Cryptography Reference
In-Depth Information
5
Security Protocols with
Conventional Cryptography
Content
Password access control:
UNIX passwords, basic HTTP, PAP
Challenge-response protocols:
digest HTTP, CHAP
One-time passwords:
Lamport scheme, S/Key
Key distribution:
Needham-Schroeder, Kerberos, Merkle puzzles
Authentication chains:
Merkle signature scheme, timestamps
Case study:
GSM network, Bluetooth network
In this chapter we look at several examples of protocols which use conventional
cryptography. As we can see, the most important problems are peer authentication
and key distribution. Once these problems are solved, the conventional cryptographic
primitives that we have seen in previous chapters can be used in order to build up secure
communications, e.g. establish communication sessions between a client and a server
which preserve confidentiality, integrity, authentication, and in which no adversary can
replay, reorder, or erase messages.
5.1
Password Access Control
The most intuitive way to perform access control is to request a password as de-
picted in Fig. 5.1. When a client wishes to connect to a server, they can proceed as
follows.
1. The client first sends an access request to the server.
2. The server acknowledges and sends a password request to the client.
3. The client sends his password to the server.
4. The server checks the correctness of the password and either provides or denies
access to the client.
Here, the password does not need to be kept in memory: the server only keeps a
message digest (using a hash function) of the password. This is an interesting property
for security since this protects against potential damages when the memory content is
stolen.
Search WWH ::
Custom Search