[go: up one dir, main page]
Scribd
Upload
607 views30 pages

Entity Authentication

Entity authentication allows one party to prove their identity to another party. There are three main categories of entity authentication: something you know (like a password), something you have (like an ATM card), and something you are (like fingerprints). Common authentication methods include passwords, challenge-response authentication using symmetric or asymmetric cryptography, and biometrics which uses physiological or behavioral traits to identify individuals.

Uploaded by

ciltogugn
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
607 views30 pages

Entity Authentication

Entity authentication allows one party to prove their identity to another party. There are three main categories of entity authentication: something you know (like a password), something you have (like an ATM card), and something you are (like fingerprints). Common authentication methods include passwords, challenge-response authentication using symmetric or asymmetric cryptography, and biometrics which uses physiological or behavioral traits to identify individuals.

Uploaded by

ciltogugn
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 30

Entity Authentication

INTRODUCTION

Entity authentication is a technique designed to let one


party prove the identity of another party.

An entity can be a person, a process, a client, or a


server.

The entity whose identity needs to be proved is called


the claimant;

the party that tries to prove the identity of the claimant


is called the verifier.
Data-Origin Versus Entity Authentication

There are two differences between message


authentication (data-origin authentication), and entity
authentication.

1) Message authentication might not happen in real


time; entity authentication does.

2) Message authentication simply authenticates one


message; the process needs to be repeated for each
new message. Entity authentication authenticates the
claimant for the entire duration of a session.
Verification Categories

Something known

Something possessed

Something inherent
PASSWORDS

The simplest and oldest method of entity


authentication is the password-based
authentication, where the password is
something that the claimant knows.
Fixed Password

First Approach
User ID and password file
Second Approach

Hashing the password


Third Approach

Salting the password


Fourth Approach

In the fourth approach, two identification techniques are


combined. A good example of this type of authentication
is the use of an ATM card with a PIN (personal
identification number).
CHALLENGE-RESPONSE

In password authentication, the claimant


proves her identity by demonstrating that
she knows a secret, the password.

In challenge-response authentication, the


claimant proves that she knows a secret
without sending it.
Note
In challenge-response authentication, the claimant
proves that she knows a secret without sending it to
the verifier.

Note
The challenge is a time-varying value sent by the
verifier; the response is the result
of a function applied on the challenge.
Using a Symmetric-Key Cipher

First Approach Unidirectional Authentication

Nonce challenge

Cannot be replayed by Eve.


Second Approach Unidirectional Authentication

Timestamp challenge

Assumed that the clocks are synchronized.

Authentication can be done with only one message


Third Approach Bidirectional authentication

Order of RA and RB are changed to prevent


Replay attack of the third message.
Using Keyed-Hash Functions

Instead of using encryption/decryption for entity


authentication, we can also use a keyed-hash function
(MAC).

Keyed-hash function
Using an Asymmetric-Key Cipher

Verifier encrypts the challenge with the


Public key of the claimant.

Claimant decrypts the challenge with her


private key.

Sends the challenge back to the verifier.


Using an Asymmetric-Key Cipher

First Approach

Unidirectional, asymmetric-key authentication


Second Approach

Bidirectional, asymmetric-key

Bob is authenticated.

Alice authenticated.
Using Digital Signature
Claimant uses private key for signing.
First Approach
Digital signature, unidirectional
Second Approach
Digital signature, bidirectional authentication
Authentication protocols

SK – session key, the


subsequent transmission
takes place with this key.
The permanent secret key
is exposed for few transm-
issions.
Authentication using Public-Key
Cryptography

1. Give me EB Directory
4. Give me EA

5. Certified EA
2. Certified EB
3. EB (A, RA)
Alice

Bob
6. EA (RA, RB , KS)

7. KS (RB)
BIOMETRICS

Biometrics is the measurement of physiological or


behavioral features that identify a person
(authentication by something inherent).

Biometrics measures features that cannot be guessed,


stolen, or shared.
Components

Several components are needed for biometrics, including


capturing devices, processors, and storage devices.
Enrollment

Before using any biometric techniques for authentication,


the corresponding feature of each person in the
community should be available in the database. This is
referred to as enrollment.
Authentication

Verification

Identification
Techniques

Techniques
Physiological Techniques

Fingerprint Hands

Iris Voice

Retina DNA

Face
Behavioral Techniques

Signature

Keystroke
Applications

Several applications of biometrics are already in use. In


commercial environments, these include
access to facilities,
access to information systems,
transaction at point-of-sales, and
employee timekeeping.

In the law enforcement system, they include


investigations (using fingerprints or DNA) and forensic
analysis.

Border control and immigration control also use some


biometric techniques.

You might also like