![]() ![]() ![]() A way to achieve this is to add a time-variant parameter. We thus have that the challenge should never be the same. However, even if this does not reveal K, if the challenge is always the same an attacker can simple intercept and replay it to authenticate as Alice. The verifier will decrypt the message and will check that it matches name A. Response: the claimant sends the required messageįor example, a challenge might be “send me your name encrypted under K”.Challenge: the verifier challenges the claimant to send a particular message encrypted under K.The general idea is to have a challenge and a response: Since generating an encrypted message without knowing the key is assumed to be infeasible, this proves its knowledge. In order to prove the knowledge of the key K, and thus her identity, the claimant sends to the verifier a message encrypted under K. The secret shared among the claimant and the verifier is a symmetric cryptographic key. We discuss strong authentication protocols based on symmetric-key cryptography. This can be achieved by showing a value that depends on the secret but does not allow to compute it. Strong authentication techniques, instead, allow for proving the knowledge of a secret without showing it. The problem with passwords and PIN is that we prove their knowledge by exhibiting the secret value. But even in this case, if the attacker is in the middle, he can sniff the password in transit and use it to authenticate once. This can be improved using OTPs, i.e., passwords that are never reused. We have seen that passwords and PINs suffer from interception and replay: an attacker sniffing a password can reuse it arbitrarily to authenticate. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2023
Categories |