Computer Security & Cyber Law

Compiled by: Krishna Bhandari

www.genuinenotes.com 1
Unit-4: Digital Signatures
and Authentication
Protocols

www.genuinenotes.com 2
 Authentication Basics
• Authentication is the verification of the
credentials of the connection attempt.
• Authentication is the binding of an identity
to a subject.
• This process consists of sending the
credentials from the remote access client
to the remote access server in an either
plaintext or encrypted form by using
an authentication protocol.
• The external entity must provide
information to enable the system to
confirm its identity.
www.genuinenotes.com 3
• This information comes from one (or more)
of the following.
1. What the entity knows (such as
passwords or secret information)
2. What the entity has (such as a badge or
card)
3. What the entity is (such as fingerprints
or retinal characteristics)
4. Where the entity is (such as in front of a
particular terminal)

www.genuinenotes.com 4
• The authentication process consists of
obtaining the authentication information
from an entity, analyzing the data, and
determining if it is associated with that
entity.
• This means that the computer must store
some information about the entity.
• We can represent these requirements in
an authentication system consisting of
five components.
1. The set A of authentication information
is the set of specific information with
which entities prove their identities. 5
www.genuinenotes.com
2. The set C of complementary information is
the set of information that the system stores
and uses to validate the authentication
information.
3. The set F of complementation functions that
generate the complementary information from
the authentication information. That is, for f
∈ F, f: A → C.
4. The set L of authentication functions that
verify identity. That is, for l ∈ L, l: A × C→{
true, false }.
5. The set S of selection functions that enable
an entity to create or alter the authentication
and complementary information.
www.genuinenotes.com 6
Passwords
• A password is an information associated
with an entity that confirms the entity’s
identity.
• Passwords are an example of an
authentication mechanism based on what
people know: the user supplies a password,
and the computer validates it.
• If the password is the one associated with
the user, that user’s identity is
authenticated.
• If not, the password is rejected and the
authentication fails.
www.genuinenotes.com 7
• The goal of an authentication system is to
ensure that entities are correctly
identified.
• If one entity can guess another’s
password, then the guesser can
impersonate the other.
• The authentication model provides a
systematic way to analyze this problem.
• The goal is to:
1. Hide authentication information
2. Prevent access to the authentication
functions. www.genuinenotes.com 8
Attacking a Password System
• The simplest attack against a password-
based system is to guess passwords.
• Attackers can guess passwords locally or
remotely using either a manual or
automated approach.
• Most networks aren't configured to require
long and complex passwords, and an
attacker needs to find only one weak
password to gain access to a network.
• Automated password guessing programs and
crackers use several different approaches.
www.genuinenotes.com 9
• A Dictionary attack is the guessing of a
password by repeated trial and error.
• A hacker uses a program or script to try
to login by cycling through combinations of
common words.
• Dictionary attacks work on the assumption
that most passwords consist of whole
words, dates, or numbers taken from a
dictionary.
• Dictionary attack tools require a
dictionary input list.
www.genuinenotes.com 10
• In Brute Force attack, a hacker uses a
computer program or script to try to log in
with possible password combinations,
usually starting with the easiest-to-guess
passwords until the result is obtained.
• The most time consuming—and most
successful—attack method is the brute-
force attack, in which the attacker tries
every possible combination of characters
for a password, given a character set (e.g.,
abcd…ABCD…1234…!@#$) and a maximum
password length.
www.genuinenotes.com 11
• Hybrid password guessing attacks assume
that network administrators push users to
make their passwords at least slightly
different from a word that appears in a
dictionary.
• Hybrid guessing rules vary from tool to
tool, but most mix uppercase and
lowercase characters, add numbers at the
end of the password, spell the password
backward or slightly misspell it, and
include characters such as @!# in the mix.

www.genuinenotes.com 12
• Keystroke logging, often referred to as
keylogging or keyboard capturing, is the
action of recording (logging) the keys
struck on a keyboard secretly so that the
person using the keyboard is unaware
that their actions are being monitored.
• Data can then be retrieved by the
person operating the logging program.
• Attackers often find it much easier to
reset passwords than to guess them.
• Many password cracking programs are
actually password resetters.
www.genuinenotes.com 13
• In most cases, the attacker boots from a
floppy disk or CD-ROM to get around the
typical Windows protections.
• Most password resetters contain a
bootable version of Linux that can mount
NTFS volumes and can help you locate and
reset the Administrator's password.
• A widely used password reset tool is the
free Petter Nordahl-Hagen program.

www.genuinenotes.com 14
Phishing:
• Phishing is a form of fraud in which an attacker
masquerades as a reputable entity or person in
email or other communication channels.
• The attacker uses phishing emails to distribute
malicious links or attachments that can perform
a variety of functions, including the extraction
of login credentials or account information from
victims.
• Phishing is popular with cybercriminals, as it is
far easier to trick someone into clicking a
malicious link in a seemingly legitimate phishing
email than trying to break through a computer's
defenses.
www.genuinenotes.com 15
• Phishing attacks are very simple to avoid.
• When you are asked to put your personal
information into a website, look up into the
URL bar. If for example you are supposed to
be on gmail.com and in the URL bar it says
something completely different
like gmail.randomsite.com, or gamilmail.com,
then you know this is a fake.
• When you are on the real gmail website, the
URL should begin
with www.gmail.com, everything else is a
fake.
www.genuinenotes.com 16
Countering password guessing
• Password guessing requires either the set
of complementation functions and
complementary information or access to
the authentication functions.
• In both approaches, the goal of the
defenders is to maximize the time needed
to guess the password.
• Some common password guessing are:
1. Random selection of passwords
2. Pronounceable passwords
www.genuinenotes.com 17
3. User Selection of passwords
• Passwords based on account and user names
• Dictionary words
• Patterns from keyword
• Passwords shorter than six characters
• Passwords containing only digits
• Passwords containing only uppercase or
lowercase letters, or letters and numbers, or
letters and punctuation
• Passwords used in the past
• Passwords with too many characters in
common with thewww.genuinenotes.com
previous (current) password
18
4. Reusable Passwords and Dictionary
Attacks
• Password reuse is a problem where people
try to remember multiple passwords for
everything they interact with on a regular
basis, but instead use the same
password on multiple systems, tiers of
applications, or even social sites.
5. Guessing Through Authentication
Functions

www.genuinenotes.com 19
 Password Aging
• Password aging is the requirement that a
password be changed after some period of
time has passed or after some event has
occurred.
• Guessing of passwords requires that access
to the complement, the complementation
functions, and the authentication functions
be obtained.
• If none of these have changed by the time
the password is guessed, then the attacker
can use the password to access the system.
www.genuinenotes.com 20
• Assume that the expected time to guess a
password is 180 days.
• Then changing the password more frequently
than every 180 days will, in theory, reduce
the probability that an attacker can guess a
password that is still being used.
• In practice, aging by itself ensures little,
because the estimated time to guess a
password is an average; it balances those
passwords that can be easily guessed against
those that cannot.
• If users can choose passwords that are easy
to guess, the estimation of the expected
time must look for a minimum, not an average.
www.genuinenotes.com 21
• There are problems involved in
implementing password aging.
• The first is forcing users to change to a
different password.
• The second is providing notice of the need
to change and a user-friendly method of
changing passwords.
• Password aging is useless if a user can
simply change the current password to the
same thing.
• One technique to prevent this is to record
the n previous passwords.
www.genuinenotes.com 22
• When a user changes a password, the
proposed password is compared with these n
previous ones.
• If there is a match, the proposed password is
rejected.
• The problem with this mechanism is that
users can change passwords n times very
quickly, and then change them back to the
original passwords.
• This defeats the goal of password aging.
• An alternative approach is based on time. In
this implementation, the user must change
the password to one other than the current
password.
www.genuinenotes.com 23
 Challenge Response
• Passwords have the fundamental problem
that they are reusable.
• If an attacker sees a password, she can
later replay the password.
• The system cannot distinguish between the
attacker and the legitimate user, and allows
access.
• An alternative is to authenticate in such a
way that the transmitted password changes
each time.
• Then, if an attacker replays a previously
used password, the system will reject it.
www.genuinenotes.com 24
• Let user U desire to authenticate himself
to system S.
• Let U and S have an agreed-on secret
function f.
• A challenge-response authentication
system is one in which S sends a random
message m (the challenge) to U, and U
replies with the transformation r = f(m)
(the response).
• S validates r by computing it separately.

www.genuinenotes.com 25
• Challenge-response algorithms are similar to
the IFF (identification—friend or foe)
techniques that military airplanes use to
identify allies and enemies.

Pass Algorithms
• Let there be a challenge-response
authentication system in which the function f
is the secret. Then f is called a pass
algorithm.
• Under this definition, no cryptographic keys
or other secret information may be input to f.
• The algorithm computing f is itself the
www.genuinenotes.com 26
secret.
One-Time Passwords
• A one-time password is a password that is
invalidated as soon as it is used.
• The ultimate form of password aging
occurs when a password is valid for
exactly one use.
• In some sense, challenge-response
mechanisms use one-time passwords.
• Think of the response as the password.
• As the challenges for successive
authentications differ, the responses
differ. www.genuinenotes.com 27
• A mechanism that uses one-time passwords is also
a challenge-response mechanism.
• The challenge is the number of the authentication
attempt; the response is the one-time password.
• The problems in any one-time password scheme are
the generation of random passwords and the
synchronization of the user and the system.
• The former problem is solved by using a
cryptographic hash function or enciphering
function such as the DES, and the latter by having
the system inform the user which password it
expects—for example, by having all the user’s
passwords numbered and the system providing the
number of the one-time password it expects. 28
www.genuinenotes.com
Hardware-Supported Challenge-Response
Procedures
• Hardware support comes in two forms: a
program for a general-purpose computer
and special-purpose hardware support.
• Both perform the same functions.
• The first type of hardware device,
informally called a token, provides
mechanisms for hashing or enciphering
information.
• With this type of device, the system
sends a challenge.
www.genuinenotes.com 29
• The user enters it into the device. The device
returns the appropriate response.
• Some devices require the user to enter a
personal identification number or password,
which is used as a cryptographic key or is
combined with the challenge to produce the
response.
• The second type of hardware device is
temporally based.
• Every 60 seconds, it displays a different
number.
• The numbers range from 0 to 10^n – 1,
inclusive.
www.genuinenotes.com 30
• A similar device is attached to the computer.
• It knows what number the device for each
registered user should display.
• To authenticate, the user provides his
login name. The system requests a
password.
• The user then enters the number shown on
the hardware device, followed by a fixed
(reusable) password.
• The system validates that the number is
the one expected for the user at that
time and that the reusable portion of the
password is correct.
www.genuinenotes.com 31
Challenge-Response and Dictionary Attacks
• Whether or not a challenge-response
technique is vulnerable to a dictionary attack
depends on the nature of the challenge and
the response.
• In general, if the attacker knows the
challenge and the response, a dictionary
attack proceeds as for a reusable password
system.
• Suppose a user is authenticating himself using
a challenge-response system.
• The system generates a random challenge r,
and the user returns the value Ek(r) of r 32
www.genuinenotes.com
enciphered using the key k.
• Then the attacker knows both r and Ek(r)
and can try different values of k until the
encipherment of r matches Ek(r).
• In practice, it is not necessary to know
the value of r.
• Most challenges are composed of random
data combined with public data that an
attacker can determine.

www.genuinenotes.com 33
 Biometrics
• Biometrics is the measurement and
statistical analysis of people's unique
physical and behavioral characteristics.
• Identification by physical characteristics
is as old as humanity.
• Recognizing people by their voices or
appearance, and impersonating people by
assuming their appearance, was widely
known in classical times.
• Efforts to find physical characteristics
that uniquely identify people include the
fingerprints, and DNA sampling.
www.genuinenotes.com 34
• Using such a feature to identify people
for a computer would ideally eliminate
errors in authentication.
• Biometrics is the automated measurement
of biological or behavioral features that
identify a person .
• When a user is given an account, the
system administration takes a set of
measurements that identify that user to
an acceptable degree of error.
• Whenever the user accesses the system,
the biometric authentication mechanism
verifies the identity.
www.genuinenotes.com 35
• Lawton points out that this is considerably
easier than identifying the user because no
searching is required.
• A comparison to the known data for the
claimed user’s identity will either verify or
reject the claim.
• Common characteristics are fingerprints,
voice characteristics, eyes, facial
features, and keystroke dynamics.
Fingerprints
• A fingerprint in its narrow sense is an
impression left by the friction ridges of a
human finger.
www.genuinenotes.com 36
• Fingerprints can be scanned optically, but
the cameras needed are bulky.
• A capacitive technique uses the
differences in electrical charges of the
patterns on the finger to detect those
parts of the finger touching a chip and
those raised.
• The data is converted into a graph in
which ridges are represented by vertices
and vertices corresponding to adjacent
ridges are connected.
• Each vertex has a number approximating
the length of the corresponding ridge. 37
www.genuinenotes.com
• At this point, determining matches
becomes a problem of graph matching.
• This problem is similar to the classical
graph isomorphism problem (similarity
between graphs), but because of
imprecision in measurements, the graph
generated from the fingerprint may have
different numbers of edges and vertices.
• Thus, the matching algorithm is an
approximation.

www.genuinenotes.com 38
Voices
• Authentication by voice, also called
speaker verification or speaker
recognition, involves recognition of a
speaker’s voice characteristics or verbal
information verification.
• The former uses statistical techniques to
test the hypothesis that the speaker’s
identity is as claimed.
• The system is first trained on fixed
passphrases or phonemes that can be
combined.
www.genuinenotes.com 39
• To authenticate, either the speaker says
the pass-phrase or repeats a word (or set
of words) composed of the learned
phonemes.
• Verbal information verification deals with
the contents of utterances (loud voice
expression).
• The system asks a set of questions such as
“What is your mother’s maiden name?” and
“In which city were you born?”
• It then checks that the answers spoken
are the same as the answers recorded in
its database.
www.genuinenotes.com 40
• The key difference is that speaker
verification techniques are speaker-
dependent, but verbal information
verification techniques are speaker-
independent, relying only on the content of
the answers.

Eyes
• Authentication by eye characteristics uses
the iris and the retina. Patterns within the
iris are unique for each person.
www.genuinenotes.com 41
• Hence, one verification approach is to
compare the patterns statistically and ask
whether the differences are random.
• A second approach is to correlate the
images using statistical tests to see if
they match.
• Retinal scans rely on the uniqueness of the
patterns made by blood vessels at the
back of the eye.
• This requires a laser beaming onto the
retina, which is highly intrusive.
• This method is typically used only in the
most secure facilities.
www.genuinenotes.com 42
Faces
• Face recognition consists of several steps.
First, the face is located.
• If the user places his/her face in a
predetermined position (for example, by
resting her chin on a support), the problem
becomes somewhat easier.
• However, facial features such as hair and
glasses may make the recognition harder.
• Techniques for doing this include the use
of neural networks and templates.
• The resulting image is then compared with
the relevant image in the database.
www.genuinenotes.com 43
• The correlation is affected by the
differences in the lighting between the
current image and the reference image, by
distortion, by “noise,” and by the view of the
face. The correlation mechanism must be
“trained.”
• Several different methods of correlation
have been used, with varying degrees of
success.
• An alternative approach is to focus on the
facial features such as the distance between
the nose and the chin, and the angle of the
line drawn from one to the other.
www.genuinenotes.com 44
Keystrokes
• Keystroke dynamics refers to the automated
method of identifying or confirming the identity
of an individual based on the manner and the
rhythm of typing on a keyboard.
• Keystroke dynamics requires a signature
based on keystroke intervals, keystroke
pressure, keystroke duration, and where the
key is struck (on the edge or in the middle).
• This signature is believed to be unique in the
same way that written signatures are unique.
• Keystroke recognition can be both static and
dynamic. www.genuinenotes.com 45
• Static recognition is done once, at
authentication time, and usually involves
typing of a fixed or known string.
• Once authentication has been completed,
an attacker can capture the connection (or
take over the terminal) without detection.
• Dynamic recognition is done throughout
the session, so the aforementioned attack
is not feasible.
• However, the signature must be chosen so
that variations within an individual’s
session do not cause the authentication to
fail. www.genuinenotes.com 46
• For example, keystroke intervals may vary
widely, and the dynamic recognition
mechanism must take this into account.
• The statistics gathered from a user’s typing
are then run through statistical tests (which
may discard some data as invalid, depending
on the technique used) that account for
acceptable variance in the data.

Combinations
• Several researchers have combined some of
the techniques described above to improve
the accuracy of biometric
www.genuinenotes.com authentication.47
• Plankensteiner and Wagner combined voice
sounds and lip motion with the facial image.
• Duc, Bigun, Maire, and Fischer describe a
“supervisor module” for melding voice and
face recognition with a success rate of
99.5%.
• The results indicate that a higher degree of
accuracy can be attained than when only a
single characteristic is used.

www.genuinenotes.com 48
Caution
• Because biometrics measures characteristics
of the individual, people are tempted to
believe that attackers cannot pose as
authorized users on systems that use
biometrics.
• Two assumptions underlie this belief.
• The first is that biometric device is accurate
in the environment in which it is used.
• For example, if a fingerprint scanner is
under observation, having it scan a mask of
another person’s finger would be detected.
www.genuinenotes.com 49
• But if it is not under observation, such a
trick might not be detected and the
unauthorized user might gain access.
• The second assumption is that the
transmission from the biometric device to
the computer’s analysis process is
tamperproof.
• Otherwise, one could record a legitimate
authentication and replay it later to gain
access.

www.genuinenotes.com 50
 Location
• Denning and MacDoran suggested an
innovative approach to authentication.
• The reason that if a user claims to be
Anna, who is at that moment working in a
bank in California but is also logging in
from Russia at the same time, the user is
impersonating Anna.
• Their scheme is based on the Global
Positioning System(GPS), which can
pinpoint a location to within a few meters.
www.genuinenotes.com 51
• The physical location of an entity is
described by a location signature derived
from the GPS satellites.
• Each location (to within a few meters) and
time (to within a few milliseconds) is unique,
and hence form a location signature.
• This signature is transmitted to
authenticate the user.
• The host also has a location signature
sensor (LSS) and obtains a similar signature
for the user.
• If the signatures disagree, the
authentication fails.
www.genuinenotes.com 52
• This technique relies on special-purpose
hardware.
• If the LSS is stolen, the thief would have to
log in from an authorized geographic location.
• Because the signature is generated from GPS
data, which changes with respect to time,
location, and a variety of unpredictable
actions resulting from the nature of the
electromagnetic waves used to establish
position, any such signature would be unique
and could not be forged.
• Moreover, if intercepted, it could not be
replayed except within the window of
temporal uniqueness.
www.genuinenotes.com 53
• This technique can also restrict the
locations from which an authorized user
can access the system.
• An interesting point is that the
authentication can be done continuously.
• The LSS simply intermingles signature
data with the transmitted data, and the
host checks it.
• If the connection were hijacked, the data
from the LSS would be lost.

www.genuinenotes.com 54
 Multiple Methods
• Authentication methods can be combined,
or multiple methods can be used.
• Authenticating by location generally uses
special-purpose hardware.
• Although the key feature of this technique
is physical location, without the LSS it will
not work.
• Techniques using multiple methods assign
one or more authentication methods to each
entity.
• The entity must authenticate using the specific
method, or methods, chosen.
www.genuinenotes.com 55
• The specific authentication methods vary
from system to system, but in all cases
the multiple layers of authentication
require an attacker to know more, or
possess more, than is required to spoof a
single layer.
• Some versions of the UNIX operating
system provide a mechanism called
pluggable authentication modules (PAM).
• A pluggable authentication module is a
mechanism to integrate multiple low-level
authentication schemes into a high-level
application programming interface.
www.genuinenotes.com 56
• It allows programs that rely on
authentication to be written independently
of the underlying authentication scheme.
• When a program authenticates a user, it
invokes a library routine,
pam_authenticate, that accesses set of
configuration files.

www.genuinenotes.com 57
Mutual(Symmetric, Public Key)
• Mutual authentication, also called two-
way authentication, is a process or technology in
which both client and server authenticate each
other's identities before actual communication
occurs.
• In a network environment,
the client authenticates the server and vice-
versa.
• This authentication process is common in web-
based and online applications. This is to ensure
that clients are communicating exclusively with
legitimate entities or servers and so the servers
can be certain thatwww.genuinenotes.com
the client attempting access
58
has a legitimate purpose.
• Mutual authentication is gaining
acceptance as a tool that can minimize the
risk of online fraud in e-commerce.
• The identities can be proven using trusted
third parties and by using shared secrets
or through cryptographic methods like a
public key infrastructure.
• So in a web-based mutual authentication
process, communication can occur only if
the client and the server trust each
other’s digital certificates.
• The certificate exchange is done through
Transport Layerwww.genuinenotes.com
Security (TLS) protocol.
59
• The core essence of this process is that
neither party trusts the other until
identities are proven.
• This simply means that the server must
be sure of who the client is and the client
must be sure of the server.
• This prevents security from being
compromised through simple attacks like
impersonation.
• Establishing the authentication using
certificate-based 2-Way SSL involves:
www.genuinenotes.com 60
1. A client requests access to a protected
resource.
2. The server presents its certificate to
the client.
3. The client verifies the server’s
certificate.
4. If successful, the client sends its
certificate to the server.
5. The server verifies the client’s
credentials.
6. If successful, the server grants access
to the protected resource requested by
www.genuinenotes.com 61

the client.
Fig: Mutual Authentication
www.genuinenotes.com 62
 One-Way(Symmetric, Public Key)
• One-way authentication is a process or
technology in which only client authenticates
server's identity before actual
communication occurs.
• This is to ensure that clients are
communicating exclusively with legitimate
servers.
• Establishing the authentication using
certificate-based 1-Way SSL involves:
1. A client requests access to a protected
resource. www.genuinenotes.com 63
2. The server presents its certificate to
the client.
3. The client verifies the server’s
certificate.
4. If successful, the client authenticates
the server as legitimate.

www.genuinenotes.com 64
Fig: One-way Authentication
www.genuinenotes.com 65
 Digital Signature:
• A digital signature is an authentication
mechanism that enables the creator of a
message to attach a code that acts as a
signature.
• A digital code (generated and
authenticated by public key encryption)
which is attached to an electronically
transmitted document to verify its
contents and the sender's identity.
• The signature guarantees the source and
integrity of thewww.genuinenotes.com
message. 66
• The most important development from the
work on public-key cryptography is the
digital signature.
• Typically the signature is formed by taking
the hash of the message and encrypting
the message with the creator’s private
key.
• The digital signature provides a set of
security capabilities that would be
difficult to implement in any other way.

www.genuinenotes.com 67
• The digital signature must have the
following properties:
1. It must verify the author and the date
and time of the signature.
2. It must authenticate the contents at the
time of the signature.
3. It must be verifiable by third parties, to
resolve disputes.
• Thus, the digital signature function
includes the authentication function.

www.genuinenotes.com 68
www.genuinenotes.com 69
• Digital signatures are based on public key
cryptography, also known as asymmetric
cryptography.
• Using a public key algorithm such as RSA, one
can generate two keys that are
mathematically linked: one private and one
public.
• To create a digital signature, signing software
(such as an email program) creates a one-way
hash of the electronic data to be signed.
• The private key is then used to encrypt the
hash.
• The encrypted hash is the digital signature.
www.genuinenotes.com 70
• The reason for encrypting the hash instead
of the entire message or document is that a
hash function can convert an arbitrary input
into a fixed length value, which is usually
much shorter.
• This saves time since hashing is much faster.
• The value of the hash is unique to the hashed
data.
• Any change in the data, even changing or
deleting a single character, results in a
different value.
• This attribute enables others to validate the
integrity of the data by using the signer's 71
www.genuinenotes.com
public key to decrypt the hash.
• If the decrypted hash matches a second
computed hash of the same data, it proves
that the data hasn't changed since it was
signed.
• If the two hashes don't match, the data
has either been tampered with in some
way (integrity) or the signature was
created with a private key that doesn't
correspond to the public key presented by
the signer (authentication).

www.genuinenotes.com 72
Direct Digital Signature
• The term direct digital signature refers to a
digital signature scheme that involves only the
communicating parties (source, destination).
• It is assumed that the destination knows the
public key of the source.
• Confidentiality can be provided by encrypting
the entire message plus signature with a
shared secret key (symmetric encryption).
• Note that it is important to perform the
signature function first and then an outer
confidentiality function.
www.genuinenotes.com 73
• In case of dispute, some third party must
view the message and its signature.
• If the signature is calculated on an
encrypted message, then the third party also
needs access to the decryption key to read
the original message.
• However, if the signature is the inner
operation, then the recipient can store the
plaintext message and its signature for later
use in dispute resolution.

www.genuinenotes.com 74
Arbitrated Digital Signature
• Implementing an arbitrated digital
signature invites a third party into the
process called a "trusted arbiter."
• The role of the trusted arbiter is usually
twofold: first this independent third
party verifies the integrity of the signed
message or data.
• Second, the trusted arbiter dates or
time-stamps the document, verifying
receipt and the passing on of the signed
document to itswww.genuinenotes.com
intended final destination.
75
• This approach requires suitable level of
trust in arbiter to ensure that the arbiter
is not biased and unauthorized
modification won’t be done.
• This can be implemented with either
private or public-key algorithms.

www.genuinenotes.com 76
 Digital Certificate
• A digital certificate is an electronic
"passport" that allows a person, computer or
organization to exchange information securely
over the Internet using the public
key infrastructure (PKI).
• A digital certificate may also be referred to
as a public key certificate or identity
certificate.
• A digital certificate authenticates the Web
credentials of the sender and lets the
recipient of an encrypted message know that
the data is from a trusted source (or a
sender who claims to be one).
www.genuinenotes.com 77
• A digital certificate is issued by a
certification authority (CA).
• A person (sender), who is sending an
encrypted message may obtain a digital
certificate from a CA to ensure
authenticity.
• The CA issues the digital certificate with
the applicant's public key, along with
other information such as holder name,
serial number, date of expiration and a
digital CA signature.
• It also issues its own public key in the
public domain viawww.genuinenotes.com
the Web. 78
• When a Web message is transmitted, a
digital certificate serves as an encrypted
attachment containing the public key and
other relevant identifying data.
• When the recipient receives the message,
the digital certificate is decoded using the
CA’s public key.
• Using various information residing in the
digital certificate, the recipient can send
an encrypted reply back to the sender.
• Digital certificates verify website
authenticity and legitimacy.
www.genuinenotes.com 79
• A browser may display an unsafe digital
certificate alert but still permit user
entry.
• This warning signals that the website is a
threat and security risk.
• The most common digital certificate
standard is X.509.

www.genuinenotes.com 80
 X.509 Certificate
• An X.509 certificate is a digital
certificate that uses the widely accepted
international X.509 public key
infrastructure (PKI) standard to verify that
a public key belongs to the user, computer
or service identity contained within the
certificate.
• An X.509 certificate contains information
about the identity to which a certificate is
issued and the identity that issued it.
• Standard information in an X.509
certificate includes:
www.genuinenotes.com 81
• Version – which X.509 version applies to
the certificate (which indicates what
data the certificate must include)
• Serial number – the identity creating the
certificate must assign it a serial number
that distinguishes it from other
certificates
• Algorithm information – the algorithm
used by the issuer to sign the certificate
• Issuer distinguished name – the name of
the entity issuing the certificate (usually
a certificate authority)
www.genuinenotes.com 82
• Validity period of the certificate –
start/end date and time
• Subject distinguished name – the name of
the identity the certificate is issued to
• Subject public key information – the
public key associated with the identity
• Extensions (optional)

Many of the certificates that people refer

to as Secure Sockets Layer (SSL)
certificates are in fact X.509 certificates.
www.genuinenotes.com 83
 Authentication Protocols
• An authentication protocol is a type
of cryptographic protocol specifically
designed for transfer
of authentication data between two
entities.
• It allows the receiving entity to
authenticate the connecting entity (e.g.
Client connecting to a Server) as well as
authenticate itself to the connecting
entity (Server to a client) by declaring
the type of information needed for
www.genuinenotes.com 84
authentication.
• The task of the authentication protocol is to
specify the exact series of steps needed for
execution of the authentication.
• It has to comply with the main protocol
principles:
➢ A Protocol has to involve two or more parties
and everyone involved in the protocol must
know the protocol in advance.
➢ All the included parties have to follow the
protocol.
➢ A protocol has to be unambiguous - each
step must be defined precisely.
www.genuinenotes.com 85
➢A protocol must be complete - must include
a specified action for every possible
situation.
• Authentication Protocols are used mainly
by Point-to-Point Protocol (PPP) servers to
validate the identity of remote clients
before granting them access to server data.
• Most of them are using a password as the
cornerstone of the authentication.
• The password has to be shared between the
communicating entities in advance.
• Some common types of authentication
protocols are: www.genuinenotes.com 86
PAP- Password Authentication Protocol
• Password Authentication Protocol is one of
the oldest authentication protocols.
Authentication is initialized by client/user
by sending packet
with credentials (username and password)
at the beginning of the connection.
• It is highly insecure because the
credentials are being transmitted over the
network in plain ASCII text thus it is
vulnerable even to the most simple attacks
like Eavesdropping and man-in-the-
middle based attacks.
www.genuinenotes.com 87
CHAP- Challenge-handshake authentication
protocol
• The authentication process in this protocol
is always initialized by the server/host and
can be performed anytime during the
session, even repeatedly.
www.genuinenotes.com 88
• Server sends a random string (usually
128B long).
• Client uses his password and the string
received as parameters for MD5 hash
function and then sends the result
together with username in plain text.
• Server uses the username to apply the
same function and compares the calculated
and received hash.
• An authentication is either successful or
unsuccessful.
www.genuinenotes.com 89
EAP - Extensible Authentication Protocol
• EAP was originally developed for
PPP(Point-to-Point Protocol) but today is
widely used in IEEE 802.1x authentication
framework.
• The advantage of EAP is that it is only a
general authentication framework for
client-server authentication - the specific
way of authentication is defined in its
many versions called EAP-methods.
• More than 40 EAP-methods exist, the
most common is EAP-MD5.
www.genuinenotes.com 90
 Authentication Service:
Kerberos V4
• Kerberos is a protocol
for authenticating service requests
between trusted hosts across an
untrusted network, such as the internet.
• Kerberos is built in to all major operating
systems including Microsoft Windows,
Apple OS and Linux.
• Kerberos was originally developed for
Project Athena at the Massachusetts
Institute of Technology (MIT).
www.genuinenotes.com 91
• The name Kerberos was taken from Greek
mythology; Kerberos was a three-headed
dog who guarded the gates of Hades.
• The three heads of the Kerberos protocol
represent a client, a server and a Key
Distribution Center (KDC), which acts as
Kerberos' trusted third-party
authentication service.
• KDC provides two services: an
authentication service and a ticket
granting service.
www.genuinenotes.com 92
• KDC "tickets" provide mutual authentication,
allowing nodes to prove their identity to one
another in a secure manner.
• Kerberos authentication uses DES
cryptography to prevent packets traveling
across the network from being read or
changed and to protect messages
from eavesdropping and replay attacks.
• To start the Kerberos authentication process,
the initiating client sends a request to
an authentication server for access to a
service.
www.genuinenotes.com 93
• The initial request is sent as plaintext because
no sensitive information is included in the
request.
• The authentication server retrieves the
initiating client's private key, assuming the
initiating client's username is in the KDC
database.
• If the initiating client's username cannot be
found in the KDC database, the client cannot be
authenticated and the authentication process
stops.
• If the client's username can be found in the KDC
database, the authentication server generates
a session key and awww.genuinenotes.com
ticket granting ticket. 94
• The ticket granting ticket is timestamped and
encrypted by the authentication server with
the initiating client's password.
• The initiating client is then prompted for a
password; if what is entered matches the
password in the KDC database, the encrypted
ticket granting ticket sent from the
authentication server is decrypted and used to
request a credential from the ticket granting
server for the desired service.
• The client sends the ticket granting ticket to
the ticket granting server, which may be
physically running on the same hardware as the
authentication server, but performing a
www.genuinenotes.com 95
different role.
• The ticket granting service carries out an
authentication check similar to that
performed by the authentication server,
but this time sends credentials and a
ticket to access the requested service.
• This transmission is encrypted with a
session key specific to the user and
service being accessed.
• This proof of identity can be used to
access the requested "kerberized"
service, which, once having validated the
original request, will confirm its identity
to the requesting system.
www.genuinenotes.com 96
• The timestamped ticket sent by the
ticket granting service allows the
requesting system to access the service
using a single ticket for a specific time
period without having to be re-
authenticated.
• Making the ticket valid for a limited time
period makes it less likely that someone
else will be able to use it later.

www.genuinenotes.com 97
www.genuinenotes.com 98
www.genuinenotes.com 99
Digital Signature Standard(DSS)
• Digital Signature Standard (DSS) is
the digital signature algorithm (DSA)
developed by the U.S. National Security
Agency (NSA) to generate a digital
signature for the authentication of
electronic documents.
• The Digital Signature Standard is intended
to be used in electronic funds transfer,
software distribution, electronic mail, data
storage and applications which require high
data integrity assurance.
www.genuinenotes.com 100
• The algorithm used behind the Digital
Signature Standard is known as the Digital
Signature Algorithm.
• The algorithm makes use of two large
numbers which are calculated based on a
unique algorithm.
• The digital signatures can be generated
only by the authorized person using their
private keys and the users or public can
verify the signature with the help of the
public keys provided to them.

www.genuinenotes.com 101
• However, one key difference between
encryption and signature operation in the
Digital Signature Standard is that
encryption is reversible, whereas the
digital signature operation is not.
• Another fact about the digital signature
standard is that it does not provide any
capability with regards to key distribution
or exchange of keys.
• In other words, security of the digital
signature standard largely depends on the
secrecy of the private keys of the
signatory. www.genuinenotes.com 102
• The Digital Signature Standard ensures
that the digital signature can be
authenticated and the electronic
documents carrying the digital signatures
are secure.
• The standard also ensures non-repudiation
with regards to the signatures and
provides security for improper tampering.
• The standard also ensures that digital
signed documents can be tracked.

www.genuinenotes.com 103
DSS Approach vs RSA Approach

www.genuinenotes.com 104
• The above figure contrasts the DSS
approach for generating digital signatures
to that used with RSA.
• In the RSA approach, the message to be
signed is input to a hash function that
produces a secure hash code of fixed
length.
• This hash code is then encrypted using the
sender’s private key to form the signature.
• Both the message and the signature are
then transmitted.
• The recipient takes the message and
produces a hash code.
www.genuinenotes.com 105
• The recipient also decrypts the signature
using the sender’s public key.
• If the calculated hash code matches the
decrypted signature, the signature is
accepted as valid.
• Because only the sender knows the private
key, only the sender could have produced a
valid signature.
• The DSS approach also makes use of a hash
function.
• The hash code is provided as input to a
signature function along with a random
number generated for this particular
signature.
www.genuinenotes.com 106
• The signature function also depends on
the sender’s private key and a set of
parameters known to a group of
communicating principals.
• We can consider this set to constitute a
global public key.
• The result is a signature consisting of two
components, labeled s and r.
• At the receiving end, the hash code of the
incoming message is generated.
• This plus the signature is input to a
verification function.
www.genuinenotes.com 107
• The verification function also depends on
the global public key as well as the
sender’s public key , which is paired with
the sender’s private key.
• The output of the verification function is
a value that is equal to the signature
component if the signature is valid.
• The signature function is such that only
the sender, with knowledge of the private
key, could have produced the valid
signature.
www.genuinenotes.com 108