Data Protection and Security

   

VII

Identification and Entity Authentication

    

VII.III

Authentication Protocols

    
   
 

Mediated Authentication:

In previous protocols, we assume that there are a small number of users and each can

  • Have a trusted channel to exchange secrets
  • Have a trusted channel to get the public keys.

If the network is large and each participant wants to authenticate each other, then the manageable solution is based on either

  • Key Distribution Center - KDC (Online)
  • Certificate Authorities – CA (Offline)

We will see the solution based on CA’s in the next chapter. For now, we only note that using public key cryptography CA’s solve the scalability problem related to requirement of KDC’s to be online. KDC operation involves three steps that can be summarized as follows:

Figure 8. The operation of Key Distribution Center

  1. Message saying Alice wants to communicate with Bob.
  2. Two encrypted values A and B:
    A: KAlice{use KAB for Bob} (a message stating the key to use with Bob encrypted with Alice’s shared key with KDV)
    B: ticket to Bob = KBob{use KAB for Alice} (This ticket can only be opened by Bob since it is encrypted with the key shared between Bob and KDC)
  3. “I am Alice” and ticket.

There are numerous KDC-based authentication protocols. One notable example is the Needham-Schreoder protocol illustrated in Figure 10.

Figure 9. The Needham and Schroeder Protocol

Note that most symmetric key mediated (KDC based) authentication protocols including Kerberos derive from the seminal work of Needham and Schroeder. We will introduce Kerberos in the next chapter.


    
   
       
 
«previous session [1] [2] [3] [4] [5] [6] [7] [8] [9] next session »
   
       
 
«proceed to previous sectionproceed to next section »
  chapter index