Authentication

Authentication Services:: digital signatures
interactive communication (client-server)
one-way communication (electronic mail)
Forms of Attack:: replay of messages
interference (inserting bogus messages)
Authentication Servers:: maintain a list of (user, key) pairs
securely distributes conversation keys

Digital Signatures (Public Key)

Requirements:

unforgable and unique: receiver: knows that a message came from the sender
sender: cannot deny authorship
message integrity: message signature unchangable
(e.g., cannot cut-and-paste a signature into a message)

Public Key System:

   sender, A:   (EA: public, DA: private)
   receiver, B:	(EB: public, DB: private)

   sender(A) ---- C= EB(DA(M)) ---> receiver(B)
   receiver(B) -- M = EA(DB(C)) ---> M

Secure Communication (Public Key)

Handshaking:

Obtaining a Public Key:

Suppose that A and B have not previously communicated. How does A securely obtain the public key of B?

An authentication server (AS) with a public key (PKAS) and a private, or secret, key (SKAS) is used as follows:

      A --> AS:    (A, B)
      AS --> A:    ESKAS(PKB, B)

Note:

The original message need not be encrypted
A can decrypt the response from AS using PKAS
A knows that the response can only have come from AS
A knows that the response contains the key for B

Go Back to the Operating Systems page.