REMOTE USER AUTHENTICATION PRINCIPLES -

Strictly From Textbook (15.1)

📚 Introduction and Basic Definition

What is User Authentication?

User authentication is the fundamental building block in most computer security contexts
It is the primary line of defense
User authentication is the basis for:
Most types of access control
User accountability

RFC 4949 Definition

RFC 4949 (Internet Security Glossary) defines user authentication as:
The process of verifying an identity claimed by or for a system entity

🔐 The Two-Step Process

Step 1: Identification Step

What happens: Presenting an identifier to the security system
Important note: Identifiers should be assigned carefully
Why: Because authenticated identities are the basis for other security services (such as
access control service)

Step 2: Verification Step

What happens: Presenting or generating authentication information that corroborates the
binding between the entity and the identifier
Example from Textbook
User: Alice Toklas
User identifier: ABTOKLAS
Where stored: This information needs to be stored on any server or computer system that
Alice wishes to use
Who knows it: Could be known to system administrators and other users
Authentication information: A typical item is a password, which is kept secret (known only
to Alice and to the system)

Why This Works

If no one is able to obtain or guess Alice's password, then the combination of Alice's user ID
and password enables:
Administrators to set up Alice's access permissions
Audit her activity
Because Alice's ID is not secret, system users can send her email
Because her password is secret, no one can pretend to be Alice

Summary Statement from Textbook

Identification is the means by which a user provides a claimed identity to the system
User authentication is the means of establishing the validity of the claim

Important Distinction
User authentication is distinct from message authentication
Message authentication (from Chapter 12): A procedure that allows communicating parties
to verify that the contents of a received message have not been altered and that the source
is authentic
This chapter is concerned solely with user authentication

🏛️The NIST SP 800-63-2 Model for Electronic User Authentication

NIST Definition
NIST SP 800-63-2 (Electronic Authentication Guideline, August 2013) defines electronic
user authentication as:
The process of establishing confidence in user identities that are presented
electronically to an information system
Purpose of Authentication
Systems can use the authenticated identity to determine if the authenticated individual is
authorized to perform particular functions, such as:
Database transactions
Access to system resources

Where Authentication Happens

In many cases: Authentication and transaction take place across an open network such as
the Internet
Equally: Authentication and subsequent authorization can take place locally, such as across
a local area network

📊 Understanding Figure 15.1: The NIST E-Authentication Architectural Model

Initial Requirement: Registration

The initial requirement for performing user authentication is that the user must be
registered with the system

REGISTRATION PHASE (Top Half of Figure 15.1)

Step 1 - Application:
An applicant applies to a registration authority (RA) to become a subscriber of a
credential service provider (CSP)
Who is the RA:
In this model, the RA is a trusted entity that establishes and vouches for the identity of an
applicant to a CSP
Step 2 - Exchange with CSP:
The CSP then engages in an exchange with the subscriber
Depending on the details of the overall authentication system, the CSP issues some sort of
electronic credential to the subscriber
What is the Credential:
The credential is a data structure that authoritatively binds:
An identity
Additional attributes
To a token possessed by a subscriber
Can be verified when presented to the verifier in an authentication transaction
What is the Token:
 The token could be:
An encryption key
An encrypted password that identifies the subscriber
Where Does Token Come From:
The token may be:
Issued by the CSP
Generated directly by the subscriber
Provided by a third party
What Happens Next:
The token and credential may be used in subsequent authentication events

AUTHENTICATION PHASE (Bottom Half of Figure 15.1)

When This Happens:
Once a user is registered as a subscriber, the actual authentication process can take place
Takes place between the subscriber and one or more systems that perform authentication
and, subsequently, authorization
Key Parties:
The party to be authenticated is called a claimant
The party verifying that identity is called a verifier
Step 1 - Authentication Protocol:
When a claimant successfully demonstrates possession and control of a token to a verifier
through an authentication protocol
Step 2 - Verification:
The verifier can verify that the claimant is the subscriber named in the corresponding
credential
Step 3 - Assertion:
The verifier passes on an assertion about the identity of the subscriber to the relying party
(RP)
What the Assertion Contains:
That assertion includes identity information about a subscriber, such as:
The subscriber name
An identifier assigned at registration
Other subscriber attributes that were verified in the registration process
Step 4 - Authorization Decision:
 The RP can use the authenticated information provided by the verifier to make:
Access control decisions
Authorization decisions

Note About Real Implementations

An implemented system for authentication will differ from or be more complex than this
simplified model
But the model illustrates the key roles and functions needed for a secure authentication
system

🔑 Four General Means of Authentication

The textbook states these can be used alone or in combination:

1. Something the Individual Knows

Examples include:
A password
A personal identification number (PIN)
Answers to a prearranged set of questions

2. Something the Individual Possesses

Examples include:
Cryptographic keys
Electronic keycards
Smart cards
Physical keys
Note from textbook: This type of authenticator is referred to as a token

3. Something the Individual Is (Static Biometrics)

Examples include:
Recognition by fingerprint
Retina
Face
4. Something the Individual Does (Dynamic Biometrics)
Examples include:
Recognition by voice pattern
Handwriting characteristics
Typing rhythm

General Statement from Textbook

All of these methods, properly implemented and used, can provide secure user
authentication
However: Each method has problems

Problems Mentioned
An adversary may be able to guess or steal a password
Similarly, an adversary may be able to forge or steal a token
A user may forget a password or lose a token
Furthermore, there is a significant administrative overhead for managing password and
token information on systems and securing such information on systems
With respect to biometric authenticators, there are a variety of problems, including:
Dealing with false positives and false negatives
User acceptance
Cost
Convenience

For Network-Based User Authentication

The most important methods involve:
Cryptographic keys
AND something the individual knows, such as a password

🤝 Mutual Authentication

What is Mutual Authentication

An important application area is that of mutual authentication protocols
Such protocols enable communicating parties to:
Satisfy themselves mutually about each other's identity
Exchange session keys
Reference to Previous Chapter
This topic was examined in Chapter 14
There, the focus was key distribution
We return to this topic here to consider the wider implications of authentication

Two Central Issues

Issue 1: CONFIDENTIALITY
To prevent masquerade and to prevent compromise of session keys:
Essential identification and session-key information must be communicated in encrypted
form
This requires the prior existence of secret or public keys that can be used for this purpose
Issue 2: TIMELINESS
Timeliness is important because of the threat of message replays
Such replays, at worst, could allow an opponent to:
Compromise a session key
Successfully impersonate another party
At minimum, a successful replay can disrupt operations by presenting parties with
messages that appear genuine but are not

🔄 Examples of Replay Attacks

The textbook cites [GONG93] and lists the following examples:

Type 1: Simple Replay

The simplest replay attack is one in which the opponent simply copies a message and
replays it later

Type 2: Timestamped Message Replay Within Valid Window

An opponent can replay a timestamped message within the valid time window
If both the original and the replay arrive within the time window, this incident can be logged

Type 3: Replay with Suppression

As with example 2, an opponent can replay a timestamped message within the valid time
window
But in addition: The opponent suppresses the original message
Thus, the repetition cannot be detected
Type 4: Backward Replay
Another attack involves a backward replay without modification
This is a replay back to the message sender
This attack is possible if symmetric encryption is used and the sender cannot easily
recognize the difference between messages sent and messages received on the basis of
content

📈 Why Sequence Numbers Are Not Used

The Sequence Number Approach

One approach to coping with replay attacks is to attach a sequence number to each
message used in an authentication exchange
A new message is accepted only if its sequence number is in the proper order

The Difficulty
The difficulty with this approach is that it requires each party to keep track of the last
sequence number for each claimant it has dealt with
Because of this overhead, sequence numbers are generally not used for authentication and
key exchange

⏰ Two General Approaches Instead of Sequence Numbers

The textbook says instead, one of the following two general approaches is used:

Approach 1: TIMESTAMPS
How It Works:
Party A accepts a message as fresh only if the message contains a timestamp that, in A's
judgment, is close enough to A's knowledge of current time
Requirement:
This approach requires that clocks among the various participants be synchronized

Approach 2: CHALLENGE/RESPONSE
How It Works:
Party A, expecting a fresh message from B, first sends B a nonce (challenge)
Requires that the subsequent message (response) received from B contain the correct
nonce value
⚠️Arguments Against Timestamps (For Connection-Oriented Applications)

The textbook cites [LAM92a] and states it can be argued that the timestamp approach should
not be used for connection-oriented applications because of the inherent difficulties with this
technique:

Problem 1: Synchronization Protocol

First, some sort of protocol is needed to maintain synchronization among the various
processor clocks
This protocol must be:
Fault tolerant (to cope with network errors)
Secure (to cope with hostile attacks)

Problem 2: Temporary Loss of Synchronization

Second, the opportunity for a successful attack will arise if there is a temporary loss of
synchronization
Could result from a fault in the clock mechanism of one of the parties

Problem 3: Network Delays

Finally, because of the variable and unpredictable nature of network delays:
Distributed clocks cannot be expected to maintain precise synchronization
Therefore, any timestamp-based procedure must allow for a window of time:
Sufficiently large to accommodate network delays
Yet sufficiently small to minimize the opportunity for attack

❌ Arguments Against Challenge-Response (For Connectionless Applications)

The Problem
On the other hand, the challenge-response approach is unsuitable for a connectionless
type of application
Because: It requires the overhead of a handshake before any connectionless transmission
This effectively negates the chief characteristic of a connectionless transaction

Alternative for Connectionless Applications

For such applications, reliance on:
Some sort of secure time server
A consistent attempt by each party to keep its clocks in synchronization
May be the best approach (textbook cites [LAM92b])
📧 One-Way Authentication

Application: Electronic Mail

The Nature of Email:
One application for which encryption is growing in popularity is electronic mail (email)
The very nature of electronic mail, and its chief benefit, is that it is not necessary for the
sender and receiver to be online at the same time
How Email Works:
Instead, the email message is forwarded to the receiver's electronic mailbox
Where it is buffered until the receiver is available to read it
Email Protocols:
The "envelope" or header of the email message must be in the clear (not encrypted)
So that the message can be handled by the store-and-forward email protocol, such as:
Simple Mail Transfer Protocol (SMTP)
X.400

Two Requirements for Email Security

Requirement 1: Message Confidentiality
However, it is often desirable that the mail-handling protocol not require access to the
plaintext form of the message
Because: That would require trusting the mail-handling mechanism
Accordingly: The email message should be encrypted such that the mail-handling system is
not in possession of the decryption key
Requirement 2: Sender Authentication
A second requirement is that of authentication
Typically, the recipient wants some assurance that the message is from the alleged sender

🎯 KEY POINTS FOR EXAM

Definitions
User Authentication: Process of verifying an identity claimed by or for a system entity
Identification: Presenting an identifier to the security system
Verification: Presenting or generating authentication information that proves the binding
NIST Model (Figure 15.1)
Registration Phase: Applicant goes to RA, RA vouches to CSP, CSP issues credential and
token
Authentication Phase: Claimant proves possession of token to Verifier, Verifier passes
assertion to Relying Party, RP makes authorization decision

Four Authentication Methods

Something you know (password)
Something you have (token)
Something you are (fingerprint)
Something you do (voice pattern)

Replay Attack Solutions

Timestamps: Message freshness based on time (needs synchronized clocks)
Challenge-Response: Message freshness based on nonce (needs handshake)

When to Use What

Connection-oriented: Timestamps should NOT be used (use challenge-response)
Connectionless: Challenge-response is unsuitable (may use timestamps with secure time
server)

Email Authentication
Header must be clear (for routing)
Body should be encrypted
Sender authentication needed (so recipient knows who sent it)

That's it! This is EXACTLY what the textbook Section 15.1 contains, just organized in points.
No extra information added. Good luck at 9am! 🍀
⁂

1. https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-63-2.pdf
2. https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-63b.pdf
3. https://csrc.nist.rip/library/NIST SP 800-063v1.0.2 Electronic Authentication Guideline, 2006-04.pdf
4. https://www.youtube.com/watch?v=t7XQ8I4eZmY
5. https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-nist-800-63
6. https://oag.ca.gov/sites/all/files/agweb/pdfs/bciis/03-nist-sp-800-63-3.pdf
7. https://www.slideshare.net/slideshow/nist-80063-guidance-fido-authentication/80017517
8. https://www.youtube.com/watch?v=lYdfOSCx8Vg