ICT 6541

Applied Cryptography
Dr. Hossen Asiful Mustafa
 Entity Authentication
 Entity Authentication is a technique designed to let one
party prove the identity of another party.
 An entity can be a person, a process, a client, or a
server.
 The entity whose identity needs to be proved is called
the claimant
 The party that tries to prove the identity of the claimant
is called the verifier.
2
 Message Authentication vs.
Entity Authentication
 There are two differences between
message authentication, and entity authentication
 Message authentication might not happen in real time; entity
authentication does.
 Message authentication simply authenticates one message;
the process needs to be repeated for each new message.
Entity authentication authenticates the claimant for the entire
duration of a session.

3
 Verification Factor
 Something you know
 Password, PIN, etc.
 Something you have
 Smart card, mobile phone, etc.
 Something you are
 Fingerprint, Iris, etc.
 Where you are
 Location
4
 Two-factor authentication
 Use of an ATM card (something you have) with a PIN
(something you know).
 Use of an fingerprint (something you are) with a PIN
(something you know).
 Use of an smartphone (something you have) with a
fingerprint (something you are).

5
 Passwords
 The simplest and oldest method of entity
authentication is the password-based authentication,
where the password is something that the claimant
knows.
 Two types:
 Fixed password
 One-time password

6
 Fixed Password: Plain

 Possible Attacks
 Eavesdropping
 Stealing a password
 Accessing a password file
7
 Guessing
 Fixed Password: Hashed

 Dictionary attack
 Create a list of password, calculate the hash value, and search the
second-column entries to find a match.
8
 Fixed Password: Salted Hash

 When the password is created, a random string, called the salt, is

concatenated to the password. The salted password is then hashed.
 The Unix OS uses a variation of this method.
9
 One-Time Password
 A one-time password is a password that is used only
once.
 There are several approaches:
 The user and the system agree upon a list of passwords and
use each password once
 The user and the system agree to sequentially update the
password.
 The user and the system create a sequentially updated
password using a hash function.
10
 One-Time Password: Lamport

 Alice and Bob agree upon an

original password P0 and a
counter n.
 The system stores the identity of
Alice, the value of n and the hash. 11
 Challenge-Response
 In challenge-response authentication, the claimant
proves that she knows a secret without sending it.
 The challenge is a time-varying value sent by the
verifier; the response is the result of a function applied
on the challenge.
 Several mechanisms:
 Using a Symmetric-Key Cipher
 Using Keyed-Hash Functions
 Using an Asymmetric-Key Cipher
 Using Digital Signature 12
 Using a Symmetric-Key
Cipher: Nonce Challenge

 ID of claimant
 The challenge: RB is the nonce randomly chosen by the Bob to challenge Alice
 Alice encrypts the nonce using the shared secret key known only to Alice and
Bob. Bob decrypts the message. If the nonce obtained from decryption is the
same as the one sent by Bob.
13
 Using a Symmetric-Key
Cipher: Timestamp Challenge

 The challenge message is the current time sent from the verifier
to the claimant.
 The claimant encrypt Alice ID and time with Alice-Bob secret key.

14
 Using a Symmetric-Key
Cipher: Bi-directional

 Alice ID
 The challenge from Bob to Alice RB
 Alice respond and send her challenge RA
 Bob’s response. RA and RB are switched to prevent a replay attack.
15
 Using Keyed Hash
Functions

 The challenge message is the current time sent from the verifier
to the claimant.
 The timestamp is sent both as plaintext and as text scrambled by
the keyed-hash function.
 Bob compares his calculation with what he received.
16
 Using an Asymmetric-Key Cipher:
Unidirectional, asymmetric-key

1. Challenge is encrypted with Alice’s public key

2. Alice decrypts with her private key and responds 17
Using an Asymmetric-Key Cipher
Bidirectional, asymmetric-key

18
Using Digital Signature:
Unidirectional

19
Using Digital Signature
Bidirectional

20
 Zero Knowledge Protocol
(ZKP)
 In zero-knowledge authentication, the claimant does not reveal
anything that might endanger the confidentiality of the secret.
 The claimant proves to the verifier that she knows a secret,
without revealing it.
 The verifier accepts or rejects the proof after multiple challenges
and responses
 Probabilistic Proof Protocol
 Overcomes Problems with Password Based Authentication

21
 Properties of ZKP
 Completeness
 Succeeds with high probability for a true assertion given an
honest verifier and an honest prover.

 Soundness
 Fails for any other false assertion, given a dishonest prover
and an honest verifier

22
 Advantages of ZKP
 As name Suggests – Zero Knowledge Transfer
 Computational Efficiency – No Encryption
 No Degradation of the Protocol
 Design is based on problems like discrete logarithms
and integer factorization

23
 Fiat-Shamir Identification
Protocol
 Alice A, the Prover and Bob B, the Verifier
 A chooses secret s relatively prime to n, where s is the private
key
 A computes v = s2 mod n, where v is the public key
 Alice chooses a random number r (1  r  n-1)
 3 Message Protocol
1. A  B: x = r2 mod n (commitment)
2. A  B: e  { 0,1} (Bob randomly sends e as his challenge)
3. A  B: y = r * se mod n (Alice sends the response)
 Bob accepts the response upon checking y2  x * ve mod n 24
Fiat-Shamir Identification
Protocol

25
 Fiat-Shamir Identification
Protocol
 After many iterations, with a very high probability Bob can verify
Alice’s identity
 Alice’s response must be valid in every iteration
 Alice’s response does not reveal the secret s (with y = r or y = r*s
mod n)
 An intruder can prove Alice’s identity without knowing the secret,
if he knows Bob’s challenge in advance:
 Generate random r
 If expected challenge is 1, send x = r2/v mod n as commitment, and
y = r as response
 If expected challenge is 0, send x = r mod n as commitment 26
 Fiat-Shamir Identification
Protocol
 Probability that any Intruder impersonating the prover
can send the right response is only ½
 Probability reduced as iterations are increased
 Important - Alice should not repeat r

27
 Cave Example
• The door can only be opened
with a magic word.
• Alice claims that she knows
the word and that she can open
the door.
• Bob and Alice are at 1.
• Alice enters and reaches the
point 2.
1. Alice chooses to go either right or left (r). After Alice disappears, Bob comes to point
2 and asks Alice to come up from either the right or left (e).
2. if Alice knows the magic word, she will come up from the right direction (y2). If she
does not know the word, she comes up from the right direction with ½ probability.
3. The game will be repeated many times. 28
 Feige-Fiat-Shamir Protocol
 Alice A, the Prover and Bob B, the Verifier
 A random modulus n, product of two large prime
numbers p and q generated by a trusted party and
made public
 A chooses k secrets s1, s2, …, sk relatively prime to n
 A computes k different numbers, v1, v2,…, vk such that
vi = si2 mod n, where
 vi is the public key and
 si is the private key
29
 Feige-Fiat-Shamir Protocol
 Alice chooses a random number r (1  r  n-1)
 Sends to Bob x = r2 mod n (commitment)
 Bob randomly sends a random binary string of k-bits, b1, b2, …bk,
as his challenge
 Depending on the challenge from Bob, Alice computes the
response as
y = r * (s1b1 * s2b2 *...* skbk) mod n.
 Bob accepts the response upon checking
x = y2 * (v1b1 * v2b2 *...* vkbk) mod n
30
Feige-Fiat-Shamir Protocol

31
 Feige-Fiat-Shamir Protocol
 Repeat this protocol t times, until Bob is convinced
that Alice knows s1, s2,..., sk.
 The chance that Eve can fool Bob is 1 in 2kt.
 The authors recommend a 1 in 220 chance of Eve
fooling Bob and suggest that k = 5 and t = 4.
 The value of k and t can be increased for higher
security

32
 BIOMETRICS
 Biometrics is the measurement of physiological or behavioral
features that identify a person
 Biometrics measures features that cannot be guessed, stolen, or
shared.
 Components
 Enrollment
 Authentication
 Techniques
 Accuracy
 Applications
33
 Components
 Several components are needed for biometrics:
 Capturing devices,
 Processors, and
 Storage devices.

34
 Enrollment
 Before using any biometric techniques for
authentication, the corresponding feature of each
person in the community must be registered in the
database.
 The registration process is referred to as enrollment.

35
 Authentication
 Two type of scheme:
 Verification
• 1-to-1 matching of biometric feature
• Requires unique ID
 Identification
• 1-to-n matching of biometric feature
• Used to identify unknown entity
• Very expensive operation

36
Technique

37
 Accuracy
 Varies from scheme to scheme
 Fingerprint is now very standardized
 Example: WSQ format
 Face recognition is available in smartphone!
 Cost varies based on scheme
 Accuracy still not 100%

38
 Applications
 Attendance
 Banking
 Access Control
 Law Enforcement
 Mobile Phone Registration

39
Reference
Cryptography and Network Security by Forouzan

40