A Study

on
User Authentication Protocols

Biswaraj Sen
Lecturer (C.S.E)
 Road Map
• What does Security mean?
• Goals of Security.
• What is Authentication?
• Classification of User Authentication Protocols.
• Challenge Response Protocols
• Diffie-Hellman Protocol
• Key Distribution Center (KDC)
• Needham-Schroeder Protocol
• Kerberos
• Summary
 What does Security Mean?
• In simplest form, it is concerned with
making sure that nosy people cannot
read/modify messages intended for other
recipients.
 Goals of Security
• Privacy: Sender and Receiver expect
confidentiality.
• Integrity: Content of a message has not
been altered.
• Authentication: Deals with determining
whom a system is communicating.
• Non-repudiation: Deals with signatures.
 Authentication
• Authentication is a technique that verifies
the identity of one entity for another.
• Categories of Authentication:
– Message Authentication: Identity of the sender
is verified for every single message.
– User Authentication: Identity of the user is
verified once for the entire duration of system
access.
 Classification of User
Authentication Protocol
• Based on Shared Secret Key:
– Example: Challenge Response Protocol.
• Based on Public key cryptography:
– Examples:
• Diffie-Hellman Protocol
• KDC
• Needham-Schroeder Protocol
• Kerberos
 Challenge Response Protocol
• Based on Shared Secret Key.
• Both communicating parties (Alice & Bob)
share secret key KAB agreed upon on the
somewhere else i.e. over telephone or in
person etc.
• Here one party sends a random number to
the other, who then transforms it in special
way and then returns the result.
 Working of Challenge Response
Protocol

ALICE BOB
1
A, RA
2
RB, KAB(RA)
3
KAB(RB)
A, B: Identifies Alice and Bob respectively
Ri’s: Signifies challenges, where the subscript identifies challenger
Ki’s: Signifies keys, where i indicates the owner.
 Attack on Challenge Response
Protocol

TRUDY BOB
1
A, RT
2
RB, KAB(RT)
3
A, RB
4
RB2, KAB(RB)
5
KAB(RB)

Protocol Defeated using Reflection Attack

Problems with Shared Secret Key

• n2 Problem: For n-numbers of

communicator, there is a need of n(n-1)/2
symmetric keys. Eg: n=5; Keys required
will be 10.
• For n-users, each user is required to
remember n-1 number of keys.
 Solution to the former problems
• Considering the n2 problems, it can be concluded
that-
“A Symmetric key between two parties is useful if
it is used only once i.e. key must be created for one
session and destroyed at the end of the session”
• Authentication Protocols based on Public Key
Cryptography provides solution to the above
mentioned problems.
 Diffie-Hellman Protocol
• Devised by Deffie and Hellman.
• Provides a one-time session key for two
parties.
• Two parties use the session key to exchange
data.
• Key is not required to be remembered or
stored for future use.
Prerequisites in Diffie-Hellman Protocol

Before establishing a symmetric key, the

two parties choose two numbers N and G
with the following constraints-
• N is a large prime number with restriction
that (N-1)/2 must also be prime number.
• G is also a large prime number without
any restriction.
• N and G need not be secret.
 Working of Diffie-Hellman Protocol

ALICE BOB

R1=Gx Mod N
R1

R2=Gy Mod N

R2
K=(R2)x Mod N K=(R1)y Mod N

x: Any random number chosen by Alice that is secret.

y: Any random number chosen by Bob that is secret.
 Why is it that both the values of Keys
evaluated by Alice and Bob are Equal?
• As per number theory:
(Gx Mod N)y Mod N = (Gy Mod N)x Mod N = Gxy Mod N
 Example of Diffie-Hellman Protocol

• Assume G=7 and N=23

• Alice chooses x=3 and Bob chooses y=6
• Calculation of Symmetric key:-
Step1: Alice evaluates R1=GxModN=21
Step2: Alice sends 21 to Bob
Step3: Bob evaluates R2=GyModN=4
Step4: Bob sends 4 to Alice
Step5: Alice evaluates symmetric key as-
K=(R2)xModN=18
Step6: Bob evaluates symmetric key as- K=(R1)yModN=18
 Man-in-the-middle Attack on D-H Protocol

ALICE EVE BOB

R1=Gx Mod N
R1
R2=Gz Mod N
R2
R2

R3=Gy Mod N
R3

K=(R2)x Mod N K1=(R1)z Mod N K=(R2)y Mod N

K2=(R3)z Mod N
Key Distribution Center (KDC)
• A KDC is a third party (which is always honest).
• It assigns symmetric key between two
communicating parties.
• Both parties are client of KDC.
• KDC creates session key KAB between
communicating parties Alice and Bob.
• KA: Symmetric key between Alice and KDC
• KB: Symmetric key between Bob and KDC
 KDC Operation

ALICE KDC BOB

A, B

KA
KAB
KB
A, B, KAB

KB
A, B, KAB

Exchange of data using KAB

 Attack on KDC
• Can be defeated using REPLAY attack.
• Eve can save the Third Message (as shown
below) and can replay it to Bob.
KB
A, B, KAB
 Needham-Schroder Protocol
• Based on the principle of Key Distribution
Center.
• Uses Multiple Challenge Response
Protocol.
 Working of Needham-Schroeder Protocol

ALICE BOB
A
KB
RB

RA, A, B KB
RB
KDC
KA
KB
RA sol, B,KAB KAB A RB sol
 Working of Needham-Schroeder
Protocol (Contd..)

ALICE BOB

KAB KB
R1 RB sol, A, KAB

KAB
R1-1, R2

KAB
R2-1

Data exchange
 Kerberos
• It is an authentication protocol based on KDC.
• Developed at MIT and has become very popular.
• Used in various systems including Win2000
• Kerberos include three types of Servers:-
– Authentication Server (AS)
– Ticket Granting Server (TGS)
– Real Server
 Kerberos (Contd..)
• Authentication Server:
– It is the KDC in Kerberos protocol.
– Each user registers with AS and is granted an Identity
and Password.
– AS maintains the database of each user with their
corresponding Identity and Password.
• Ticket-Granting Server:
– Issues a ticket for actual server.
• Real Server:
– Provides services to the users.
 Kerberos Operation

ALICE AS TGS BOB

A
KA
KS
KTG
A, KS

KS KTG
T B A, KS

KS KB
B, KAB A, KAB
 Kerberos Operation (Contd..)

ALICE AS TGS BOB

KAB KB
T A, KAB

KAB
T+1

Requesting and Receiving Services using KAB

 Summary
C-R D-H KDC N-S Kerberos
Simplicity Yes Yes No No No

Reaction Min Low Moderate High Very

Time High
Vulnerable Very Very High Min Min
to Attacks High High