Lecture 10-Identification and Authentication Flashcards

1
Q

What is the basic purpose of Fiat-Shamir?

A

Prover basically runs the identification scheme by itself to prove that the public key is indeed from her

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Public Key Certification

A

A way to prove to Alice it is actually Bob’s public key. Using a trusted certification authority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How does Public key certification work?

A

Alice asks Certificate Authority to sign her public key, which creates a certification. Then bob obtains Alice’s public key and verifies the signature (as long as CA is trustworthy)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a digital certificate?

A

Binds entity to signature

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the certification revocation list?

A

It’s a database that contains a list of revoked certificates due to expiration or key compromise or something else. Once added cannot be removed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the difference between identity, identification and authentication?

A

Identity is a unique entity, Identification is claiming who you are, Authentication is proving who you are

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Lamport one time password

A

Start with a secret seed + some n, then server takes the secret seed and hashes it n times and stores it. Alice will hash it n-1 times and send it to whoever hashes it the last time to compare with the server entry (this proves it is actually Alice and Eve can intercept because she doesn’t know which counter they are at)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How to avoid replay attacks?

A

Attach a timestamp to messages. Attach a sequence number to each message used in an authentication. And finally challenge/response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is challenge/response?

A

Claimant proves she knows a secret without sending it. Examples: secret-key cipher, keyed-hash function, public-key cipher, digital signature

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Secret key cipher

A

Bob sends a nonce and Alice’s job is to encrypt it using their shared key. Problem? Not mutual authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Bidirectional Authentication

A

Alice also includes challenge for Bob and once Bob decrypts, he switches order of the nonces as proof he decrypted successfully. (Avoid replay attack where Bob sends the same thing back)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the problem with digital signature, bidirectional authentication?

A

Bob can get Alice to sign anything as a challenge if he goes rogue.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Zero Knowledge Authentication

A

Claimant proves she knows a secret without revealing it. Consists of witness, challenge, and response (witness is the claim the claimant makes, challenge is what Bob sends, response is Alice’s response)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly