Cryptography Reference
In-Depth Information
Chapter 9
Applications and the Future
The future ain't what it used to be.
Yogi Berra
(1925-) American baseball player
9.1 Login and Network Security
When we
login
(sometimes called
signing in
), to a computer, we must pro-
vide a passphrase, which may be as simple as a single word (typically called a
password
), or a sequence of words used to identify us uniquely for secure access
to the system. The encrypted passphrase will be accompanied by our plaintext
username ID
. A user ID, authenticated by its associated passphrase, determines
the privileges allotted to the user, which may vary from personal e-mail access
to
superuser
status, where actions may be executed that are protected by the
operatingsystem.
If we are trying to login from home, or a hotel when on a trip, to gain
access to a computer at work, for instance, this is called
remote login
. In this
case, passwords may travel over unsecured channels, makingthem susceptible to
eavesdroppingby Eve or interception by Mallory. Mechanisms exist for dealing
with these situations. One strongmethod, IPSec, was studied in Section 8.3. Of
course, while workers are at their workplace, firewalls would likely be in place
to prevent attacks, and IPSec deals with communications between such secu-
rity gateways, as we have seen. A secure PKI indirectly assists here since the
X.509V3 certificates are part of the IPSec protocol, includinguser transparency
on certain issues. Moreover, we have the strongX.509 authentication proto-
cols studied in Section 7.4, which also employ X.509 directories and other PKI
structures. We have methods for secure authentication in e-commerce, such as
SET studied in Section 6.3. Secure session-based communication via SSL was
explored in Section 5.7. E-Mail security via PGP and S/MIME were described
in Chapter 8, and message authentication itself was discussed in Chapter 7.
Now we delve further into password protection.
On page 168, we described the use of one-way functions in the role of pass-
word security. Also, we have already been introduced to the concept of a
Search WWH ::
Custom Search