REMOTE USER-AUTHENTICATION
PRINCIPLES
In most computer
security contexts, user
authentication is the fundamental building block and the primary line of
defense. User authentication is the basis for most
types of access control and for user accountability. RFC 2828 defines
user authentication as shown on the following page.
For example, user Alice Toklas
could have the user identifier ABTOKLAS. This information needs to be
stored on any server or computer system that Alice wishes to use and could be known to system administrators and other users.
A typi- cal item of
authentication information associated with this user ID is a password, which is
kept secret (known only to Alice and to the system). If no one is able to obtain or
guess Alice’s password, then the combination
of Alice’s user ID and
password enables administrators to set up Alice’s access
permissions and audit
her activity. Because Alice’s ID is not secret, system users can send her e-mail,
but because her password is secret, no one can pretend to be Alice.
The process of verifying
an identity claimed by or for a system entity. An authentication process
consists of two steps:
•
Identification
step: Presenting an identifier
to the security system. (Identifiers should
be assigned carefully, because authenticated identities are the basis for other security
services, such as access control
service.)
•
Verification step: Presenting or generating authentication information that
corroborates the binding between the entity and the identifier.
In essence, identification is the means
by which a user provides
a claimed iden- tity to the system;
user authentication is the means of establishing the validity of the
claim. Note that user authentication is distinct from message authentication.
As defined in Chapter 12, message
authentication is a procedure that allows communi- cating parties to verify that the contents
of a received message have not been altered
and that the source is authentic. This chapter is concerned solely with user
authentication.
There are four general means
of authenticating a user’s identity, which
can be used alone or in combination:
•
Something
the individual
knows: Examples
include a password, a personal
identification number (PIN), or answers
to a prearranged set of questions.
•
Something the individual possesses: Examples include cryptographic keys, electronic keycards, smart cards, and physical keys. This type of authenticator
is referred to as a token.
•
Something the individual
is (static biometrics): Examples include recognition by fingerprint, retina, and face.
•
Something the individual
does (dynamic biometrics): Examples include recog- nition by voice pattern,
handwriting characteristics, and typing rhythm.
All of these
methods, properly implemented and used, can provide secure
user authentication. However, each method has problems. An adversary may be able to
guess or steal a password. Similarly, an adversary may be able to forge or
steal a token. A user may forget a password
or lose a token. Furthermore, there is a signifi-
cant administrative overhead for managing password and token information on systems and securing such information on systems. With respect to biometric authenticators, there
are a variety of problems, including dealing with false positives and false negatives, user acceptance, cost,
and convenience. For network-based user authentication, the most important methods involve
cryptographic keys and some- thing the
individual knows, such
as a password.
Mutual Authentication
An important
application area is that of mutual authentication protocols. Such protocols enable communicating parties
to satisfy themselves mutually about each other’s identity and to exchange session
keys. This topic
was examined in Chapter 14. There,
the focus was key distribution. We return
to this topic here to consider the wider implications of authentication.
Central to the problem of authenticated key exchange are
two issues: confiden- tiality and timeliness. To prevent masquerade and to prevent compromise of session keys, essential identification and session-key information must be communicated in encrypted
form. This requires the
prior existence of secret or public
keys that can be used for this purpose. The second issue, timeliness, is important
because of the threat of message
replays. Such replays, at worst, could allow an opponent to compromise
a ses- sion key or successfully impersonate another party.At minimum, a successful
replay can disrupt operations by presenting
parties with messages that appear genuine but are not.
[GONG93] lists the following examples of replay attacks:
•
Simple replay: The opponent simply copies a
message and replays it later.
•
Repetition that can be logged: An opponent can replay a timestamped message within the valid time window.
•
Repetition
that cannot
be detected: This situation
could arise because the original
message could have been suppressed and thus did not arrive at its destination; only the replay
message arrives.
•
Backward replay without
modification: This is a replay back
to the message sender. This attack is possible if symmetric encryption is used and the sender cannot easily recognize the
difference between messages sent and messages received on the basis
of content.
One approach to coping with replay attacks
is to attach a sequence
number to each message
used in an authentication exchange. A new message
is accepted only if
its sequence number is in the proper
order. The difficulty with this approach
is that it requires
each party to keep track of the last sequence
number for each claimant it has dealt with. Because of this overhead,
sequence numbers are generally not used
for authentication and key exchange. Instead, one of the following two general approaches
is used:
•
Timestamps: Party A accepts a message
as fresh only if the message contains a timestamp that,
in A’s judgment, is close enough to A’s knowledge of current time. This
approach requires that clocks among the various participants be synchronized.
•
Challenge/response: Party A, expecting a fresh message
from B, first sends
B a nonce (challenge) and requires that the subsequent
message (response) received from B contain
the correct nonce value.
It can be argued (e.g., [LAM92a]) that the timestamp approach should not be used for connection-oriented
applications because of the inherent difficulties with this technique. First,
some sort of protocol is needed to maintain synchronization among the various
processor clocks. This protocol must be both fault tolerant, to
cope with network errors,
and secure, to cope with hostile attacks. Second,
the oppor- tunity for
a successful attack
will arise if there is a temporary loss of synchronization resulting from
a fault in the clock
mechanism of one
of the parties. Finally, because
of the variable and unpredictable nature of network delays, distributed clocks cannot be
expected to maintain precise synchronization. Therefore, any timestamp-based
procedure must allow
for a window of time sufficiently large
to accommodate net- work delays yet sufficiently small to minimize
the opportunity for attack.
On the other hand, the challenge-response
approach is unsuitable for a con- nectionless type of application, because it
requires the overhead of a handshake before
any connectionless transmission, effectively negating the chief characteristic of a connectionless transaction. For such applications,
reliance on some sort of
secure time server and a consistent attempt
by each party to keep its clocks in syn- chronization may be the best approach
(e.g., [LAM92b]).
One-Way Authentication
One application for which encryption is
growing in popularity is electronic mail (e-mail). The very nature of
electronic mail, and its chief benefit, is that it is not necessary for the
sender and receiver to be online at the same time. Instead, the e-mail message
is forwarded to the receiver’s electronic mailbox, where it is buffered until
the receiver is available to read it.
The “envelope” or header of the e-mail message must be in the
clear, so that the message can be handled by the store-and-forward e-mail
protocol, such as the Simple Mail Transfer Protocol
(SMTP) or X.400.
However, it is often desirable that the mail-handling protocol
not require access
to the plaintext form of the message, because that would require
trusting the mail-handling mechanism. Accordingly, the e-mail message should be encrypted
such that the mail-handling system is not in possession of the decryption key.
A second requirement is that of authentication. Typically, the recipient wants some assurance that the message
is from the alleged sender.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.