Authentication

Authentication is the process by which entities can determine one another’s identity, and use this information to establish a secured communication between the entities. Identities are usually stored as crytographically signed certificates, and are typically represented as cryptographic keys. In this dissertation, when we refer to authentication, we are specifically talking about entity authentication. Entity authentication is defined as (from [76]):

Entity authentication mechanisms allow the verification of an entity’s claimed identity, by another entity. The authenticity of the entity can only be ascertained only for the instance of the authentication exchange.

Two users, Alice and Bob, wish to communicate across a network. When Bob receives a mes- sage from Alice, how does he know it comes from Alice and not an attacker, Eve? This is the fundamental problem that authentication protocols address. Furthermore, can Alice and Bob create a shared encryption key so that they may communicate in private, without Eve intercepting their messages. These problems are addressed using authentication and key-exchange protocols.

2.4.1 Simple Authentication Protocol

A simple challenge-response authentication protocol is shown in Figure 2.18. In this protocol, when a client wants to access a server, it sends its name, C. The server then sends the client a challenge in the form of a nonce encrypted with a key shared by the client and server, KSC. If the client can

then send the server the nonce, incremented by one and encrypted using the shared key, then the client has been authenticated by the server.

2.4 Authentication 49

Client Server

Access: (C) -

Challenge: {S,C,nonce}KSC Response: {C,S,nonce+1}KSC-

Figure 2.18: Challenge-Response Authentication Protocol

The challenge response protocol provides single-side authentication, that is the server has au- thenticated the client, but the client has no guarantee that it is talking to the correct server. There are many different authentication protocols providing a range of authentication guarantees. For exam- ple, some protocols provide single side authentication, while others provide two-way authentication. We now briefly examine two commonly used key exchange protocols, SSL/TLS and Kerberos.

2.4.2 SSL/TLS

SSL [92], or secure sockets layer, was originally developed by Netscape to provide authentication between web browsers and web servers on the Internet. It is probably the most common security protocol in use today. It is primarily used to provide secure communication between users and online shops, in order that personal and financial information is sent in an encrypted form between users and businesses. The SSL protocol (version 3) was submitted as a standard to the IETF, and when accepted was renamed transport layer security or TLS. Thus, SSL version 3 is virtually identical to TLS version 1. (We will refer to SSL/TLS henceforth simply as SSL).

SSL uses X.509 certificates, described in Section 2.5.1, to link identities to public keys. Each entity must share trusted certificates to be used to find a chain of trust to the other entity’s certificate. Usually each entity will have “root” certificates from certification authorities (CA) whom they trust to properly verify the identities of the entitys they write certificates for. In order for a certificate to be trusted by a entity, there must exist a certificate chain between a known trusted certificate and the certificate provided.

In general SSL can operate in either client-side authorisation, where just the client verifies the identity of the server, or in client and server side authentication, where both sides authenticate each other’s identity.

2.4.3 Kerberos

Kerberos [50, 138, 161] is an authentication protocol that uses a trusted third party to allow clients to authenticate themselves, and thus gain access to services on the network. The protocol uses two trusted parties, one to hold the shared encryption keys, and the other to control access to protected services on the network. The Kerberos model is based on the Needham-Schroeder trusted third party protocol [136]. The Kerberos server keeps a database of clients and their secret keys. Clients can be users or even software programs running on machines in the network. Clients requiring authentication, register their keys with the Kerberos server. As the Kerberos knows the secret keys of all the clients on the network, it can create messages that can convince one client of another client’s identity.

Using the Kerberos protocol, when a client wants access to a protected service on the network, they must contact the ticket granting service. The ticket granting service (TGS) can grant authenti- cated clients access to a service. First however, the client must be authenticated to the TGS. This is achieved using the Kerberos server as a trusted third party. The client contacts the Kerberos server and asks to be authenticated to the TGS. The server sends a “ticket granting ticket” (TGT), or a mes- sage containing a session key, or ticket, encrypted using the client’s secret key and also encrypted using the key shared by the Kerberos server and the TGS to the client. The client sends a message containing the TGT to the TGS, with its access request. The client and the TGS now share a secret, that is, the session key generated by the Kerberos server.

If the TGS determines that the access to the service is authorised, then it generates a new ticket for the client, containing a session key that the client and service will share (as before). This ticket will then be presented to the service by the client. In general, the ticket granting ticket will be long lived, for example it could be valid for a day, but the service ticket would be a more short-lived ticket, for example, suitable for a single access to the service.

Kerberos provides the ability to securely authenticate clients and servers using a trusted third party. Kerberos is used in a variety of applications, such as MIT’s Project Athena [139] and most recently, a modified version is used by Microsoft to provide authentication in their Windows net- working, since the release of Windows 2000 [50]. Kerberos is more than a simple authentication scheme. It also provides an access control mechanism to its users.