Lecture 10-Identification and Authentication Flashcards
What is the basic purpose of Fiat-Shamir?
Prover basically runs the identification scheme by itself to prove that the public key is indeed from her
Public Key Certification
A way to prove to Alice it is actually Bob’s public key. Using a trusted certification authority
How does Public key certification work?
Alice asks Certificate Authority to sign her public key, which creates a certification. Then bob obtains Alice’s public key and verifies the signature (as long as CA is trustworthy)
What is a digital certificate?
Binds entity to signature
What is the certification revocation list?
It’s a database that contains a list of revoked certificates due to expiration or key compromise or something else. Once added cannot be removed
What is the difference between identity, identification and authentication?
Identity is a unique entity, Identification is claiming who you are, Authentication is proving who you are
Lamport one time password
Start with a secret seed + some n, then server takes the secret seed and hashes it n times and stores it. Alice will hash it n-1 times and send it to whoever hashes it the last time to compare with the server entry (this proves it is actually Alice and Eve can intercept because she doesn’t know which counter they are at)
How to avoid replay attacks?
Attach a timestamp to messages. Attach a sequence number to each message used in an authentication. And finally challenge/response
What is challenge/response?
Claimant proves she knows a secret without sending it. Examples: secret-key cipher, keyed-hash function, public-key cipher, digital signature
Secret key cipher
Bob sends a nonce and Alice’s job is to encrypt it using their shared key. Problem? Not mutual authentication
Bidirectional Authentication
Alice also includes challenge for Bob and once Bob decrypts, he switches order of the nonces as proof he decrypted successfully. (Avoid replay attack where Bob sends the same thing back)
What is the problem with digital signature, bidirectional authentication?
Bob can get Alice to sign anything as a challenge if he goes rogue.
Zero Knowledge Authentication
Claimant proves she knows a secret without revealing it. Consists of witness, challenge, and response (witness is the claim the claimant makes, challenge is what Bob sends, response is Alice’s response)