Cryptography Reference
In-Depth Information
7.4 Authentication Applications
There are no such things as applied sciences, only applications of science.
Louis Pasteur
(1822-1895), French chemist and bacteriologist
On page 238, we discussed the ISO/ITU-T X.509v3 public-key certificates,
which are part of the X.500 series, discussed on page 240. In this section, we look
at the X.509 authentication protocols, employing public-key transport, which
uses the signing of encrypted keys (see [126]). The X.509 standard recommends
the use of RSA as a PKC, and the digital signature scheme (which could be
RSA or another DSS) is assumed to use a hash function. The X.509 standard
is important since it is used in many of the schemes we have discussed and will
study: iPSEC (see Section 8.3 on page 294); SET (see Section 6.3 on page 243);
S/MIME (see Section 8.2 on page 287); and SSL (see Section 5.7), to mention
a few.
On page 238, we presented the twelve possible fields in a given X.509 cer-
tificate, which the reader may want to review before proceeding. Furthermore,
since it is most pertinent to this section, the reader must be familiar with Section
6.2 on page 237, concerning PKI issues.
X.509 Strong Authentication Protocols
Background Assumptions
: Alice and Bob have PKC pairs for encryption
and signatures, (
e
A
,d
A
) and (
e
B
,d
B
), respectively. Moreover, Alice and Bob are
assumed (prior to the protocol) to have verified each other's respective public
keys, by obtaining those public keys from other certificates
C
(
A
) and
C
(
B
),
from the X.500 directory.
Strong One-Way Authentication
Protocol Steps
1. Alice obtains a timestamp
t
A
, generates a nonce
r
A
, obtains a secret key
SKC
k
, and she may (optionally) include a message
m
. She computes
M
A
=(
t
A
,r
A
,C
(
B
)
,m,e
B
(
k
)) and sends
d
A
(
M
A
) to Bob.
2. Bob uses
e
A
to get
M
A
, then he checks that the timestamp
t
A
has not
expired, and that
C
(
B
) is his valid certificate. Then he uses his private
key,
d
B
,toget
k
.
The one-way authentication ensures that Alice is authenticated since only
she has
d
A
. It verifies, via
C
(
B
), that the message was indeed intended for Bob.
The integrity and originality of
m
are guaranteed via
r
A
, since this nonce is a
sequential component, which Bob can check for uniqueness within the validity
time frame dictated by
t
A
. This prevents replay and impersonation attacks.
In other words, Bob can store the nonce until it expires and reject any new
messages that arrive with the same nonce. In any case, Bob now has
k
as the
shared secret SKC key.
Search WWH ::
Custom Search