1

Number Theory and Advanced Cryptography 9. Authentication Protocols

Chih-Hung WangSept. 2011

Part I: Introduction to Number TheoryPart II: Advanced Cryptography

2

Basic Authentication Techniques Challenge-Response Mechanisms

3

Manipulation Detection Code

4

Applying Asymmetric Cryptographic Technique

Nonce Importance:

5

Standardization of the Challenge-Response Mechanism

Unilateral entity authentication

ISO Two-Pass Unilateral Authentication Protocol

6

Using a Cryptography Check Function (CCF)

7

ISO Public Key Two-Pass Unilateral Authentication Protocol

8

Timestamp Mechanism

9

Using MDC

10

Applying Asymmetric Cryptographic Techniques

11

Standardization of Timestamp Mechanism

ISO Symmetric Key One-Pass Unilateral Authentication Protocol

12

CCF & Public Key Techniques

13

Non-standard Mechanisms

14

Mutual Authentication

15

Wiener’s Attack

16

Involving Trusted Third PartyThe Woo-Lam Protocol

17

Password-based Authentication

18

Needham’s Password Protocol

19

A One-time Password Scheme

20

Attack of S/KEY: Man-in-the-Middle Attack

Page 371

21

Encrypted Key Exchange (EKE) (1)

Off-lineDictionaryAttack

22

Encrypted Key Exchange (EKE) (2)

23

Authenticated Key Exchange The Station-to-Station (STS) Protocol

Mutual Entity Authentication Mutually Authenticated Key Agreement Mutual Key Confirmation Perfect Forward Secrecy (PFS) *Anonymity (Deniability)

24

STS Protocol

25

A Flaw in a Simplified STS protocol (1)

26

A Flaw in a Simplified STS protocol (2)

27

A minor Flaw of the STS Protocol

Perfect denial of serviceattack

28

Typical Attacks on Authentication Protocols

Message Replay Attack (page 43,44)

29

Message Replay Attack

30

Parallel Session Attack (1)

31

Parallel Session Attack (2)

32

Reflection Attack

33

Attack Due to Type Flaw (1)

34

Attack Due to Type Flaw (2)

35

Attack Due to Name Omission

36

Attack Due to Misuse of Cryptographic Services Attack due to absence of data-integrity

protection Confidentiality failure due to absence of

“semantic security” protection

37

A Minor Variation of the Otway-Rees Protocol

38

An Attack

39

Authentication Protocols for Internet Security

Internet Protocol Security (IPSec)

40

Confidentiality Protection in IPSec Encapsulating Security Payload (ESP)

41

The Internet Key Exchange (IKE) Protocol (1)

42

The Internet Key Exchange (IKE) Protocol (2)

43

Authentication Failure

44

Signature-based IKE Phase 1 Aggressive Mode

45

A Plausible Deniability Feature in IKE

Plausible Deniability:Permit an entity to deny “plausibly” the existence of a connection with aCommunication partner

46

The Secure Shell (SSH) Remote Login Protocol (1) The SSH Architecture

The SSH Transport Layer Protocol Unilaterally authenticated secure channel from the

server to the client The SSH User Authentication Protocol

Unilateral authentication protocols to achieve entity authentication from a client-side user to the server

The SSH Connection protocol

47

The Secure Shell (SSH) Remote Login Protocol (2)

48

The Secure Shell (SSH) Remote Login Protocol (3)

49

The Secure Shell (SSH) Remote Login Protocol (4)