TKK | Tietoverkkolaboratorio | Opetus

[intro] [cryptography] [schemes] [protocols] [implementations] [authors]

Symmetric authentication schemes The following two schemes, unlike basic authentication and message digest authentication, use symmetric encryption. In addition to user AND server authentication, they provide confidentiality of information exchange. Three-way handshake authentication We will only mention that this scheme is based on the two parties sharing a secret key. The parties send to each other encrypted numbers that are based on an initial random number. Finally one of them chooses a session key and sends it encrypted to the other. The problem is the initial agreement on the secret key. Trusted third party authentication A more likely scenario is that the two participants know nothing about each other, but both trust a third party, This third party is sometimes called authentication server, and it uses a protocol to help the two participants authenticate each other.  In the following, we assume that Albert and Bob want to authenticate each other. Albert  contacts the authentication server (AS) indicating that he want to communicate with Bob. All information between Albert and AS is encrypted using a secret key Ka-as that is shared between Albert and AS.  Albert sends a message that can identifies himself and Bob to the AS saying he (A) hopes to contact with Bob (B) . As part of the exchange, Albert should authenticate the AS as we illustrate in the three-way handshake authentication. The AS knowing Ka-as authenticates Albert. The AS generates a nonce (a random number), R1. At the same time, the AS sends back an encrypted key to Albert not only containing the following: R1, the one session key that Albert and Bob will use to communicate but also containing a pair of values A and R1 encrypted by the AS using the Bob's secret key Kb-as.  Then Albert receives the message sent by the AS, verifies the nonce and save it. but he can not decrypt the pair value of A and R1 because he dose not know Bob's secret key. Now, what Albert  only to do is to simply forward this encrypted values A and R1 to Bob. Bob can decrypt the message from Albert using his secret key and extract A and R1. Now Bob know the session key R1, and the person who want to communicate with him. Albert and Bob now can trust each other´s identity and communicate securely with each other using the shared session key. Figure: Principle of trusted 3rd party. (Source WZ)

Tietoverkkolaboratorio on nyt osa Tietoliikenne- ja tietoverkkotekniikan laitosta. Tällä sivulla oleva tieto voi olla vanhentunutta.

Kurssien ajantasainen tieto on MyCourses-palvelussa.