Information Technology Reference
In-Depth Information
Here, though the password is stored in encrypted format on the server thus making
it less vulnerable to attacks but sending the unencrypted ASCII password over the
network makes the protocol insecure.
3
Relevance to Prior Work
One of the relevant work done in this field is the CHAP(challenge handshake
authentication protocol)[1,2,3,5,12]. This protocol is based on challenge-response
model and makes use of single-use keys to provide more security. However this
system does not completely eliminate the need to send data over wire in plain text
format.
This protocol works in the following manner: when a user types his user name, the
server generates a random key and sends it to the client machine(user) in unencrypted
format. The user then encrypts his password using the received key and sends it to the
server. The authenticator program on server encrypts the password corresponding to
the received username using the generated key & matches it against the data received
from the client machine.
The user is allowed to login and access his resources if the match occurs else
access is denied.
Also, CHAP keeps sending various challenges to the client (user) throughout the
session to verify that only an authorized person is logged in.
The main advantages of the scheme are as follows:
It solves the problem of logged in but unattended systems.
Also, the password no more travels in clear but in encrypted form thus solving the
problem of packet sniffing or eavesdropping.
However, this scheme poses the following disadvantages :
As the randomly generated key is sent to the user in clear, an intruder can get the
key by packet-sniffing.
The password on the server is stored in unencrypted format thus making it more
vulnerable to attacks.
Also, on continuously sniffing a line, the intruder will be able collect many key-
ciphertext pairs for a user's password thus gaining some knowledge about the
user's password.
4
Cryptographic Primitives
The algorithms which are designed to perform any cryptographic operation are
known as cryptographic primitives. The primitives are the building blocks which are
used to create more complex cryptographic protocols to achieve various security
goals. The primitives can be classified into two major groups : symmetric (or private
key) & asymmetric (or public key). We will now define some of the primitives used
in the proposed protocol:
