Remote User Authentication using Asymmetric Encryption
What is User Authentication?
User
authentication is the process of recognizing a user's identity.
What is Remote user authentication?
It is a mechanism in which the remote server verifies the legitimacy of a user over non-secure communication channel.
There are two types of remote user authentication:
Mutual Authentication
One approach to the use of public-key encryption for the purpose of session-key distribution.
This protocol assumes that each of the two parties are known their public keys of each other. It may not be practical to require this assumption.
Solution-1:
In this
case, the central system is referred to as an authentication server (AS),
because it is not actually responsible for secret-key distribution. Rather, the
AS provides public-key certificates.
The session key is chosen and encrypted by A; hence, there is no risk of exposure by the AS. The timestamps protect against replays of compromised keys. This protocol is compact but, as before, requires the synchronization of clocks.
Solution-2:
In step-1, A informs the KDC of its intention to
establish a secure connection with B.
In step-2, The KDC returns to A the B’s
public-key certificate
In step-3, using B’s public key, A informs B of
its desire to communicate and sends a nonce.
In step-4, B asks the KDC for A’s public-key
certificate and requests a session key; B includes A’s nonce so that the KDC
can stamp the session key with that nonce. The nonce is protected using the
KDC’s public key.
In step-5, the KDC returns to B a copy of A’s
public-key certificate, plus the information Na, Ks, IDB, IDA. This information
basically says that Ks is generated by KDC on behalf of B and tied to Na. This
information is encrypted using the KDC’s private key to allow B to verify that
the information is in fact from the KDC. It is also encrypted using B’s public
key so that no other entity may use the information in an attempt to establish
a fraudulent connection with A.
In step-6 and 7, this information encrypted with PRAuth is given to A together with Nb. All the foregoing is encrypted using A’s public key. A retrieve the session key Ks and uses it to encrypt Nb.
One-way Authentication
There are
focus on two main areas, when communication on non-secure network: Confidentiality and Authentication.
If
confidentiality is the primary concern, then the following may be more
efficient:
A è B: E(PUb ,
Ks) || E(Ks , M)
In this
case, the message is encrypted with a one-time secret key. A also encrypts this
one-time key with B’s public key. Only B will be able to use the corresponding
private key to recover the one-time key and then use that key to decrypt the
message. This scheme is more efficient than simply encrypting the entire
message with B’s public key.
If
authentication is the primary concern, then a digital signature may suffice:
A è B: M || E(PRa ,
H(M))
This
method guarantees that A cannot later deny having sent the message. However,
this technique is open to another kind of fraud. Bob composes a message to his
boss Alice that contains an idea that will save the company money. He appends
his digital signature and sends it into the e-mail system. Eventually, the message
will get delivered to Alice’s mailbox. But suppose that Max has heard of Bob’s
idea and gains access to the mail queue before delivery. He finds Bob’s
message, strips off his signature, appends his, and requeues the message to be
delivered to Alice. Max gets credit for Bob’s idea.
To
counter such scheme, both the message and signature can be encrypted with the
recipient’s public key:
To learn more about Socket Programming Functions, Click here
Watch more videos click here.
No comments:
Post a Comment