Authentication Protocols in Computer Networks

Questions and Answers

What is the goal of the authentication protocol in ap3.1?

To authenticate Alice's identity (correct)

To avoid playback attacks

To send encrypted passwords

To share a symmetric key

What is the purpose of the Authentication number in the protocol?

To share a public key

To authenticate Bob's identity

To encrypt the password

To confirm the agency's authority (correct)

What is the requirement for the Authentication number in ap4.0?

It must be used only once in a lifetime (correct)

It must be used multiple times

It must be shared with Bob

It must be encrypted with a public key

How does Alice prove she is 'live' in ap4.0?

By returning R, encrypted with a shared secret key

What is the limitation of ap4.0?

It requires a shared symmetric key

What is the motivation behind ap5.0?

To use public key techniques for authentication

What is the password to enter Moria in the context of J.R.R. Tolkien's story?

Mellon

What is the primary goal of authentication in the context of network communication?

To prove one's identity

What is the flaw in Protocol ap2.0?

Trudy can create a packet spoofing Alice's address

What type of attack can be launched against Protocol ap3.0?

Replay attack

What improvement does Protocol ap3.1 offer over Protocol ap3.0?

Alice's password is encrypted

Why is Protocol ap1.0 not secure?

Trudy can simply declare herself to be Alice

What is the primary purpose of a trusted CA in the SSL protocol?

To enable the browser to extract the server's public key from the certificate

What is the primary weakness in the ap5.0 protocol?

The distribution of public keys

What is the symmetric session key used for in the SSL protocol?

To encrypt all data sent into the TCP socket

What is the purpose of a Key Distribution Center (KDC)?

To act as a trusted intermediary between entities

What is the benefit of using client certificates in SSL?

It enables the server to authenticate the client

What is the problem with public key cryptography?

It is difficult to verify the authenticity of the public key

What is the relationship between SSL and TLS?

SSL is the basis for TLS

What is the role of a Trusted Certification Authority (CA)?

To verify the authenticity of public keys

What is an example of a non-Web application that can use SSL?

IMAP

What is the primary function of a Certificate Authority (CA)?

To bind public keys to particular entities

How does a KDC enable Alice and Bob to communicate with each other?

By establishing a shared symmetric secret key

What is the symmetric key problem?

How to establish a shared secret key over a network

What does Alice use to obtain Bob's public key?

Bob's certificate and CA's public key

What is the purpose of a digital signature in a certificate?

To ensure the integrity of the certificate

What is the primary goal of the Key Distribution Center (KDC) in the KA-KDC protocol?

To distribute session keys for symmetric encryption

What is the primary benefit of using SSL in web browsers?

To provide transport layer security for TCP-based applications

What information does a certificate contain?

All of the above

Study Notes

Authentication

• Goal: Bob wants Alice to "prove" her identity to him
• Protocol ap1.0: Alice says "I am Alice" (insufficient as Trudy can declare herself to be Alice)
• Protocol ap2.0: Alice says "I am Alice" in an IP packet containing her source IP address (Trudy can create a packet "spoofing" Alice's address)
• Protocol ap3.0: Alice says "I am Alice" and sends her secret password to "prove" it (vulnerable to playback attack)

Authentication: Another Try

• Protocol ap3.1: Alice says "I am Alice" and sends her encrypted secret password to "prove" it (secure against playback attack)
• Authentication number: used to confirm the speaker's identity, used only once in a lifetime
• Protocol ap4.0: Bob sends Alice an authentication number, R, which Alice must return encrypted with a shared secret key (proves Alice is live and is the only one who knows the key to encrypt R)
• Drawback of ap4.0: requires shared symmetric key

Public Key Techniques

• Protocol ap5.0: uses authentication number/nonce and public key cryptography (avoids shared symmetric key)
• Alice sends "I am Alice" and R, encrypted with her private key, to Bob
• Bob computes KA(R) and knows only Alice could have encrypted R such that KA(R) = R

Network Security

• Cryptography: symmetric and public, basic techniques and tradeoffs
• Authentication: common styles of attack
• Key distribution: why it is needed and its uses (secure email, secure transport, IPsec, 802.11 WEP)

Key Distribution

• Symmetric key problem: how to establish a shared secret key over a network
• Public key problem: how to ensure the public key obtained is genuine and not Trudy's
• Solution: trusted intermediaries (Key Distribution Center, KDC, or Trusted Certification Authority, CA)

Key Distribution Center (KDC)

• Server shares different secret key with each registered user
• Alice and Bob know their own symmetric keys for communicating with KDC
• KDC generates R1, which Alice and Bob use as a session key for shared symmetric encryption

Certification Authorities

• Certification authority (CA): binds public key to particular entity
• Entity registers its public key with CA and provides "proof of identity"
• CA creates a certificate binding entity to its public key, digitally signed by CA
• Certificate contains entity's public key, identifying information, and digital signature

Secure Sockets Layer (SSL)

• Provides transport layer security to any TCP-based application
• Security services: server authentication, data encryption, and client authentication (optional)
• SSL-enabled browser includes public keys for trusted CAs

Description

Learn about authentication protocols and goals, including difficulties in verifying identities online. Discover how Alice can prove her identity to Bob in a network.