Let us now concentrate on the problem of authenticating a system or a user. This problem is generally handled using three different mechanisms: based on shared secret, based on public key, and based on third party.
2.3.1 Shared Secret Based Authentication
The first mechanism is through sharing a secret. For example, when I call my bank to get the details of my account they ask for a secret PIN number which is supposed to be known only to me. Most of the digital systems also work by the principle of shared secret. One way to implement such a system would be to share a password between the authenticator and the user. In this type of system, the authenticator asks the user for a password which when disclosed will allow the user to enter the system. This type of system is perhaps the most prevalent mechanism of authentication that is used. These systems are simple to implement and are computationally in- expensive because the password supplied by the user is checked with a hash of the password which is stored in some database. The checking process is simple and does not require any extra computation. However this type of system is vulnerable in two ways. Firstly the password is sent unencrypted over the wire which can be easily tapped by a malicious ad- versary. Therefore the password has to be encrypted by different mecha- nisms as mentioned earlier. Secondly, choosing the password itself is a dif- ficult problem as automated tools are available which can guess a password with relative ease and accuracy [42]. Therefore a password based system cannot be used where strong authentication is the need of the hour. Another way to implement the shared secret would be through a challenge mechanism. Here the authenticator would challenge the user to encrypt a bit of known information by using the shared key. So the user responds by encrypting the required information and is allowed to access the system once the encrypted information has been validated by the authenticator. In this type of system the shared secret needs to be changed periodically so that the adversary cannot guess the secret. These systems are slightly more expensive than the password based system. Another vulnerability which
dogs the challenge based systems is the man-in-the-middle attack. Let us assume that Alice is the user and Bob is the authenticator and Charlie is a malicious adversary. When Bob challenges Alice, Charlie grabs the mes- sage and sends the same message to Alice. Alice sends the answer to the challenge; Charlie taps those and sends it to Bob. Now Bob will think that it has authenticated Alice and would allow Alice to access the system. In realty it is Charlie who is accessing the systems as he is acting as the man in the middle between Alice and Bob. This vulnerability prevents the chal- lenge based systems to be the sole mechanism of authentication and is generally used in conjunction with the other mechanisms which will be discussed subsequently.
2.3.2 Public Key Based Authentication
Going back to the example of the HR manager sending the letter of promo- tion to the employee, how does the employee believe the contents of the letter? When the employee looks at the letter he finds that the letter is signed by the HR manager. Since he can always verify the signature of the HR manager he can always determine the authenticity of the letter. Public key based authentication uses the principle described above. In this type of scheme the user has a public and private key pair and the authenticator knows the public key of the user. The user encrypts standard information with his/hers private key. The authenticator can verify the authenticity by decrypting the same information with the user’s public key. This type of mechanism is very secure and is generally tamper proof. The biggest prob- lem in adopting the system in wide scale is the scalability of the system. Take a scenario where there are millions of users using a particular com- puting infrastructure and there is the need for authentication of each and every user. This happens in case of a Website where not only there are mil- lions of users but also the nature of the users is transient. Many of the users may be home users who do not possess a public-private key pair. It is also difficult for the authenticator to maintain the public information of so many users. So in reality a variation of this scheme is used which is called the certificate based system or third party authentication schemes.
2.3.3 Third Party Authentication Schemes
When a person tries to enter a new country, the immigration department of the country mandates that the person possesses valid passport and visa to enter the country. In this case, the immigration department does not know the person entering the country. However the department believes some
22 2 Overview of Security
third party like the person’s own country issuing the passport and the con- sulate issuing the visa. This is a classic case of third party authentication where the authenticator does not know the user, however uses a third party credential (in this case passport/visa) for authentication purposes. In digital systems also this type of authentication is very popular. Here the user gets a digital certificate from a Certificate Authority (CA) which is a known third party. Certificates are nothing but information about the user hashed and then signed by the CA’s private key. Since the public key of the CA is widely known therefore the authenticator has no problem in validating the certificate and hence authenticating the user to access the system based on the certificate. However this type of system mandates that each user has a public key which can be validated by the Certificate Authority. This means that there is a need for Public Key Infrastructure (PKI) to make the above scheme work. This may not be feasible always, especially in the Internet scenario. Another mechanism of third party based authentication used in the Kerberos system is to have a key distribution center (KDC) which au- thenticates the user using a standard mechanism like using a password. The KDC generates a session key for the user to access the system encrypted with the systems public key. More details about the Kerberos system will be provided subsequently.