Cryptography Reference
In-Depth Information
Like one-time password schemes, challenge-response mechanisms are au-
thentication schemes that make use of dynamically changing information. Unlike
one-time password schemes, however, challenge-response mechanisms require the
claimant and verifier to interact but generally do not require them to be synchro-
nized. In a challenge-response mechanism, the verifier provides the claimant with a
challenge
(e.g., a randomly chosen number that is sometimes also called a nonce),
and the claimant must compute and provide a valid
response
. This can be repeated
multiple times (if necessary). In either case, there must be some cryptographic key
material on either side of the protocol execution (i.e., to compute and verify the
claimant's response).
For example, a DSS can be used to implement a simple challenge-response
mechanism. If the claimant holds a private key and the verifier holds the correspond-
ing public key (or public key certificate), then the verifier can challenge the claimant
with a randomly chosen number and the claimant can respond with the digital sig-
nature for that number. Because the verifier holds the public key (certificate), he
or she can easily verify the validity of the claimant's response. Note, however, that
this exemplary challenge-response mechanism is far too simple to be used for real
applications. It would be too dangerous for a claimant to digitally sign arbitrary
values that claim to be legitimate challenges. What would happen, for example, if
the claimant were challenged with a cryptographic hash value computed from the
message string “I owe you $1,000”? In this case, the claimant would respond with
the digital signature for a message he or she would not have signed in the first place.
Consequently, the design and analysis of challenge-response mechanisms are tricky
and must be considered with care.
There is a special class of challenge-response mechanisms and authentication
protocols that have a property called zero knowledge. Using such a protocol, a
claimant can prove knowledge of a secret (e.g., a cryptographic key) while revealing
no information whatsover about the secret [17]. It is possible and very likely that
zero-knowledge authentication protocols will become important and more widely
deployed in the future. They are further addressed in Section 17.3.
17.2.3
Proof by Property
In a
proof by property
, the claimant proves his or her identity by proving some
biometric characteristics. The biometric characteristics, in turn, are measured and
compared with a reference pattern by the verifier. Historically, the first biometric
characteristics that were used for authentication were fingerprints. Today, it is
possible to use other characteristics, such as facial images, retinal images, and voice
patterns (e.g., [18, 19]). In the recent past, biometric authentication technologies
have been well received on the security market. In either case, they are appropriate
