Module III:

Authentication:

Authentication:

Authentication is the process of determining if a user or identity is who they claim to be. Authentication is accomplished using something the user knows (e.g. password), something the user has (e.g. security token) or something of the user (e.g. biometric).

Authentication enables the network to only admit the authorized users to have access to its resources. It provides the way where the claimed identifier is verified by the access control mechanisms through some means.

Authentication Methods:

Passwords :

Passwords are the most popular authentication methods, and all the subjects used them for multiple services. Authentication with this method is very straight forward and people perceived it as "secure enough". Subjects were conscious about the length of their password and security. On the other side looking from the negative point of view this leads to multiple passwords and it gets hard to remember.

The usability perceptions were consistent with the questionnaire results where people think passwords are acceptable method of authentication. When asked if they would consider using weaker passwords on services for mobile devices, which may have limited input capabilities (for instance a small keypad), most of respondents wouldn't sacrifice security for usability by having a shorter password.

Tokens:

All the subjects used tokens in some form, either through paper tabels (for altinn), key generators (for BankID) or through SMS (altinn, skandiabanken). The subjects perceived tokens as secure and with high usability. Two subjects were skeptical regarding token generators integrated in phones because of grouping too many services into one device.

Location:

The subjects were positive to the usability aspect, as location tracking happens without user input. However some expressed concerns about privacy issues, and it is perceived a bit too complicated at this stage. Maybe if the subjects were more familiar with this technology we could go more in depth with this discussion.

Biometrics:

Most of the subjects liked the aspect of quick login, but are conscious about the risk of data loss. Data loss is perceived bad because it contain sensitive information about themselves, not necessarily because of practical issues such as the fact that one is unable to change biometric factors, but a general impression of that loosing private data is bad and should be avoided. Face recognition was also considered as more negative because of giving away too much information about one self.

Fingerprint is still the one most preferred biometrical method, as it was in the questionnaire results. Some users have experience with it, although these ranged from very positive to poor, as result of the methods functionality. All the subjects had some ideas of fingerprint, and other than privacy issues

Message digest:

A message digest (also known as a cryptographic checksum or cryptographic hashcode) is nothing more than a number - a special number that is effectively a hashcode produced by a function that is very difficult to reverse.

A message digest is also a hash function. It takes a variable length input - often an entire disk file - and reduces it to a small value (typically 128 to 512 bits). Give it the same input, and it always produces the same output. And, because the output is very much smaller than the potential input, for at least one of the output values there must be more than one input value that can produce it; we would expect that to be true for all possible output values for a good message digest algorithm.

A simple hash function takes some input, usually of indefinite length, and produces a small number that is significantly shorter than the input. The function is many to one, in that many (possibly infinite) inputs may generate the same output value.

The function is also deterministic in that the same output value is always generated for identical inputs. Hash functions are often used in mechanisms that require fast lookup for various inputs, such as symbol tables in compilers and spelling checkers.

Digital signatures:

A digital signature is (most often) a message digest encrypted with someone's private key to certify the contents. This process of encryption is called signing. Digital signatures can perform two different functions, both very important to the security of your system:

Integrity - A digital signature indicates whether a file or a message has been modified.

Authentication - A digital signature makes possible mathematically verifying the name of the person who signed the message.

A third function that is quite valuable in some contexts is called non-repudiation. Non-repudiation means that after you have signed and sent a message, you cannot later claim that you did not sign the original message. You cannot repudiate your signature, because the message was signed with your private key

Digital signature algorithm:

DSA Parameters:

A DSA digital signature is computed using a set of domain parameters, a private key x, a per message secret number k, data to be signed, and a hash function. A digital signature is verified using the same domain parameters, a public key y that is mathematically associated with the private key x used to generate the digital signature, data to be verified, and the same hash function that was used during signature generation. These parameters are defined as follows:

p a prime modulus, where 2L–1 < p < 2L, and L is the bit length of p. q a prime divisor of (p – 1), where 2N–1 < q < 2 N, and N is the bit length of q. g a generator of the subgroup of order q mod p, such that 1 < g < p.x the private key that must remain secret; x is a randomly or pseudo randomly generated

integer, such that 0 < x < q, i.e., x is in the range [1, q–1].

y the public key, where y = gx mod p.k a secret number that is unique to each message; k is a randomly or pseudo randomlygenerated integer, such that 0 < k < q, i.e., k is in the range [1, q–1].

Digital Signature Standards(DSS):

This Standard defines methods for digital signature generation that can be used for the protection of binary data (commonly called a message), and for the verification and validation of those digital signatures. Three techniques are approved.

(1) The Digital Signature Algorithm (DSA) is specified in this Standard. The specificationincludes criteria for the generation of domain parameters, for the generation of public andprivate key pairs, and for the generation and verification of digital signatures.

(2) The RSA digital signature algorithm is specified in American National Standard (ANS)X9.31 and Public Key Cryptography Standard (PKCS) #1. FIPS 186-3 approves the useof implementations of either or both of these standards, but specifies additionalrequirements.

(3) The Elliptic Curve Digital Signature Algorithm (ECDSA) is specified in ANS X9.62.FIPS 186-3 approves the use of ECDSA, but specifies additional requirements.Recommended elliptic curves for Federal Government use are provided herein.

This Standard includes requirements for obtaining the assurances necessary for valid digitalSignatures.

E mail Security:

Secure Email Services:

Confidentiality

Message Integrity

Sender Authentication

Security mechanisims:

Detached signature

Leaves the original message untouched Signature can be transmitted/stored separately Message can still be used without the security software

Signed message

Signature is always included with the data.

Pretty Good Privacy: (PGP)

Pretty Good Privacy was originally developed by Phillip Zimmerman to provide a means of secure communication in an insecure electronic environment. “Pretty Good” is an understatement – the framework it is based on, PKI (Public Key Infrastructure) and its encryption standards (it can use Diffie-Helman or RSA algorithms of varying strengths),have been subjected to rigorous cryptanalysis.

Working of PGP:

When someone starts using PGP, they generate a Key Pair. These are really just text files that look like gibberish to a human. The keys can be created at various levels of strength – 512, 1024, or 2048 bit strengths are used. The higher the number, the stronger the encryption value of the key. One key of the pair is the Private key – this

key should always be kept safe and never given to anyone. The other key is the public key – this keyshould be given to as many people as possible.

Uses of PGP:

The most commonly used aspect of PGP is the signing and encryption of email or files. “Signing” a document is a way of verifying the integrity of the original work. Themethod is as follows:

1. Make a digest or “hash” of the file or email. A hash is an algorithm thatproduces (theoretically) a unique output (the hash) from a given input (themessage).2. Add the hash to the end of the message.3. When someone wants to verify that the message has not been modified, theyrun the hash algorithm on the message and compare it to the hash at the end ofthe message. If the signatures match, the message has not been altered.

Example:

This is demonstrated in the following example:

The hash algorithm: take every third letter of the message (ignore punctuation),and convert the letter to a number (a=1, b=2…z=26). Add the numbers together.

The message:Hello, This is a sample message to demonstrate signatures.The hash algorithm in progress:

Hello, This is a sample message to demonstratesignatures.

12 +20 +19 +1 +13 +5 +19 +7 +15 +13 +19 +1 +19 +14 +21 +19= 217 (therefore the hash value is 217)

The message after adding the hash value becomes:Hello, This is a sample message to demonstrate signatures.Hash value: 360

If the message is altered, the hash value will not be the same.Altered message:Hello, This is an altered message to demonstrate signatures.

Creates a new hash:Hello, This is an altered message to demonstratesignatures.12 +20 +19 +1 +12 +18 +13 +19 +5 +4 +15 +20 +20 +9 +1 +18= 206 (therefore the hash value is 206)

Since the hashes are not equal, the message has been altered.Actual hashing algorithms are much more complex. Additionally, the hashingalgorithm is used in conjunction with the user’s private key in such a way that thesignature is unique.

That is, if different people (thus different private keys) signed thesame email, the signatures would be different. Then the public key of the key pair is used to compare the hash created by the private key, and if the hashes match, then two thingsare assured: 1) The message has not been modified since signing 2) the signature was not be forged.