Lect 20 Identification 1 Authentication v Entity Authentication

Lect. 20. Identification 1

Authentication v Entity Authentication (Identification) • Over the communication network, one party, Alice, shows to another party, Bob, that she is the real Alice. • Authenticate an entity by presenting some identification information • Should be secure against various attacks • Through an interactive protocols using secret information v Message Authentication • Show that a message was generated by an entity • Using digital signature or MAC 2

Approach for Identification v Using Something Known • Password, PIN v Using Something Possessed • IC card, Hardware token v Using Something Inherent • Biometrics 3

Approach for Identification Method Examples What you Password Remember Telephone # (know) Reg. # What you have Registered Seal Magnetic Card IC Card What you are Bio-metric (Fingerprint, Eye, DNA, face, Voice, etc) Reliability Security M/L M (theft) L (impersonation) Cost Cheap M L (theft) Reason. M (impersoable nation) H H (theft) H (Impersonation) Expensive 4

Approach for Identification v Password-based scheme (weak authentication) – crypt passwd under UNIX – one-time password v Challenge-Response scheme (strong authentication) – Symmetric cryptosystem – MAC (keyed-hash) function – Asymmetric cryptosystem v Using Cryptographic Protocols – Fiat-Shamir identification protocol – Schnorr identification protocol, etc 5

Identification by Password Prover Verifier passwd table passwd, A A A h(passwd) passwd = h Sniffing attack Replay attack - Static password y accept n reject 6

S/Key (One-Time Password System) client Host Hash function f() pass-phrase S compute f(S), f(f(S)), . . , X 1, X 2, X 3, . . . , XN store XN+1 Initial Setup 1. login ID 2. N 3. compute f. N(S) = XN 4. XN 6. compare 7. store 5. compute f(XN) = XN+1 7

Identification using Biometric Trails 8

Biometric Recognition System 9

Fake Fingerprint 10

Applications 11