Cryptography Reference
In-Depth Information
else should know the key. While this does not help us much in our scenario where
the attacker is standing next to Alice at the ATM, it does help us defend against
attackers who are attacking the ATM network and attempting to modify or send
spoof messages over it. We will look at cryptographic protocols for implementing
this process in Section 9.4.
8.3.2 Applications of entity authentication
Entity authentication tends to be employed in two types of situation:
Access control . Entity authentication is often used to directly control access to
either physical or virtual resources. An entity, sometimes in this case a human
user, must provide assurance of their identity in real time in order to have
access. The user can then be provided with access to the resources immediately
following the instant in time that they are authenticated.
As part of a more complex cryptographic process . Entity authentication is also
a common component of more complex cryptographic processes, typically
instantiated by a cryptographic protocol (see Chapter 9). In this case, entity
authentication is normally established at the start of a connection. An entity
must provide assurance of their identity in real time in order for the extended
protocol to complete satisfactorily. For example, the process of establishing a
symmetric key commonly involves mutual entity authentication in order to
provide the two communicating entities with assurance that they have agreed
a key with the intended partner. We discuss this scenario in more detail in
Section 9.4.
8.3.3 General categories of identification information
One of the prerequisites for achieving entity authentication is that there is some
means of providing information about the identity of a claimant (the entity that
we are attempting to identify). There are several different general techniques for
doing this. Note that:
• As we observed earlier, providing identity information is not normally enough
to achieve entity authentication. Entity authentication also requires a notion of
freshness, as discussed in Section 1.3.1.
• Different techniques for providing identity information can be, and often are,
combined in real security systems.
• Cryptography has a dual role in helping to provide entity authentication:
1. Some of these approaches involve identity information that may have little to do
with cryptography (such as possession of a token or a password). Cryptography
can still be used to support these approaches. For example, as we discussed in
Section 6.2.2, cryptography can play a role in the secure storage of passwords.
 
Search WWH ::




Custom Search