general, if the attacker knows the challenge and the response, a dictionary
attack proceeds as for a reusable password system.
● Suppose a user is authenticating himself using a challenge-response system.
● The system generates a random challenge r, and the user returns the value
Ek(r) of r enciphered using the key k.
● Then the attacker knows both r and Ek(r) and can try different values of k until
the encipherment of r matches Ek(r).
● In practice, it is not necessary to know the value of r.
● Most challenges are composed of random data combined with public data
that an attacker can determine.
Biometrics
● Biometrics is the measurement and statistical analysis of people's unique physical and behavioral
characteristics.
● Identification by physical characteristics is as old as humanity.
● Recognizing people by their voices or appearance, and impersonating people by assuming their
appearance, was widely known in classical times.
● Efforts to find physical characteristics that uniquely identify people include the fingerprints, and DNA
sampling.
● Using such a feature to identify people for a computer would ideally eliminate errors in
authentication.
● Biometrics is the automated measurement of biological or behavioral features that identify a person .
● When a user is given an account, the system administration takes a set of measurements that
identify that user to an acceptable degree of error.
● Whenever the user accesses the system, the biometric authentication mechanism verifies the
identity.
● Lawton points out that this is considerably easier than identifying the user because no searching is
required.
● A comparison to the known data for the claimed user’s identity will either verify or reject the claim.
● Common characteristics are fingerprints, voice characteristics, eyes, facial features, and keystroke
dynamics.
Fingerprints
● A fingerprint in its narrow sense is an impression left by the friction ridges of a
human finger.
● Fingerprints can be scanned optically, but the cameras needed are bulky.
● A capacitive technique uses the differences in electrical charges of the patterns on
the finger to detect those parts of the finger touching a chip and those raised.
● The data is converted into a graph in which ridges are represented by vertices and
vertices corresponding to adjacent ridges are connected.
● Each vertex has a number approximating the length of the corresponding ridge.
● At this point, determining matches becomes a problem of graph matching.
● This problem is similar to the classical graph isomorphism problem (similarity
between graphs), but because of imprecision in measurements, the graph
generated from the fingerprint may have different numbers of edges and vertices.
● Thus, the matching algorithm is an approximation.
Voices
● Authentication by voice, also called speaker verification or speaker recognition,
involves recognition of a speaker’s voice characteristics or verbal information
verification.
● The former uses statistical techniques to test the hypothesis that the speaker’s
identity is as claimed.
● The system is first trained on fixed passphrases or phonemes that can be
combined.
● To authenticate, either the speaker says the pass-phrase or repeats a word (or set
of words) composed of the learned phonemes.
● Verbal information verification deals with the contents of utterances (loud voice
expression).
● The system asks a set of questions such as “What is your mother’s maiden name?”
and “In which city were you born?”
● It then checks that the answers spoken are the same as the answers recorded in its
database.
● The key difference is that speaker verification techniques are speakerdependent,
but verbal information verification techniques are speakerindependent, relying only
on the content of the answers.
Eyes
● Authentication by eye characteristics uses the iris and the retina. Patterns
within the iris are unique for each person.
● Hence, one verification approach is to compare the patterns statistically and
ask whether the differences are random.
● A second approach is to correlate the images using statistical tests to see if
they match.
● Retinal scans rely on the uniqueness of the patterns made by blood vessels
at the back of the eye.
● This requires a laser beaming onto the retina, which is highly intrusive.
● This method is typically used only in the most secure facilities.
Faces
● Face recognition consists of several steps. First, the face is located.
● If the user places his/her face in a predetermined position (for example, by resting her chin
on a support), the problem becomes somewhat easier.
● However, facial features such as hair and glasses may make the recognition harder.
● Techniques for doing this include the use of neural networks and templates.
● The resulting image is then compared with the relevant image in the database.
● The correlation is affected by the differences in the lighting between the current image and
the reference image, by distortion, by “noise,” and by the view of the face. The correlation
mechanism must be “trained.”
● Several different methods of correlation have been used, with varying degrees of success.
● An alternative approach is to focus on the facial features such as the distance between the
nose and the chin, and the angle of the line drawn from one to the other.
Keystrokes
● Keystroke dynamics refers to the automated method of identifying or confirming the identity
of an individual based on the manner and the rhythm of typing on a keyboard.
● Keystroke dynamics requires a signature based on keystroke intervals, keystroke pressure,
keystroke duration, and where the key is struck (on the edge or in the middle).
● This signature is believed to be unique in the same way that written signatures are unique.
● Keystroke recognition can be both static and dynamic.
● Static recognition is done once, at authentication time, and usually involves typing of a fixed
or known string.
● Once authentication has been completed, an attacker can capture the connection (or take
over the terminal) without detection.
● Dynamic recognition is done throughout the session, so the aforementioned attack is not
feasible.
● However, the signature must be chosen so that variations within an individual’s session do
not cause the authentication to fail.
● For example, keystroke intervals may vary widely, and the dynamic recognition mechanism
must take this into account.
● The statistics gathered from a user’s typing are then run through statistical tests (which may
discard some data as invalid, depending on the technique used) that account for acceptable
variance in the data.
Combinations
● Several researchers have combined some of the techniques described above
to improve the accuracy of biometric authentication.
● Plankensteiner and Wagner combined voice sounds and lip motion with the
facial image.
● Duc, Bigun, Maire, and Fischer describe a “supervisor module” for melding
voice and face recognition with a success rate of 99.5%.
● The results indicate that a higher degree of accuracy can be attained than
when only a single characteristic is used.
Caution
● Because biometrics measures characteristics of the individual, people are
tempted to believe that attackers cannot pose as authorized users on systems
that use biometrics.
● Two assumptions underlie this belief.
● The first is that biometric device is accurate in the environment in which it is
used.
● For example, if a fingerprint scanner is under observation, having it scan a
mask of another person’s finger would be detected.
● But if it is not under observation, such a trick might not be detected and the
unauthorized user might gain access.
● The second assumption is that the transmission from the biometric device to
the computer’s analysis process is tamperproof.
● Otherwise, one could record a legitimate authentication and replay it later to
gain access.
Location
● Denning and MacDoran suggested an innovative approach to authentication.
● The reason that if a user claims to be Anna, who is at that moment working in
a bank in California but is also logging in from Russia at the same time, the
user is impersonating Anna.
● Their scheme is based on the Global Positioning System(GPS), which can
pinpoint a location to within a few meters.
● The physical location of an entity is described by a location signature derived
from the GPS satellites.
● Each location (to within a few meters) and time (to within a few milliseconds)
is unique, and hence form a location signature.
● This signature is transmitted to authenticate the user.
● The host also has a location signature sensor (LSS) and obtains a similar
signature for the user. • If the signatures disagree, the authentication fails.
Cont.
● This technique relies on special-purpose hardware.
● If the LSS is stolen, the thief would have to log in from an authorized geographic
location.
● Because the signature is generated from GPS data, which changes with respect to
time, location, and a variety of unpredictable actions resulting from the nature of the
electromagnetic waves used to establish position, any such signature would be
unique and could not be forged.
● Moreover, if intercepted, it could not be replayed except within the window of
temporal uniqueness.
● This technique can also restrict the locations from which an authorized user can
access the system.
● An interesting point is that the authentication can be done continuously.
● The LSS simply intermingles signature data with the transmitted data, and the host
checks it.
● If the connection were hijacked, the data from the LSS would be lost.
Multiple Methods
● Authentication methods can be combined, or multiple methods can be used.
● Authenticating by location generally uses special-purpose hardware.
● Although the key feature of this technique is physical location, without the LSS it will
not work.
● Techniques using multiple methods assign one or more authentication methods to
each entity.
● The entity must authenticate using the specific method, or methods, chosen.
● The specific authentication methods vary from system to system, but in all cases
the multiple layers of authentication require an attacker to know more, or possess
more, than is required to spoof a single layer.
● Some versions of the UNIX operating system provide a mechanism called pluggable
authentication modules (PAM).
● A pluggable authentication module is a mechanism to integrate multiple low-level
authentication schemes into a high-level application programming interface.
● It allows programs that rely on authentication to be written independently of the
underlying authentication scheme.
● When a program authenticates a user, it invokes a library routine,
pam_authenticate, that accesses set of configuration files.
Mutual(Symmetric, Public Key)
● Mutual authentication, also called two way authentication, is a process or
technology in which both client and server authenticate each other's identities
before actual communication occurs.
● In a network environment, the client authenticates the server and vice versa.
● This authentication process is common in web based and online applications.
● This is to ensure that clients are communicating exclusively with legitimate
entities or servers and so the servers can be certain that the client attempting
access has a legitimate purpose.
Cont.
1. A client requests access to a protected resource.
2. The server presents its certificate to the client.
3. The client verifies the server’s certificate.
4. If successful, the client sends its certificate to the server.
5. The server verifies the client’s credentials.
6. If successful, the server grants access to the protected resource requested by
the client
Cont.
One-Way(Symmetric, Public Key)
● One-way authentication is a process or technology in which only client
authenticates server's identity before actual communication occurs.
● This is to ensure that clients are communicating exclusively with legitimate
servers.
● Establishing the authentication using certificate-based 1-Way SSL involves:
○ A client requests access to a protected resource.
○ The server presents its certificate to the client.
○ The client verifies the server’s certificate.
○ If successful, the client authenticates the server as legitimate.
Cont.
Digital Signature:
● A digital signature is an authentication mechanism that enables the creator of
a message to attach a code that acts as a signature.
● A digital code (generated and authenticated by public key encryption) which is
attached to an electronically transmitted document to verify its contents and
the sender's identity.
● The signature guarantees the source and integrity of the message.
● The digital signature must have the following properties:
○ It must verify the author and the date and time of the signature.
○ It must authenticate the contents at the time of the signature.
○ It must be verifiable by third parties, to resolve disputes.
Cont.
Direct Digital Signature
● The term direct digital signature refers to a digital signature scheme that
involves only the communicating parties (source, destination).
● It is assumed that the destination knows the public key of the source.
● Confidentiality can be provided by encrypting the entire message plus
signature with a shared secret key (symmetric encryption).
● Note that it is important to perform the signature function first and then an
outer confidentiality function.
● In case of dispute, some third party must view the message and its signature.
● If the signature is calculated on an encrypted message, then the third party
also needs access to the decryption key to read the original message.
● However, if the signature is the inner operation, then the recipient can store
the plaintext message and its signature for later use in dispute resolution.
Arbitrated Digital Signature
● Implementing an arbitrated digital signature invites a third party into the
process called a "trusted arbiter."
● The role of the trusted arbiter is usually twofold: first this independent third
party verifies the integrity of the signed message or data.
● Second, the trusted arbiter dates or time-stamps the document, verifying
receipt and the passing on of the signed document to its intended final
destination.
● This approach requires suitable level of trust in arbiter to ensure that the
arbiter is not biased and unauthorized modification won’t be done.
● This can be implemented with either private or public-key algorithms
Digital Certificate
● A digital certificate is an electronic "passport" that allows a person, computer
or organization to exchange information securely over the Internet using the
public key infrastructure (PKI).
● A digital certificate may also be referred to as a public key certificate or
identity certificate.
● A digital certificate authenticates the Web credentials of the sender and lets
the recipient of an encrypted message know that the data is from a trusted
source (or a sender who claims to be one).
● A digital certificate is issued by a certification authority (CA).
● A person (sender), who is sending an encrypted message may obtain a digital
certificate from a CA to ensure authenticity.
● The CA issues the digital certificate with the applicant's public key, along with
other information such as holder name, serial number, date of expiration and
a digital CA signature.
● It also issues its own public key in the public domain via the Web.
Cont.
● When a Web message is transmitted, a digital certificate serves as an
encrypted attachment containing the public key and other relevant identifying
data.
● When the recipient receives the message, the digital certificate is decoded
using the CA’s public key.
● Using various information residing in the digital certificate, the recipient can
send an encrypted reply back to the sender.
● Digital certificates verify website authenticity and legitimacy.
● A browser may display an unsafe digital certificate alert but still permit user
entry.
● This warning signals that the website is a threat and security risk.
● The most common digital certificate standard is X.509.
X.509 Certificate
● An X.509 certificate is a digital certificate that uses the widely accepted
international X.509 public key infrastructure (PKI) standard to verify that a
public key belongs to the user, computer or service identity contained within
the certificate.
● An X.509 certificate contains information about the identity to which a
certificate is issued and the identity that issued it.
● Standard information in an X.509 certificate includes:
Cont.
● Version – which X.509 version applies to the certificate (which indicates what data
the certificate must include)
● Serial number – the identity creating the certificate must assign it a serial number
that distinguishes it from other certificates
● Algorithm information – the algorithm used by the issuer to sign the certificate
● Issuer distinguished name – the name of the entity issuing the certificate (usually
a certificate authority)
● Validity period of the certificate – start/end date and time
● Subject distinguished name – the name of the identity the certificate is issued to
● Subject public key information – the public key associated with the identity
● Extensions (optional)

Many of the certificates that people refer to as Secure Sockets Layer (SSL)
certificates are in fact X.509 certificates.
Authentication Protocols
● An authentication protocol is a type of cryptographic protocol specifically
designed for transfer of authentication data between two entities.
● It allows the receiving entity to authenticate the connecting entity (e.g. Client
connecting to a Server) as well as authenticate itself to the connecting entity
(Server to a client) by declaring the type of information needed for
authentication.
● It has to comply with the main protocol principles:
○ A Protocol has to involve two or more parties and everyone involved in the protocol must know
the protocol in advance.
○ All the included parties have to follow the protocol.
○ A protocol has to be unambiguous - each step must be defined precisely
○ A protocol must be complete - must include a specified action for every possible situation.
● Authentication Protocols are used mainly by Point-to-Point Protocol (PPP)
servers to validate the identity of remote clients before granting them access
to server data.
PAP- Password Authentication Protocol
● Password Authentication Protocol is one of the oldest authentication
protocols. Authentication is initialized by client/user by sending packet with
credentials (username and password) at the beginning of the connection.
● It is highly insecure because the credentials are being transmitted over the
network in plain ASCII text thus it is vulnerable even to the most simple
attacks like Eavesdropping and man-in-the middle based attacks.
CHAP- Challenge-handshake authentication protocol
● The authentication process in this protocol is always initialized by the
server/host and can be performed anytime during the session, even
repeatedly.
● Server sends a random string (usually 128B long).
● Client uses his password and the string received as parameters for MD5
hash function and then sends the result together with username in plain text.
● Server uses the username to apply the same function and compares the
calculated and received hash.
● An authentication is either successful or unsuccessful.
EAP - Extensible Authentication Protocol
● EAP was originally developed for PPP(Point-to-Point Protocol) but today is
widely used in IEEE 802.1x authentication framework.
● The advantage of EAP is that it is only a general authentication framework for
client-server authentication - the specific way of authentication is defined in its
many versions called EAP-methods.
● More than 40 EAP-methods exist, the most common is EAP-MD5
Authentication Service: Kerberos V4
● Kerberos is a protocol for authenticating service requests between trusted hosts across an
untrusted network, such as the internet.
● Kerberos is built in to all major operating systems including Microsoft Windows, Apple OS
and Linux.
● Kerberos was originally developed for Project Athena at the Massachusetts Institute of
Technology (MIT).
● The name Kerberos was taken from Greek mythology; Kerberos was a three-headed dog
who guarded the gates of Hades.
● The three heads of the Kerberos protocol represent a client, a server and a Key Distribution
Center (KDC), which acts as Kerberos' trusted third-party authentication service.
● KDC provides two services: an authentication service and a ticket granting service.
● KDC "tickets" provide mutual authentication, allowing nodes to prove their identity to one
another in a secure manner.
● Kerberos authentication uses DES cryptography to prevent packets traveling across the
network from being read or changed and to protect messages from eavesdropping and
replay attacks.
● To start the Kerberos authentication process, the initiating client sends a request to an
authentication server for access to a service.
Cont.
● The initial request is sent as plaintext because no sensitive information is included in
the request.
● The authentication server retrieves the initiating client's private key, assuming the
initiating client's username is in the KDC database.
● If the initiating client's username cannot be found in the KDC database, the client
cannot be authenticated and the authentication process stops.
● If the client's username can be found in the KDC database, the authentication server
generates a session key and a ticket granting ticket.
● The ticket granting ticket is time stamped and encrypted by the authentication server
with the initiating client's password.
● The initiating client is then prompted for a password; if what is entered matches the
password in the KDC database, the encrypted ticket granting ticket sent from the
authentication server is decrypted and used to request a credential from the ticket
granting server for the desired service.
● The client sends the ticket granting ticket to the ticket granting server, which may be
physically running on the same hardware as the authentication server, but
performing a different role.
Cont.
● The ticket granting service carries out an authentication check similar to that
performed by the authentication server, but this time sends credentials and a
ticket to access the requested service.
● This transmission is encrypted with a session key specific to the user and
service being accessed.
● This proof of identity can be used to access the requested "kerberized"
service, which, once having validated the original request, will confirm its
identity to the requesting system.
● The time stamped ticket sent by the ticket granting service allows the
requesting system to access the service using a single ticket for a specific
time period without having to be re authenticated.
● Making the ticket valid for a limited time period makes it less likely that
someone else will be able to use it later.
Cont.