1 / 12

Using Encryption for Authentication in Large Networks of Computers

Using Encryption for Authentication in Large Networks of Computers. Roger M. Needham Michael D. Schroeder. Purpose. Present protocols for decentralized authentication Authenticated interactive communication Authenticated one-way communication Signed communication. Environment.

carolos-alex
Download Presentation

Using Encryption for Authentication in Large Networks of Computers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Using Encryption for Authentication in Large Networks of Computers Roger M. Needham Michael D. Schroeder

  2. Purpose • Present protocols for decentralized authentication • Authenticated interactive communication • Authenticated one-way communication • Signed communication

  3. Environment • No centralized information collection • Each computer can perform encryption • Intruder can interpose in all communication paths • Each principal has secure environment in which to compute

  4. Protocols • Conventional algorithms (symmetric crypt.) • each principal has a secret key known to it, and Authentication Server • To set up “secure channel,” a message must have two properties • Must be comprehensive only to receiver. Receiver can then use contents to identify himself to sender. • Receiver must know sender sent it.

  5. Symmetric Two-Way Algorithm • A -> AS: A, B, IA1 • AS -> A: {IA1, B, CK, {CK, A}KB}KA • A -> B: {CK, A}KB • B -> A: {IB}CK • A -> B: {IB - 1}CK

  6. Public Key Two-Way Algorithm • A -> AS: A, B • AS -> A: {PKB, B}SKAS • A -> B: {IA, A}PKB • B -> AS: B, A • AS -> B: {PKA, A}SKAS • B -> A: {IA, IB}PKA • A -> B: {IB}PKB

  7. Authentication Servers • Multiple Authentication Servers • Different AS for A and B • Implementing Authentication Servers • Symmetric & PK differences - secrecy & integrity • not much difference

  8. One-Way communication • Symmetric Key • A -> B: {CK, A}KB • Public Key • A -> B: {A,I,{B}SKA}PKB • Time integrity is a problem due to replay • time-stamps • receiver stores {source, time-stamp} • Signature can be used as well

  9. Digital Signatures • Provide evidence to a 3rd party that a message is unchanged • Verify who sent the message • Sender must have unique signing ability • Characteristic function/One-Way hash func. • Allows “signature” to be smaller than the cleartext message

  10. Digital Signature with Symmetic Encryption • A -> AS: A, {CSM}KA • AS -> A: {A, CSM}KAS • A -> B: {M, {A, CSM}KAS}KB • B -> AS: B, {A, CS}KAS • AS -> B: {A, CS}KB

  11. Signature with PK Encryption • A -> B: {{text-block}SKA}PKB • easier! • Still may want to use CS to speed authentication of signature • Old PK’s must be stored by AS, and signature must contain time.

  12. Conclusions • Protocols using pk and conventional encryption are similar • PK has advantage only in signed communications for these systems • Need means to evaluate the validity of protocols

More Related