Identification
(User Authentication)
Model
• Alice wishes to prove to Bob her identity in order
to access a resource, obtain a service etc.
• Bob may ask the following:
– Who are you? (prove that you’re Alice)
– Who the **** is Alice?
• Eve wishes to impersonate Alice:
– One time impersonation
– Full impersonation (identity theft)
Identification Scenarios
• Local identification
– Human authenticator
– Device
• Remote identification
– Human authenticator
– Corporate environment (LAN, database etc.),
similarly Telecom Operator environment
– E-commerce environment
Initial Authentication
• The problem: how does Alice initially
convince anyone that she’s Alice?
• The solution must often involve a “realworld” type of authentication – id card,
driver’s license etc.
• Errors due to human factor are numerous
• Example – the Microsoft-Verisign fiasco
• Example - phishing
Closed Environments
Model
• The initial authentication problem is fully solved
by a trusted party, Carol
• Carol can distribute the identification material in a
secure fashion, e.g by hand, or over encrypted and
authenticated lines
• Example – a corporate environment
• Example – an operator’s network
• Eve’s attack avenue is the Alice-Bob connection
• We begin by looking at remote authentication
Passwords
• Model 1:
– Alice is assigned a password, PWD, by Carol in
a secure manner
– Bob receives the pair <Alice, PWD> from
Carol in a secure manner
– Alice authenticates herself to Bob by sending
the pair <Alice, PWD>
Problems with Model 1
• Bob needs to hold a username, password database
• If Eve has access to Bob’s database (for instance
by a Trojan horse), she can impersonate Alice
• Eve can eavesdrop, capture the pair <Alice,
PWD> and impersonate Alice
• Human-chosen and memorized passwords are
vulnerable to guessing attacks
• Bob can impersonate Alice
Improvements to Model 1
• The internal database contains pairs of
<username,h(PWD)>, where h is a one way
function
• Example – Unix systems
• The database is often held at a central location
• Advantage – less space, Bob can’t impersonate
Alice
• Disadvantage – new attack avenues
Architecture 1
Carol
Bob
Alice
1. Black lines – secure initial connection
2. White lines – online authentication
Architecture 2
Carol
Bob
Alice
DB
1. Black lines – secure initial connection
2. White lines – online authentication
Solving Eavesdropping
• First solution:
– Use encrypted and authenticated lines
– Advantage – attacks by Eve are very difficult
– Disadvantages – need encryption and
authentication in place for every transaction.
Infrastructure and performance overhead
• Second solution: challenge and response
protocols
Challenge – Response (Model 2)
• PWD is used as a key
• Protocol:
– Alice sends authentication request using her
name
– Bob retrieves PWD
– Bob sends random challenge, r
– Alice replies with hPWD(r)
– Bob tests authenticity
Pros and Cons
• Pros:
– PWD is not passed in the clear
– No need for encryption and authentication
• Cons:
– Database has to be managed by Bob
– Guessing attacks are still possible
• Caution: Challenges must not be repeated.
Sequence numbers or time should be used
Summary
• Challenge and response model is sufficient
for closed, non-flexible environments.
• Main security problems: impersonation by
database administrator (Bob), guessing
attacks.
• Operational problems: adding and removing
authorized users
GSM Authentication
• Mobile Station (cell-phone) authenticates to
mobile operator (PLMN)
• Mobile Station (MS) stores a symmetric
authentication key ki in the SIM. Same key is
stored by Home PLMN
• Problem: authentication to visited PLMN that
doesn’t have key, without exposing key over air
• Solution: first - billing agreement between
HPLMN and visited PLMN. Second – challenge
response protocol
GSM Authentication Components
MS
BS
AUC
VLR
HLR
Visited
PLMN
HPLMN
GSM Authentication Protocol
• MS sends IMSI to visited PLMN, identifying MS
and HPLMN.
• HPLMN sends n triplets <RAND, XRES, kc> in
the clear over land lines or Microwave.
• Visited PLMN sends to MS the challenge, RAND
• MS response SRES=A3ki(RAND)
• MS passes authentication if XRES=SRES
• Traffic between MS and BS is encrypted using A5
algorithm with the key kc= A8ki(RAND)
Local Authentication
Device Level
Local ID Technologies
• Passwords
• Tokens: smart-cards, Secure-ID, USB
tokens
• Biometric identification:
– Fingerprints
– Voice recognition
– Face recognition
• Multi-Factor authentication
Tokens: Pros and Cons
• Pros
– Stronger security than passwords
– Even physical attacks are difficult
• Cons
– Require extra hardware
– Require standardization
– Easily lost
Biometrics: Pros and Cons
• Pros
– Large key, reasonable amount of entropy
– Not easily lost
– Not easily transferable
• Cons
–
–
–
–
Invasion of privacy
Can’t be changed
False positives and negatives
Susceptible to many types of physical attacks
Biometrics (cont.)
• Technology is not mature yet
• Fingerprint technology is the most mature:
– Less false positives and negatives
– Not as easy to fool (really?!)
• The technology’s fate is still unclear
• Example – be careful with biometrics.
Remote access using biometric information
as password is problematic