Cryptography Reference
In-Depth Information
5. Alice sends Bob the message
d
A
(
r
B
).
Three-way authentication is used (without timestamps) as a vehicle to be
employed when synchronized clocks are not available (see the analysis of Ker-
beros on page 197). Since both Alice and Bob have exchanged nonces, both of
them can check the nonce received to detect replay attacks. Recall that on page
199, we discussed a similar three-pass protocol by Shamir. Diagram 7.12 adds
step5 to Diagram 7.11.
Diagram 7.12 X.509 Strong Three-Way Authentication (Simplified)
d
A
(
t
A
,
r
A
,
C
(
B
)
,
m
,
e
B
(
k
))
−−−−−−−−−−−−−−−−−−−−−−→
←−−−−−−−−−−−−−−−−−−−−−−−
Alice
d
B
(
t
B
,
r
B
,
C
(
A
)
,
m
,
e
A
(
k
))
Bob
d
A
(
r
B
)
−−−−−−−−−−−−−−−−−−−−→
Authentication and the Internet
The most common use of X.509 certificates, and the associated strong au-
thentication protocols, is for Internet transactions. (We are now talking about
both message and entity authentication.) Typically how this works is that a
server, Victor, say, needs to authenticate a user, Alice, say, as follows.
1. Alice sends her X.509 certificate, containing
e
A
, to Victor.
2. Victor sends a challenge, in the form of a nonce,
n
V
, back to Alice's browser.
3. Alice's browser encrypts
n
V
with
d
A
, and sends
d
A
(
n
V
) back to Victor.
4. If Victor can recover
n
V
using her public key
e
A
, then he is convinced
that Alice is in possession of
d
A
, and is indeed the person to whom the
certificate was issued.
The reason that this X.509 certificate-based authentication is called “strong”
is that no password or other secret information is sent over the network. Since
the private keys are secure, and since a nonce is used, Mallory cannot gather
any data that can be used to recover
d
A
or to launch a replay attack. All of this,
of course, is predicated upon the absolute and unequivocal security of private
keys. In this fashion, the X.509 standard for strong authentication is a method
superior to simple password-based protocols.
The most popular browsers on the Internet are
Netscape Communicator
,
Microsoft Internet Explorer
, and
Opera
, all of which support the X.509 strong
authentication protocols. Server support is enabled in most Web servers, as long
as there is an embedded module with SSL/TLS (see Section 5.7). Embedded
X.509 certificate support is available, for instance, in
Microsoft Outlook
and
Outlook Express
,
Netscape Communicator
, and
Mozilla
. In Chapter 8, we will
learn about e-mail security in depth.
Search WWH ::
Custom Search