Authentication protocols
Key exchange protocols
Kerberos
Alice and Bob want to communicate securely over the Internet, they need to:
– authenticate
– establish and exchange keys
– agree to cryptographic operations and algorithms
Building blocks:
public-key (asymmetric) and secret-key(symmetric) algorithms, hash functions
Mutual Authentication: Shared Secret
– R1 and R2 should not be easily repeatable and predictable
otherwise and adversary, Trudy, can record and replay challenge and/or response to impersonate Alice or Bob
– Use large random values
– Kap needs to be protected at Alice and Bob(end points of communication)
Reflection Attack
I’m Alice R2 -> connection -> R1, E[Kab,R2]
Fixes:
Different keys for initiator and res ponder
Trudy can’t get Bob to encrypt using Alice’s key
Different type of challenges for initiator and responder
e.g., even number for initiator and odd number for responder