In section 9.6 Eavesdropping and Server Database Reading it was asserted that t

Question

In section 9.6 Eavesdropping and Server Database Reading it was asserted that t is extremely difficult, without public key cryptography, to have an authentication scheme which protects against both eavesdropping and server database disclosure. Consider the following authentication protocol. Alice knows a password. Bob, a server that will authenticate Alice, stores a hash of Alice's password. Alice types her password to her workstation. The following exchange occurs: Alice types her name and password, sends to workstation Workstation computes hash of password, sends Alice's name to server Bob Server Bob responds with nonce R, sends to workstation Workstation computes hash of (hash of password, R), sends to Bob Bob computes hash of (hash of expected password, R), compares with received value Is this an example of an authentication scheme that isn't based on public key cryptography and yet guards again both eavesdropping and server database disclosure? Why or why not?

Explanation / Answer

It is indeed difficult to have an authentication scheme that guards against eavesdropping and server-side reading. The given protocol is a password-based authentication scheme that is not based on public key cryptography. This authentication scheme does provide protection against eavesdropping and server-side disclosure but it is a vulnerable scheme. The main advantage of this scheme that the user i.e. Alice in this case only need to remember the password. But, there are some serious security challenges that this system needs to tackle with. The main problem is eavesdropping. There is no security mechanism at the user’s machine so, in order to make the system secure, it is necessary for the user to change passwords at regular intervals and to remember the difficult and complex password. This is one of the biggest challenges that this authentication scheme faces. This scheme is vulnerable to online dictionary attacks in which malefactor simply tries different passwords. The protection against this attack is to limit the number of attempts allowed. This authentication is vulnerable to exposure of password file that requires offline dictionary attack. The defence against this is to (X, salt, hash(pwX, salt)) or the other dense is to store (X, encryptK(pwX)) where K is high-quality key, which is maintained only in B’s memory and not in any hard disk (i.e., manually entered when B is activated). Another point that needs focus is that the Bob is not being authenticated. One may use Lamport’s Hash for the same which allows the use of salt for authentication.Using hn-1 (pwd|salt) is used for authentication.Salt is stored at Bob's setup time and Bob would send salt each time along with n. These are the things that need attention while using this password based authentication scheme.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.