1 / 22

Privacy versus Authentication

Explore the importance of privacy and authentication in secure communication. Learn about the challenges of weak passwords and the use of biometrics, challenge-response authentication, and digital signatures for authentication. Discover how public key authentication ensures confidentiality and message integrity.

beverlyjones
Télécharger la présentation

Privacy versus Authentication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy versus Authentication • Confidentiality (Privacy) • Interceptors cannot read messages • Authentication: proving the sender’s identity • The Problem of Impostors • Uses encryption • So encryption is not only for privacy and confidentiality!

  2. Authentication • Authentication methods: Passwords • Most users pick short passwords that are easy to guess with exhaustive search • Users often pick passwords that are common words or repetitive letter combinations; Even easier to guess • Automated password cracking is very effective

  3. Authentication • Authentication methods: Passwords • Often, weak passwords protect more important systems • Users must be forced to pick long passwords containing case changes and numerals, such as Tri6Vial

  4. Authentication • Authentication methods • Biometrics • Fingerprint analysis, iris analysis, etc. • New and not standardized • Authentication Card • Push into slot of a machine • Also must give password usually • Public Key Authentication • Prove that sender holds their private key, which only they should know

  5. Authentication • Verifier is the party who wishes the other party to authenticate themselves • Applicant is the other party, which wishes to prove its identity Prove Your Identity Applicant Verifier

  6. Challenge-Response Authentication • Verifier sends the applicant a challenge message • This challenge message is a string of bits Challenge Message Applicant Verifier

  7. Challenge-Response Authentication • Applicant sends back a response message • This is the challenge message encrypted with the applicant’s private key Response Message Applicant Verifier

  8. Challenge-Response Authentication • Verifier decrypts the response message with the true party’s public key • If matches the challenge message, was encrypted with the true party’s private key, which only the true party should know • Applicant is authenticated Challenge Message Response Message Applicant Verifier

  9. Frequency of Authentication • Challenge-Response Authentication • Only done initially • Or done at most a few times during a session • Digital Signature Authentication (next) • Provides authentication for every message • Called message-by-message authentication • Also provides message integrity—proof that the message has not been changed en route

  10. Public Key Authentication • Ultimate goal is to send an original plaintext message from the applicant to the verifier • If security was not an issue, the applicant simply would send it Original Plaintext Applicant Verifier

  11. Public Key Authentication • Ultimate goal is to send an original plaintext message from the applicant to the verifier • If only confidentiality was an issue, would merely encrypt the original plaintext with a symmetric session key Ciphertext Using Symmetric Key Applicant Verifier

  12. Calculation Public Key Authentication • For authentication, also send a digital signature with each packet • First create a message digest (MD) • A small binary string calculated on the basis of all of the bits in the message Message Message Digest

  13. Public Key Authentication • First create a message digest (MD) • Normally, use a process called hashing • For a message of arbitrary size, hashing produces a small number of predictable size • MD5: 128 bits • SHA-1: 160 bits Message Message Digest Hash

  14. Public Key Authentication • First create a message digest (MD) • Hashing is not reversible • Cannot get back original message if you know its hash • Just done to produce something small enough (message digest) to encrypt with public key encryption Message Message Digest Hash

  15. Encrypt with Sender’s Private Key Public Key Authentication • Next create a digital signature • Encrypt the message digest with sender’s private key, which only the sender should be able to do • Also called signing the message digest with the sender’s private key Message Digest Digital Signature

  16. Encrypt with Sender’s Private Key Public Key Authentication • Next create a digital signature • Encrypt message digest with sender’s private key, which only the sender should be able to do; creates the digital signature • Message digest is short, so public key encryption is not too burdensome Message Digest Digital Signature

  17. Encrypt with Sender’s Private Key Public Key Authentication • Note • Message digest is a hash of the original message • MD is not encrypted • Digital signature is what you get when you encrypt the MD with public key encryption • Do not confuse the two Message Digest Digital Signature

  18. Public Key Authentication • Encrypt combined message and digital signature with the symmetric session key and send to the receiver • This gives confidentiality (privacy) during transmission • Easy to forget the encryption with the symmetric session key Digital Signature Message Encrypt with symmetric session key

  19. Public Key Authentication • Receiver decrypts ciphertext with symmetric session key • Then decrypts digital signature with sender’s public key to get the original message digest • This is the transmitted message digest Decrypt with Sender’s Public Key Transmitted Message Digest Digital Signature

  20. Public Key Authentication • Receiver then hashes the original plaintext, just as the sender did • This is the computed message digest Hashed Computed Message Digest Original Plaintext

  21. Public Key Authentication • If the transmitted and computed message digests match, the sender is authenticated as being the true party • Because the digital signature was signed with the true party’ private key, as shown by decryption with the true party’s public key Message Digest Computed from Original Plaintext Message Digest from Digital Signature

  22. Public Key Authentication • Digital Signature also Provides Message Integrity • Proof that the message has not been altered en route • If message has been changed by error or by an attacker, message digests will not match Message Digest Computed from Original Plaintext Message Digest from Digital Signature

More Related