Lecture 3
Lecture 3: Authentication Protocols
.
Plan for Today
.
Goals for Today
.
Entity Authentication
.
Solution: "Weak"Authentication
.
Solution: Challenge-Response Authentication
.
Example Using Public-Key
.
Challenge-Response with Zero-Knowledge Protocols
.
Impractical example based on graph isomorphism
.
Perfect Zero-Knowledge Interactive Proof for Graph Isomorphism
.
Example
.
Three Properties of ZK Protocols
.
Computational Zero-Knowledge
.
Fiat- Shamir Identification Protocol (Basic)
.
Summary of Zero-Knowledge Interactive Protocols
.
Level of Abstraction Change
.
Key Transport Protocols: Starters
.
Notation (in Literature, not Textbook)
.
Needham -Schroeder [1978]
.
Flaw #1: Denning - Sacco Replay Attack
.
Denning - Sacco Fix [1981]: Use Timestamps
.
Needham -Schroeder Fix [1987]: Use Nonces
.
Other Flaws in Needham -Schroeder Protocols
.
Flaw in Needham -Schroeder Public-Key [Lowe96]
.
The Fix
.
Otway -Rees [1987]
.
Flaw # 1: Type Flaw
.
Flaw #2: M needs to be an unpredictable nonce.
.
Wide-Mouthed Frog [Burrows]
.
Flaws/Weaknesses
.
Flaw #2
.
Kerberos (Version 5)
.
Kerberos Tickets
.
Kerberos Weaknesses
.
Weaknesses Summarized
.
Weaknesses ( cont'd )
.
Three-Pass Protocol
.
Simmon's Attack on Tatebayashi - Matsuzaki - Newmann (TMN)
.
Lessons
.
Weaknesses ( cont'd )
.
Design Principles
.
Encryption in Kerberos V4
.
Encrypting Encrypted Messages
.
Signing Encrypted Data
.
But "Signing Before Encrypting is not a Bill of Health" [AN96]
.
More Design Principles
.
Next lecture
.
Back to
Lectures
Heather L. Marko
Last Modified: September 1998