Authentication Protocols

By: Jesse Miller

An important application area is that of mutual authentication protocols. Such protocols enable communicating parties to satisfy themselves mutually about each other`s identity and to exchange session keys.

Central to the problem of authenticated key exchange are two issues confidentiality and timeliness. To prevent masquerade and to prevent comprise of session keys, essential identification and session key information must be communicated in encrypted form. This requires the prior existence of secret or public keys that can be used for this purpose. The second issue, timeliness is important because of the threat of message replays. Such replays, at worst, could allow an opponent to compromise a session key or successfully impersonate another party. At minimum, a successful replay can disrupt operations by presenting with messages that appear genuine but are not.

These are some of the examples of replay attacks. Simple relay:-The opponent simply copies a message and replays it later. Repetition that cannot be detected, this situation could arise because the original message could have been suppressed and thus did not arrive at its destination but a reply message can arrive. Repetition replay without modification, this is a reply back to the message sender. This attack is possible if symmetric encryption is used and the sender cannot easily recognize the difference between messages sent and messages received on the basis of content.

One approach to coping with replay attacks is to attach a sequence number to each message used in an authentication exchange. A new message is accepted only if its sequence number is in the proper order. The difficulty with this approach is that it requires each party to keep track of the last sequence number for each claimant it has dealt with. Because of this overhead, sequence numbers are generally not used for authentication and key exchange. Instead, one of the following two general approaches are Time stamps and Challenge/response and their, examples, Party A accepts a message as fresh only if the message contains a time stamp that, in A`s judgment, is close enough A`s acknowledge of current time. This approach requires that clocks among the various participants be synchronized.

Party a, expecting a fresh message from B, first sends B a nonce and requires that the subsequent message received from B contain the correct nonce value.

Quick Note: Taking the Nonsense out of looking for the right spyware remover

If you really want to take the work out of looking for that right Spyware Protection from a go to the Internet and get a or a Free
Download, In order to prevent your vital information from being ripped from your computer get your Remover Today.

Time stamp approach should not be used for connection-oriented applications because of the inherent difficulties with this time stamp technique

Computers
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 

» More on Computers