Cryptography Reference
In-Depth Information
clocks in packet-switched networks such as the Internet and is specified in
RFC 1305 [124].
Entity authentication is a security service that can be implemented in a variety
of different ways, many of which involve cryptography being used alongside other
technologies. A comprehensive overview of smart cards, smart tokens and their
applications is provided by Mayes and Markantonakis [120]. A detailed investigation
of different biometric techniques can be found in Jain, Flynn and Ross [101], while
Gregory and Simon [93] is a more accessible introduction to biometrics.
An interesting set of experiments were conducted by Yan et al. [205] concerning
memorability and security of passwords as entity authentication mechanisms.
There is a good chapter on password security in Anderson [23]. FIPS 181, the
Automated Password Generator [76], creates pronounceable passwords fromDES,
illustrating the use of cryptographic primitives as a source of pseudorandomness.
A survey of alternatives to conventional passwords based on graphical techniques
was conducted by Suo, Zhu and Owen [188]. Of more significant cryptographic
interest are dynamic password schemes. RSA Laboratories are one of the main
commercial providers of products implementing dynamic password schemes
and they maintain several interesting simulations of their products, as well as
providing a home for theOne-Time Password Specifications (OTPS) [114]. Wikipedia
provides a good portal page on dynamic password schemes [201] that includes
comparisons of different approaches to generating dynamic passwords and
mentions various other commercial vendors of products implementing dynamic
password schemes.
The main ISO standard relating to entity authentication is ISO/IEC 9798 [19],
which includes a part relating to zero-knowledge mechanisms. Examples of
zero-knowledge mechanisms can be found in, for example, Stinson [185] and
Vaudenay [194]. The original inspiration for the zero-knowledge protocol analogy
that we described is Quisquater et al. [72].
1
. Cryptography and randomness are connected in many different ways:
(a) Provide some examples of why randomness is needed in cryptography.
(b) Provide some examples of how cryptography can be used to provide
randomness.
2
. Suggest appropriate mechanisms for generating randomness for the following
applications:
(a) generating a cryptographic key on a laptop for use in an email security
application;
(b) generating a master key for a hardware security module;
(c) generating keystream for a stream cipher on a mobile phone;
