Cryptography

PIET-PIT,CSE IT TEAM
Computer Science and Engineering
 CHAPTER-8

User Authentication
Content
• Principles
• Remote user authentication with symmetric encryption
• Remote user authentication with asymmetric encryption
• Kerberos
User Authentication
⮚fundamental security building block
●basis of access control & user accountability
⮚It is the process of verifying an identity claimed by or for a system entity
⮚has two steps:
●identification - specify identifier
●verification - bind entity (person) and identifier
Way to Achieve User Authentication
⮚four means of authenticating user's identity
⮚based one something the individual
●Something the individual knows - e.g. password, PIN
●Something the individual possesses- e.g. key, token, smartcard
●Something the individual is (static biometrics)- e.g. fingerprint, retina
●Something the individual does (dynamic biometrics) - e.g. voice, sign
⮚can use alone or combined
⮚all can provide user authentication
⮚all have issues
Protocol For User Authentication
used to convince parties of each others identity and to exchange session keys
may be one-way or mutual
key issues are
confidentiality – to protect session keys
timeliness – to prevent replay attacks
Types of Replay Attack
1. The simplest replay attack is one in which the opponent simply copies a
message and replays it later.
2. An opponent can replay a timestamped message within the valid time window.
If both the original and the replay arrive within then time window, this incident
can be logged.
3. As with example (2), an opponent can replay a timestamped message within
the valid time window, but in addition, the opponent suppresses the original
message. Thus, the repetition cannot be detected.
4. Another attack involves a backward replay without modification. This is a
replay back to the message sender. This attack is possible if symmetric encryp-
tion is used and the sender cannot easily recognize the difference between
messages sent and messages received on the basis of content.
How to avoid Replay Attack
• Timestamps: Party A accepts a message as fresh only if the message contains a
timestamp that, in A’s judgment, is close enough to A’s knowledge of current
time. This approach requires that clocks among the various participants be
synchronized.
• Challenge/response: Party A, expecting a fresh message from B, first sends B a
nonce (challenge) and requires that the subsequent message (response)
received from B contain the correct nonce value.
One way User Authentication
required when sender & receiver are not in communications at same time
(eg. email)
have header in clear so can be delivered by email system
may want contents of body protected & sender authenticated
Symmetric Encryption User Authentication
A two-level hierarchy of symmetric encryption keys can be used to provide
confidentiality for communication in a distributed environment.
Usually involves the use of a trusted key distribution center (KDC). Each party
shares own master key with KDC
• KDC generates session keys used for connections between parties
• master keys used to distribute these to them
Needham-Scroeder Protocol
original third-party key distribution protocol
for session between A B mediated by KDC
protocol overview is:
Mutual Authentication
1. A ---> KDC
IDa || IDb || N1
2. KDC ---> A
E(Ka, [Ks || IDb || N1 || E(Kb,[Ks || IDa)])
3. A ---> B
E(Kb, [Ks || IDa])
4. B ---> A
E(Ks, N2)
5. A ---> B
E(Ks, f(N2))
One way Authentication
use refinement of KDC to secure email
since B no online, drop steps 4 & 5
One-way Authentication
1. A ---> KDC
IDa || IDb || N1
2. KDC ---> A
E(Ka, [Ks || IDb || N1 || E(Kb, [Ks || IDa])])
3. A ---> B
E(Kb, [Ks || IDa]) || E(Ks, M)

provides encryption & some authentication

Kerberos
• Kerberos is an authentication service developed as part of Project
Athena at MIT
• One of the best known and most widely implemented trusted third
party key distribution systems.
• Kerberos provides a centralized authentication server whose function is
to authenticate users to servers and servers to users.
• Kerberos relies exclusively on symmetric encryption, making no use of
public-key encryption. Two versions of Kerberos are in common use: v4
& v5.
Kerberos Requirement
Assume an open distributed environment in which users at workstations
wish to access services on servers distributed throughout the network. We
would like for servers to be able to restrict access to authorized users and
to be able to authenticate requests for service. In this envi- ronment, a
workstation cannot be trusted to identify its users correctly to network
services. In particular, the following three threats exist:
1. A user may gain access to a particular workstation and pretend to be another
user operating from that workstation.
2. A user may alter the network address of a workstation so that the requests
sent from the altered workstation appear to come from the impersonated
workstation.
3. A user may eavesdrop on exchanges and use a replay attack to gain entrance
to a server or to disrupt operations.
Kerberos V4
⮚a basic third-party authentication scheme
⮚ Kerberos provides a trusted third-party authentication service that enables
clients and servers to establish authenticated communication.
⮚ Kerberos is an authentication service designed for use in a distributed
environment.
Version 4 of Kerberos makes use of DES, to provide the authentication service.
⮚have an Authentication Server (AS)
●users initially negotiate with AS to identify self
●AS provides a non-corruptible authentication credential (ticket granting ticket
TGT)
⮚have a Ticket Granting server (TGS)
●users subsequently request access to other services from TGS on basis of
users TGT
⮚using a complex protocol using DES
Kerberos V4
Let’s Understand Step By Step
Step-1
The client sends a plaintext request to the AS asking for a ticket it can use to talk to
the TGS.
Request:Login name,TGS name
▪Since this request contains only well-known names, it does not need to be
sealed.

C--->AS : IDc||IDtgs||TS1
Step-2
The AS finds the keys corresponding to the login name and the TGS name.
The AS creates a ticket:
Login name
TGS name
Client network address
TGS session key
The AS seals the ticket with the TGS secret key.
Fig-8.2 Kerberos Protocol(Image Source: Ref[1])
AS--->C: E(Kc, [Kc,tgs||IDtgs||TS2||Lifetime2||
Tickettgs])

Tickettgs=E(Ktgs, [Kc,tgs||IDc||ADc||IDtgs||TS2||
Lifetime2])
Step-3
The client decrypts the message using the user’s password as the secret key.
The client now has a session key and ticket that can be used to contact the TGS.
The client cannot see inside the ticket, since the client does not know the TGS
secret key.
When a client wants to start using a server (service), the client must first obtain a
ticket.
The client composes a request to send to the TGS
C--->TGS: Idv||Tickettgs||
Authenticatorc
Step-4

Tickettgs=E(Ktgs, [Kc,tgs||IDc||ADc||IDtgs||TS2||Lifetime2])

AuthenticatorC=E(Kc,tgs, [IDc||ADc||TS3])
Step-4
The TGS decrypts the ticket using it’s secret key. Inside is the TGS session key.
The TGS decrypts the authenticator using the session key.
The TGS check to make sure login names, client addresses and TGS server name
are all ok.
TGS makes sure the authenticator is recent.
Builds a ticket for the client and requested server. The ticket is sealed with the
server key.Creates a session key.Seals the entire message with the tgs session key
and sends it to the client.

TGS--->C: E(Kc,tgs, [Kc,v||

IDv||TS4||Ticketv])
Step-4

Tickettgs=E(Ktgs, [Kc,tgs||IDc||ADc||IDtgs||TS2||Lifetime2])

TicketV=E(KV, [Kc,V||IDc||ADc||IDV||TS4||Lifetime4])

AuthenticatorC=E(Kc,tgs, [IDc||ADc||TS3])
Step-5
The client now decrypts the TGS response using the TGS session key.
The client now has a session key for use with the new server, and a ticket to use
with that server.
The client can contact the new server using the same format used to access the
TGS.

TicketV=E(KV, [Kc,V||IDc||
ADc||IDV||TS4||Lifetime4])

AuthenticatorC=E(Kc,v,
[IDc||ADc||TS5])
Step-6
Server verifies the ticket and authentication matches then grant the service to
client.
What is Ticket
• Each request for a service requires a ticket.
• A ticket provides a single client with access to a single server.
• Tickets are dispensed by the “ticket granting server” (TGS), which has
knowledge of all the encryption keys.
• Tickets are meaningless to clients, they simply use them to gain access to
servers.
• The TGS seals (encrypts) each ticket with the secret encryption key of the
server.
• Sealed tickets can be sent safely over a network - only the server can make
sense out of it.
• Each ticket has a limited lifetime (a few hours).
Content of Ticket
• Client name (user login name)
• Server name
• Client host network address
• Session key for client/server
• Ticket lifetime
• Creation timestamp
Let’s Recap

Fig-8.3 Kerberos Protocol(Image Source: Ref[1])

Kerberos Realm
Kerberos V5
• developed in mid 1990’s
• specified as Internet standard RFC 1510
• provides improvements over v4
– addresses environmental shortcomings
• encryption algo, network protocol, byte order, ticket lifetime,
authentication forwarding
– and technical deficiencies
• double encryption, non-std mode of use, session keys, password
attacks
Kerberos V4 vs V5

Fig-8.6 Kerberos v5(Image Source: Ref[1])

Remote user Authentication by Asymmetric encryption
• Mutual Authentication
References
[1] Cryptography And Network Security, Principles And Practice, WilliamStallings,
Pearson
[2] Cryptography & Network Security, Forouzan, Mukhopadhyay, McGrawHill
[3] Information Security Principles and Practice, Deven Shah, Wiley-India
[4]
https://www.tutorialspoint.com/cryptography/cryptography_hash_functions.
htm
[5] https://www.educba.com/sha-algorithm/
[6] https://www.geeksforgeeks.org/how-message-authentication-code-works/
[7]
https://www.coursera.org/lecture/cryptographic-hash-integrity-protection/ci
pher-based-mac-cmac-iXAov
Video Link:
[6] Youtube Channel - Ankit Chouhan
www.paruluniversity.ac.in