Address based authentication 1. KDCs

One way to make things manageable is to use a trusted node known as Key Distribution Center (KDC).The KDC knows keys for all nodes. If a new node is installed in the network, only that, new node and the KDC need to be configured with a key for that node. If node α wants to talk to node β, α talks to the KDC(securely ,since α and the KDC share a key),and asks for a key with which to talk to β .The KDC authenticates α ,chooses a random number Rαβ to be used as a key to be shared by α and β for their conversation ,encrypts Rαβ with the key the KDC shares withα and gives that to α. The KDC also encrypts Rαβ with the key the KDc shares withβ and gives that to β. With the instruction that it is to be used for conversing withα.(Usually ,the KDC will not bother to actually transmit the encrypted Rαβ to β but rather will give it to α to forward toβ.)the encrypted message to β that the KDC gives to α to forward is often referred to as a ticket. Besides containing Rαβ, the ticket generally contains other information such as an expiration time and α’s name. KDCs make key distribution much more convenient .when a new user is being installed into the network ,or when a user’s key is suspected of having been compromised ,there’s a single location(the KDC) that needs to be configured .The alternative to using a KDc is installing the user’s information at

every server to which the user might access. There are some disadvantages to KDCs, though:

 The KDC has enough information to impersonate anyone to anyone .If it is compromised, all the network resources are vulnerable.

 The KDC is a single point of failure .If it goes down, nobody can use anything on the network (or rather, nobody can start using something on the network-keys previously distributed can continue to be used).It is possible to have multiple KDC’s which share the same database of keys, but that means added complexity and cost for extra machines and replication protocols, and added vulnerability, since there are now more targets that need to be protected.

 The KDC might be a performance bottleneck, since everyone will need to frequently communicate with it. Having multiple KDCs can alleviate this problem.

Certificate Revocation:

The PKI method distributes the certificates using third parties. These certificated are providing the additional security mechanism to the existing message exchange. For certificate status to be determined, public key infrastructure (PKI) certificate revocation information must be made available to individuals, computers, network devices, and applications attempting to verify the validity of certificates. Traditionally, a PKI uses a distributed method of verification so that the clients do not have to contact the Certification Authority (CA) directly to validate the credentials presented. Instead, clients connect to alternate resources, such as Web servers or Lightweight Directory Access Protocol (LDAP) directories, where the CA has published its revocation information.

Without checking certificates for revocation, the possibility exists that an application or user will accept credentials that have been revoked by a CA administrator.

Certificates are issued with a planned lifetime, which is defined through a validity start time and an explicit expiration date.

For example, a certificate may be issued with a validity of one day, thirty years, or even longer. Once issued, a certificate becomes valid when its validity time has been reached, and it is considered valid until its expiration date. However, various circumstances may cause a certificate to become invalid prior to the expiration of the validity period. Such circumstances include change of name (for example, requiring to change the subject of a certificate due to an employee’s change of name), change of association between subject and CA (for example, when an employee terminates employment with an organization), and compromise or suspected

compromise of the corresponding private key. Under such circumstances, the issuing CA needs to revoke the certificate.

There are several mechanisms to represent revocation information. RFC 3280 defines one such method. This method involves each CA periodically issuing a signed data structure called a certificate revocation list (CRL). A CRL is a list identifying revoked certificates, which is signed by a CA and made freely available at a public distribution point. The CRL has a limited validity period, and updated versions of the CRL are published when the previous CRL’s validity period expires. Each revoked certificate is identified in a CRL by its certificate serial number. When certificate-enabled software uses a certificate (for example, for verifying a remote user's digital signature), the software should not only check the certificate signature and time validity, but it should also acquire a suitably recent certificate status to ensure that the certificate being presented is not revoked. Normally, a CA will automatically issue a new CRL on either a configured, regular periodic basis (for example, daily or weekly), or the CRL can be published manually by a CA administrator

There is a potential disadvantage with CAs .Suppose Fred is given a certificate with an expiration time a year in the future and then Fred is fired .Since Fred is now a disgruntled ex-employee, it would be nice to alert the network not to allow him access .With KDCs, it is easy-merely delete his key from the KDC. With CAs, though it is not as straight forward to deny access to someone once he is given a certificate. It is common practice to put an expiration date in a certificate .The certificate becomes invalid after that day.

The typical validity interval is about a year. A disgruntled ex-employee can do a lot of damage in a year, even without a machine gun. But you wouldn’t want validity intervals much smaller than that, because renewing certificates is a nuisance.

The solution is similar to what was done for credit cards.

When the bank issues a credit card, it prints an expiration date, perhaps a year in the future. But sometimes a card is reported is stolen, or the bank might for some other reason like to revoke it.

The credit card company publishes a book of credit card numbers that stores should refuse to honour .these days, most stores are hooked to computer networks where they check the validity of the card. But in ancient times, merchants needed to rely on the hook of that credit card number, which was presumably published frequently.

3.3 BIOMETRICS

Biometrics are the another way to ensure the security mechanism. This authenticates the user by verifying either the one

which the user possesses or the one which user has as a physical features. The one which the user possesses may be a smart card or SID chip. The one which the user has may be his fingerprints or the facial expressions. There are variety of Biometrics devices available. All are too expensive to be in everyday use, but in some cases the costs are coming down to where we may see these.

Technology available today includes:

 Retinal Scanner. This is device that examines the tiny blood vessels in the back of your eye. The layout is as distinctive as a fingerprint and apparently easier to read. These devices are quite expensive and have a “psychologically threatening”

user interface.

 Fingerprint readers. This would seem an obvious technology since fingerprints have been used as a method of identification for many years. For some reason, automating this technology has never been very successful, though there are devices available.

 Face recognition. Looking at a digitized picture of a person, a computer can measure facial dimensions and do a good job of recognizing people just don’t show up at work with a black eye and a swollen jaw.

 IRIS scanner. Like a retinal scanner, this maps the distinctive layout of the iris of your eye. It has the major advantage of having a less intimidating user interface- rather than requiring you to look into a laser device; iris scans can be done with a camera several feet away and might even be done covertly.

 Handprint readers. These are more widely used than fingerprint readers. They measure the dimensions of the hand: finger length, width, and so on. They aren’t as accurate as fingerprints, but they are less expensive and less problem-prone.

 Voiceprints. It turns out that it’s possible to do a frequency spectrum analysis of someone’s eyes and get identification nearly as accurate as a fingerprint. This technology is in use, but has not caught on in spite of the fact that it should be fairly cheap. It can be defeated with a tape recording, and it may refuse to authenticate someone whose voice has shifted due to illness.

 Keystroke timing. The exact way in which people type is quite distinctive and experiments have been done with identification based on the way people type. There is a

problem that various injuries can throw off timing, and the networks that connect terminals and computers tend to loose the keystroke timing information before it reaches a processor that can use it.

 Signatures. There is a classic human form of authentication, and there are human experts quite adept at determining whether two signatures were produced by the same person.

Machines thus far have not been able to duplicate that ability. However, when not just the signature is recorded, but the actual timing of the moments that go into scribing the signature, there is sufficient information for authentication and some systems use this method, with the user signing on an electronic tablet.