Tuesday, May 31, 2022

Remote User Authentication using Asymmetric Encryption in Network Security | Woo and Lam Proposal | Mutual Authentication | One-way Authentication

Remote User Authentication using Asymmetric Encryption

What is User Authentication?

User authentication is the process of recognizing a user's identity.

What is Remote user authentication?

It is a mechanism in which the remote server verifies the legitimacy of a user over non-secure communication channel.

There are two types of remote user authentication:

Mutual Authentication

One approach to the use of public-key encryption for the purpose of session-key distribution.

This protocol assumes that each of the two parties are known their public keys of each other. It may not be practical to require this assumption.

Solution-1:

In this case, the central system is referred to as an authentication server (AS), because it is not actually responsible for secret-key distribution. Rather, the AS provides public-key certificates.

The session key is chosen and encrypted by A; hence, there is no risk of exposure by the AS. The timestamps protect against replays of compromised keys. This protocol is compact but, as before, requires the synchronization of clocks. 

Solution-2:


In step-1, A informs the KDC of its intention to establish a secure connection with B.

In step-2, The KDC returns to A the B’s public-key certificate

In step-3, using B’s public key, A informs B of its desire to communicate and sends a nonce.

In step-4, B asks the KDC for A’s public-key certificate and requests a session key; B includes A’s nonce so that the KDC can stamp the session key with that nonce. The nonce is protected using the KDC’s public key.

In step-5, the KDC returns to B a copy of A’s public-key certificate, plus the information Na, Ks, IDB, IDA. This information basically says that Ks is generated by KDC on behalf of B and tied to Na. This information is encrypted using the KDC’s private key to allow B to verify that the information is in fact from the KDC. It is also encrypted using B’s public key so that no other entity may use the information in an attempt to establish a fraudulent connection with A.

In step-6 and 7, this information encrypted with PRAuth is given to A together with Nb. All the foregoing is encrypted using A’s public key. A retrieve the session key Ks and uses it to encrypt Nb.


One-way Authentication

There are focus on two main areas, when communication on non-secure network: Confidentiality and Authentication.

If confidentiality is the primary concern, then the following may be more efficient:

A è B: E(PU, Ks) || E(K, M)

In this case, the message is encrypted with a one-time secret key. A also encrypts this one-time key with B’s public key. Only B will be able to use the corresponding private key to recover the one-time key and then use that key to decrypt the message. This scheme is more efficient than simply encrypting the entire message with B’s public key.

If authentication is the primary concern, then a digital signature may suffice:

A è B: M || E(PR, H(M))

This method guarantees that A cannot later deny having sent the message. However, this technique is open to another kind of fraud. Bob composes a message to his boss Alice that contains an idea that will save the company money. He appends his digital signature and sends it into the e-mail system. Eventually, the message will get delivered to Alice’s mailbox. But suppose that Max has heard of Bob’s idea and gains access to the mail queue before delivery. He finds Bob’s message, strips off his signature, appends his, and requeues the message to be delivered to Alice. Max gets credit for Bob’s idea.

To counter such scheme, both the message and signature can be encrypted with the recipient’s public key:


To learn more about Socket Programming Functions, Click here

Watch more videos click here.

No comments:

Post a Comment