Lecture 3

• Lecture 3: Authentication Protocols .
• Plan for Today .
• Goals for Today .
• Entity Authentication .
• Solution: "Weak"Authentication .
• Solution: Challenge-Response Authentication .
• Example Using Public-Key .
• Challenge-Response with Zero-Knowledge Protocols .
• Impractical example based on graph isomorphism .
• Perfect Zero-Knowledge Interactive Proof for Graph Isomorphism .
• Example .
• Three Properties of ZK Protocols .
• Computational Zero-Knowledge .
• Fiat- Shamir Identification Protocol (Basic) .
• Summary of Zero-Knowledge Interactive Protocols .
• Level of Abstraction Change .
• Key Transport Protocols: Starters .
• Notation (in Literature, not Textbook) .
• Needham -Schroeder [1978] .
• Flaw #1: Denning - Sacco Replay Attack .
• Denning - Sacco Fix [1981]: Use Timestamps .
• Needham -Schroeder Fix [1987]: Use Nonces .
• Other Flaws in Needham -Schroeder Protocols .
• Flaw in Needham -Schroeder Public-Key [Lowe96] .
• The Fix .
• Otway -Rees [1987] .
• Flaw # 1: Type Flaw .
• Flaw #2: M needs to be an unpredictable nonce. .
• Wide-Mouthed Frog [Burrows] .
• Flaws/Weaknesses .
• Flaw #2 .
• Kerberos (Version 5) .
• Kerberos Tickets .
• Kerberos Weaknesses .
• Weaknesses Summarized .
• Weaknesses ( cont'd ) .
• Three-Pass Protocol .
• Simmon's Attack on Tatebayashi - Matsuzaki - Newmann (TMN) .
• Lessons .
• Weaknesses ( cont'd ) .
• Design Principles .
• Encryption in Kerberos V4 .
• Encrypting Encrypted Messages .
• Signing Encrypted Data .
• But "Signing Before Encrypting is not a Bill of Health" [AN96] .
• More Design Principles .
• Next lecture .

Back to Lectures

Heather L. Marko
Last Modified: September 1998