Authentication Strong Password Protocol 1
Strong Password Protocol Scenario : Alice uses any workstation to log to the server B, using a password to authenticate her self. Various way to do that? Use Ur Imagination!! & Don t flip the page :P 2
Strong Password Protocol This could be done as follows 1. Simply transmit the password over the wire ( Vulnerable to eavesdropping!!) 2. Use Diffie-Hellman exchange to establish a secret key and send the password encrypted with that key. 3. Hash the password and use it as a secret key in authentication handshake. 4. One time password scheme ( will be discussed ). 5. Use strong password protocol ( will be discussed). 3
1. LAMPORT s Hash One time hash scheme. Allow Bob to authenticate Alice avoiding 1. Eavesdropping. 2. Impersonating Alice. Each user has the following 1. Username. 2. n, an integer which is decremented every time B is authenticating that user. 3. Hash n (password) = hash ( hash ( hash ( hash( password)) n times. 4
1. LAMPORT s Hash One a Alice is communicating with Bob for the first time, a configuration session will be launched. Alice will chose a password. Alice will chose a large number (n) Alice workstation will compute Hash n (password) and send it to Bob along with (n). Bob will save this information in Alice profile. 5
1. LAMPORT s Hash When Alice wish to prove her identity to Bob 1. Alice send her username and pwd to the workstation. 2. The workstation will send Alice name to Bob. 3. Bob send back n. 4. The workstation will compute X= Hash n-1 (password) and send the result to Bob. 5. Bob will compute hash ( X) and compare it the with hash in Alice s profile, if matched then Alice is authenticated. 6. Bob replace X with the hash value in Alice profile. 7. Bob replace n by n-1 6
Alice Workstation 1. LAMPORT s Hash If n gets to 1, Alice then needs to set her password again with Bob. Add diagram Alice Alice Bob Alice, Pwd n X= Hash n-1 (pwd) Knows <n, X= H n (pwd) > 7
1. LAMPORT s Hash An enhancement is to LAMPORT s hash add Salt. Salt is a number that Alice chose during the configuration session. Salt is stored at Bob s and concatenating with password before storing. Rather than computing Hash n (password), the enhanced LAMPROT hash will compute Hash n (password Salt) To set the password, the workstation will only need to chose a new Salt. And send Bob : Hash n (password new Salt), n and new salt value. 8
1. LAMPORT s Hash What are the benefits from Salt? 1. When Alice is dealing with multiple servers, she can use the same password with multiple salt values concatenated with server name i.e: Hash n (password Salt servername). 2. Alice doesn't need to reset her password when n reach to 1. 3. When an intruder is stealing Bob s database that stores all password, he can t compute their hashes because it require the knowledge of salt value. 9
1. LAMPORT s Hash LAMPORT S hash drawbacks 1. You have to do a reconfiguration every time n reaches to 1. 2. No mutual authentication. 3. Small n attack. 1. Trudy is impersonating bob 2. Trudy send Alice a small number n < Bob s n. 3. Alice will send password hashed n times to Trudy. 4. Now Trudy can simply impersonate Alice. Simple Solution? 10
2. Strong Password Protocols Protocol that are designed to prevent eavesdropping, dictionary attack and impersonating. 1. Encrypted Key Exchange EKE It s the first string pwd protocol. Other protocols are conceptually adapted from EKE. 11
2. Strong Password Protocols : EKE 1. Encrypted Key Exchange EKE The idea of EKE is 1. Alice & Bob share a secret key W, which is a hash of Alice s pwd. 2. Alice knows W because it the hash of her password, Bob Know W because he is storing it. 3. Both A&B do a Diffie-Hellman exchange 1. The encrypt Diffie-Helman numbers using W. 2. Do mutual authentication based on Diffie-Helman shared secret. 12
2. Strong Password Protocols : EKE Alice Share secret W= f(pwd) Bob Chose Random x A Challenge C2 Alice, W{a x A mod q} W{a x B mod q} K = a x A. x B mod q K{c1,c2} K{c2} Chose Random x B Challenge C1 13
2. Strong Password Protocols : Augmented EKE Similar to EKE with additional security propriety: Preventing someone who stole the server database from impersonating. The server is going to prime number(p) derived from the password, but the client is required to know the password. The server also store 2 W mod p where W = hash (user password). 14
2. Strong Password Protocols : Augmented EKE Similar to EKE with additional security propriety: Preventing someone who stole the server database from impersonating. The server is going to prime number(q) derived from the password, but the client is required to know the password. The server also store 2 W mod q where W = hash (user password). 15
2. Strong Password Protocols : Augmented EKE Alice Bob Chose A Compute W, q from password 2 a mod q 2 b mod q, Hash (2 ab mod q, 2 bw mod q) Hash (2 ab mod q, 2 bw mod q) Store Alice q 2 b mod q Chose b 16