Authentication

What can you tell about digital identity ?

It captures the subject as a set of attributes
It is unique given a context
Not necessarily linked to a real-life subject

What are the different factors of authentication ?

Knowledge factor : what you know (password, pin) ? Can be shared or forgotten
Possession factor : what you have (bank or id card) ? Can be shared, stolen or forgotten
Inherence factor : what you are/do (biometrics, behavior) ? Can't be shared, hard to forge and errors are possible

What are the different AAL ?

Some confidence : claimant shows control over a token bound to the account
High confidence : multi-factor authentication of claimant
Very high confidence : phishing and tamper resistant hardware-based multi-factor with cryptographic proofs

What are the different IAL ?

Self-asserted attributes (can claim anything). No need to link to real-life identity
Some evidence claims ID exists in real-world and is linked to the applicant (remote enrollment)
Physical presence with trained CSP representative which verifies identity attributes

What is a network security protocol ?

A network security protocol is a message exchange between several parties (over untrusted channel) to reach a security service using tools like symmetric or asymmetric cryptography.

What is Needham-Schroeder-Low authentication protocol ?

A - B : E(pkB, A | Na)
B - A : E(pkA, Na | Nb | B)
A - B : E(pkB, Nb)

In checking authentication of Alice, we should at least make sure of ?

Alice should prove possession of a token using a challenge that only Alice can answer, ensuring Alice is involved (pkA)
Freshness of Alice's response, no replay from earlier sessions (nonces).
Message context is clear, message cannot be confused with another message, possibly in a different session

What about Kerberos Authentication ?

Kerberos is a computer-network authentication protocol using tickets to allow nodes communicating over a non-secure network. It provides mutual authentication : both the user and the server verify each other's identity. Kerberos protocol messages are protected against eavesdropping and replay attacks and it uses symmetric cryptography and requires a trusted third party.

Steps of Kerberos Authentication

User logs into client (C) using password only once for all H (Application Service). From password, C computes KCS.
C contacts authentication server (S). S can compute KCS and it returns ticket for ticket granting service (T).
C contacts T. T knows which services client can use and returns ticket for H if use allowed.
C contacts H and H responds (mutual authentication H - C).

Think of a protocol that does uses a challenge-response mechanism but does not achieve authenticity.

A - B : E(pkB, A | Na)
B - A : E(pkA, Na | Nb)
A - B : E(pkB, Nb)

Think of a protocol that does uses encryption but does not achieve secrecy.

A - B : A
B - A : E(pkA, Nb)
A - B : E(pkB, Nb)

Taking the example of pin payments, what are the factors of authentication and what is the Authenticator Assurance Level ?

We need a card and a pin code thus knowledge and possession factors. AAL2 because pin is not phishing resistant so not AAL3.

Taking the example of contactless payments, what are the factors of authentication and what is the AAL ?

Only the card is needed so only possession factor. Thus AAL1 because we have only one factor.

At TU/e canvas service may use passwords and an authenticator app on the phone that provides additional factors (biometrics). The phone here acts as a multi-factor authenticator device that checks these factors and stores a token that it uses to provide a cryptographic proof to the verifier. With the established ID (student number) Canvas now uses its authorization rules to decide what access to give. What is the AAL and IAL ?

AAL3 and IAL2

How is generally achieved Authentication ?

Authentication is achieved using Challenge - Response mechanism.

What is the attack of the following protocol ?
A → B : E(pkB, A | Na)
B → A : E(pkA, Na | Nb)
A → B : E(pkB, Nb)

A - M : E(pkM, A | Na)
M(A) - B : E(pkB, A | Na)
B - M(A) : E(pkA, Na | Nb)
M - A : E(pkA, Na | Nb)
A - M : E(pkM, Nb)
M(A) - B : E(pkB, Nb)

What is the attack of the following protocol :
A → B : A
B → A : E(pkA, Nb)
A → B : E(pkB, Nb)

A - M : A
M(A) - B : A
B - M(A) : E(pkA, Nb)
M - A : E(pkA, Nb)
A - M : E(pkM, Nb)
M(A) - B : E(pkB, Nb)

How are generally stored the passwords ?

Some web apps store actual passwords so if they are hacked our password is stolen. The thing is to store the hash of the password along with a salt : Salt | H(Salt | Password). Thus user has to send its identity along with the password and the receiver passes the password into the hash function and compare.

Whta can we use for password guessing ?

For password guessing, we often use dictionary words and keyboard patterns : the complexity remain low even with added symbols. We can use dictionary, common names, add symbols, numbers.

Is password a good form of authentication ?

Even though passwords are very commonly used, they are a weak form of authentication (limited complexity and badly chosen passwords)