Cryptographic Authentication 2010

CRYPTOGRAPHIC AUTHENTICATION
For DEPARTMENT OF COMPUTER APPLICATIONS,CUSAT A Seminar report Submitted for partial fulfillment of Degree of Master Of Computer Applications By NIRMAL PODDAR

DEPARTMENT OF COMPUTER APPLICATIONS COCHIN UNIVERSITY OF SCIENCE AND TECHNOLOGY KOCHI- 682022 KERALA.

Cryptographic Authentication

Page 1

Cryptographic Authentication 2010

Certificate
Certified that this bonafide record of seminar entitled

SECURE EMAIL SYSTEM

Done by

NIRMAL PODDAR

of the

Vth

semester, Department of Computer Applications in

the June 2010 in partial fulfillment of the requirements to the award of Degree of Master of Computer Applications Of Cochin University Of Science and Technology.

Dr. K. V. Pramod

Seminar Report

Head Of Department

Cryptographic Authentication

Page 2

Cryptographic Authentication 2010

CONTENTS 
Introduction to Cryptography  Cryptographic Authentication  Three Basic Cryptographic Methods o Something you know  Password, OTP o Something you have  Smart Card, ATM Card , OTP Card o Something you are  Finger Print  Multifactor Authentication  Other cryptographic Authentication Methods o Password o One Time Password o Public Key Cryptographic  Elliptic Curve Cryptography o Zero Knowledge Proofs  Fiet ± Shamir Protocol  Ali ± Baba¶s Cave o Digital Certificate

Cryptographic Authentication

Page 3

Cryptographic Authentication 2010 Cryptography is a method of storing and transmitting data in a form that only those
it is intended for can read and process. It is a science of protecting information by encoding it into an unreadable format. Cryptography is an effective way of protecting sensitive i nformation as it is stored on media or transmitted through network communication paths. Although the ultimate goal of cryptography, and the mechanisms that make it up, is to hide information from un authorized individuals, most algorithms can be broken and the information can be revealed if the attacker has enough time, desire, and resources. So a more realistic goal of cryptography is to make obtaining the information too work -intensive to be worth it to the attacker. The first encryption methods date bac k to 4,000 years ago and were considered more of an ancient art. As encryption evolved, it was mainly used to pass messages through hostile environments of war, crisis, and for negotiation processes between conflicting groups of people. Throughout history, individuals and governments have worked to protect communication by encrypting it. As time went on, the encryption algorithms and the devices that used them increased in complexity, new methods and algorithms were continually introduced, and it became an integrated part of the computing world.

Cryptography Definitions
Algorithm Set of mathematical rules used in encryption and decryption Cryptography Science of secret writing that enables you to store and transmit data in a form that is available only to the intended individuals Cryptosystem Hardware or software implementation of cryptography that transforms a message to cipher text and back to plaintext Cryptanalysis Practice of obtaining plaintext from cipher text without a key or breaking the the encryption Cryptology The study of both cryptography and cryptanalysis Cipher text Data in encrypted or unreadable format Encipher Act of transforming data into an unreadable format Decipher Act of transforming data into a readable format
Cryptographic Authentication Page 4

Cryptographic Authentication 2010
Key Secret sequence of bits and instructions that governs the act of encryption and decryption 

Cryptographic authentication : 
The process of identifying one s identity  Authentication is the process of reliably verifying the identity of someone (or something)  A computer authenticates another computer  A computer is authenticates a person  User s secret must be remembered by the user  Authentication is the concept of proving user identity, typically in or to establish communication order to gain access to a system or network. 

There are three basic authentication means by which an individual may authenticate his identity : 
Something you have
o Can be stolen  Such as key , card 

Something you know
o Can be guessed , shared , stolen  Such as password , 

Something you are
o Can be costly , copied  Such as biometrics

Cryptographic Authentication

Page 5

Cryptographic Authentication 2010

Something you Know
Authentication based on what you know
Alice I am alice ,my password is 123axc235 Bob 

Problem :
Eavesdropping Solution -> Cryptography based 

Storing User Password : Password cannot stored as in clear text Store hashed password Password should be encrypted when you enter to login  Pros : It is simple to use . It is simple for understanding by user .  Cons : It can be guessed . It can be cracked easily .
To avoid the problem of using same password each time ,it s alternative One Time Password (OTP) has been developed . But it is difficul t to remember new password each time .

Something you have 
OTP Cards (e.g. SecurID): It is an electronic device that generates new password
each time. When the code button is pushed a new dynamic password is displayed on the card. The card is based on event-synchronous dynamic password system. The cryptoalgorithm incorporated in the card uses a counter that stays "in sync" with the server based on the number of passwords generated.

Cryptographic Authentication

Page 6

Cryptographic Authentication 2010 
Smart Card: A smart card is more useful and secure than a magnetic strip card.
The card can hold up to 80 times more data and is much harder to copy a chip than magnetic strip. Data is protected because it is encrypted inside the chip. Although it is not possible to steal data from the chip, the high cost and computing power required deters criminals. The memory chip requires authentication before stored data is unlocked.

Smart card uses 
In money people use smart cards to access their individual bank accounts and withdraw money or check their account information. 

Telephone calls prepaid telephone cards are credited with a number units to make calls  Cell Phones Smart cards in cell phones contain subscriber information to identify the user to the network.  Computer Security to gain access to a personal computer, a smart card can authenticate the user.  Travel Many subway systems use prepaid smart cards instead of tickets, passengers swipe their cards to gain access.  Health smart cards provide an easy and safe way of storing and checking confidential medical information. 

tamper-resistant, stores secret information, entered into a card-reader  ATM Card : An ATM card is a plastic card that looks like a credit card. It allows you to do
the same things at a bank machine or Automatic Teller Machine (ATM) as you would at a bank. You can get cash, deposit money, check account balances, and receive a copy of your statement all electronically by using your ATM card and the password to your account, which is called your Personal Identification Number, or PIN. 

Strength of authentication depends on difficulty of forging

Cryptographic Authentication

Page 7

Cryptographic Authentication 2010

Something you are
Biometrics :
Biometrics is the method to recognize or verify the identity of an individual based on its unique physiological or behavioral characteristics such as Fingerprint, face, palm, iris, retinal, vein, voice and handwriting. Fingerprint verification is the most established and matured biometrics techniques. We will only focus on fingerprint technology hereafter.

Why biometrics?
Biometrics authenticates an individual based on its unique characteristics. One can consider himself as his own password, which can hardly be forgotten, stolen and forged. Thus, biometrics provides a securer solution comparing with PIN or Smart Card identification. Biometrics can also be widely found in many other applications such as time attendance management.

What are the biometrics applications?
The need for biometrics can be found in most of the security departments, military, government and commercial applications. One of the major biometrics applications is access control. PIN and Smart Card system recognize the PIN or the card instead of you - it identifies what you posses. In other words, someone can claim that he is you by using your PIN or you r smart card. However, a biometrics system with fingerprint technology recognizes your finger instead of the PIN or card - it identifies who you are. It will never grant access to anyone else except you. Another major biometrics application is time atten dance management. Most of the existing time attendance systems are based on smart card. Lost and damaged cards and cheating on the system can lead to huge financial loss to the company. Using employee's fingerprint to mark attendance instead is far more accurate, efficient, cost saving and cheat proof. The daily attendance report can help the HR manager to save a bundle of time.

There are various types of Biometrics Authentication Methods : Finger Print , Iris ,Retinal ,DNA ,etc. All of these are used widely by users . It is easy to use .
Cryptographic Authentication Page 8

Cryptographic Authentication 2010 Two Factor Authentication
The two components of two factor authentication are: Something you know Something you have Traditional authentication schemes used username and password pairs to authenticate users. This provides minimal security, because many user passwords are very easy to guess. In two factor authentication, the password still provides the something you know component. In the most common implementations of two factor authentication, the something you have component is provided by a small token card. The token card is a compact electronic device which displays a number on a small screen. By entering this number into the system when you attempt to authenticate (login), you prove that that you are in posse ssion of the card. 

Multi-factor authentication, sometimes called strong authentication, is an extension of two-factor authentication. While two-factor authentication only involves exactly two factors, multi -factor authentication involves two or more factors. Thus, every two-factor authentication is a multi-factor authentication, but not vice versa.

Other cryptographic Authentication Methods
Various cryptographic Authentication Methods are used .Some of these are as follow :
Password One Time Password Public Key Cryptography Zero Knowledge Proofs Digital Signature

Password :
What is password security?

In order to keep your information secure you must keep your password secure. The following are not the only ways to keep your password secure but they are a good start:
Cryptographic Authentication Page 9

Cryptographic Authentication 2010
y y y y y y

Use passphrases (see below). Do not keep your password in open and public spaces (no sticky notes on your monitors!). Change your password periodically. Do not use the same password for everything. If you think your password may have been compr omised, change it immediately. Never tell anyone your password.

Passphrase versus password:

Passphrases are more secure than passwords because they are generally longer, making them less vulnerable to attack. With technology increasing every day we strongly recommend using passphrases to secure your accounts.

Passphrase selection:
y y y y

Long enough to be hard to guess (eg, automatically by a search program, as from a list of famous phrases). Not a famous quotation from literature, holy books, etc. Hard to guess by intuition even by someone who knows the user well. Easy to remember and type accurately. 

One time passwords :

For application that requires higher level of security than static password can deliver , the KerPass mobile client allows setting a dedicated token that generates OATH (time synchronous) one time password. A new "PassCode" can be generated every 30 seconds , and it remains valid for at most 5 minutes.

Cryptographic Authentication

Page 10

Cryptographic Authentication 2010 

Public Key Cryptography : Public key cryptography was invented

in 1976 by Whitfield Diffie and Martin Hellman. For this reason, it is sometime called Diffie-Hellman encryption. It is also called asymmetric encryption because it uses two keys instead of one key ( symmetric encryption).

Public-key encryption (also called asymmetric encryption) involves a pair of keys--a public key and a private key--associated with an entity that needs to authenticate its identity electronically or to sign or encrypt data. Each public key is published , and the corresponding private key is kept secret . Data encrypted with your public key can be decrypted only with your private key. Figure shows a simplified view of the way public-key encryption works.

Figure

Public-key encryption

The scheme shown in Figure , lets you freely distribute a public key, and only you will be able to read data encrypted using this key. In general, to send encrypted data to someone, you encrypt the data with that person's public key, and the person receiving the encrypted data decrypts it with the corresponding private key. One Important Authentication method : ECC 

ECC : Elliptic Curve Cryptography
an Elliptic Curve is a set of point on a curve real numbers a and b . For example
y 2 ! x3  ax  b

given certain

Elliptic Curve Groups: The set of points on an elliptic curve, plus a special
point g form and additive group. The addition of two points on an elliptic curve is defined geometrically, as shown in the following example.
Cryptographic Authentication Page 11

Cr

t

r

hi

uth

ti ti

2010

Ellip ic Cu v Encryp ion Algorith de e d on the diffic ty of c c ting kP whe e k is a product of two large primes and P is an element in the Elliptic Curve Group. Geometrically to add a point P to it self you first construct the tangent line to the curve at the point. Then the line will intersect the curve at only one point, and the addition of 2P is then defined to be the negative of the point of intersection as seen below. 
© ¨§ ¨© ¨§ ¦ ¥ £ ¤ ¢ ¡

Elliptic curve groups over real numbers are not practical for cryptography due to slowness of calculations and round-off error. This Elliptic Curves Over Finite Fields are used. An elliptic curve over a finite field Fp of characteristic greater than three can be formed by choosing the variables a and b within the field Fp .

Roughly speaking the elliptic curve is then the set of points ( x, y ) which satisfy the elliptic curve e uation y 2 ! x3  ax  b modulo p , where x, y  Fp ; together with a special point g
Cr t 

r

hi

uth

 

 

ti ti

P

Cr

t

r 

hi

uth

ti ti

2010

. If x3  ax  b contains no repeated factors, or e uivalently if 4a 3  27b 2 | 0(mod p) , then these points form a group. It is well known that EGC (the Elliptic Curve Group) is an additive abelian group with g serving as its identity element.

y |x

x (mod

) as 25 | 729  9(mod 23) .

The elements of this ECG are given in the pictured below.

Obviously we no longer have a curve to define our addition geometrically. Emulating the geometric construction for addition, the formulas for addition over Fp (characteristic 3) are given as follows: Let P ( x1 , y1 ) and Q ( x2 , y 2 ) be elements of the ECG. Then P  Q ! ( x3 , y3 ) , where x3 ! P 2  x1  x2 y3 ! P ( x1  x3 )  y1

and y ® 2  y1 ±x  x ±2 1 P!¯ 2 3 ± x1  a ± 2 y1 °
Cr t r hi uth ti ti

if if

P{Q P!Q  

Exa ple: In the ECG of y 2 ! x 
  

x 2 over the field F23 the point (9, 5) satisfies the e uation

P

Cryptographic Authentication 2010

These formulas can be easily calculated with computers. For field of characteristic 2 the equations for addition are worse! At the heart of every cryptosystem is a hard mathematical problem that is compu tationally infeasible to solve. The Discrete Logarithm Problem is the basis for the security of many cryptosystem including the Elliptic Curve Cryptosystem.

Definition of the Discrete Logarithm Problem : In the multiplication group Fpv , the discrete logarithm problem that is: Given elements r and q in Fpv , find a number k such that r ! qk (mod p) .

Similarly the Elliptic Curve Discrete Logarithm Problem is: Given points P and Q in an ECG over a finite field find an integer k such that Pk ! Q . Here k is called the discrete log of Q to the base P.

This doesn t seem like a difficul t problem, but if you don t know what k is calculating Pk ! Q takes roughly 2 k 2 operations. So if k is say, 160 bits long, then it would take about

280 operations!! To put this into perspe ctive, if you could do a billion operations per second, this would take about 38 million years. This is a huge savings over the standard public key encryption system where 1024 and 3074 bit keys are recommended. The smaller size of the keys for Elliptic Curve Encryption makes it idea for applications such as encrypting cell-phone calls, credit card transactions, and other applications where memory and speed are an issue. There are pros and cons to both ECC and RSA encryption. ECC is faster then RSA for signing and decryption, but slower than RSA for signature verification and encryption. Much of the material used in this paper can be found in the websites listed in the references.

Cryptographic Authentication

Page 14

Cryptographic Authentication 2010
Zero-Knowledge Proofs

Goldwasser, Micali, and Rackoff first put forward the basic notion of Zero -Knowledge Proof in 1985. Zero-Knowledge (ZK) protocol is an instance of interactive proof protocol. An interactive proof protocol is one that authenticates a prover to a verifier using challengeresponse mechanism. In this kind, the verifier can accept or reject the prover at the end of their communication.

The ZK protocol overcomes major concerns with widely used password based authentication. In a simple password based authentication, the verifier authenticates the prover based on a password. The verifier has some, if not complete, knowledge of the prover s password. The verifier can thus impersonate the prover to a third party with whom the prover may share the same password. The main objective of zero-knowledge protocol is to enable the prover convince the verifier that she knows the secret without revealing any information about the secret itself. ZK protocols are mostly probabilistic, where the proofs hold good with a very high probability of success, and are not necessarily absolute. So, the verifier may either accept or reject the proof after exchanging multiple messages. The messages consist of challenges and responses. The probability of error can be reduced to a desirable level by increasing the number of challenges and responses.

There are different variations of zero-knowledge protocols that exist. Some of them are Perfect ZK, Resettable ZK, Concurrent ZK, Statistical ZK etc.

Properties of Zero-Knowledge Proofs
ZK protocols derive their properties from interactive proof protocols.

Completeness: The protocol is considered complete, if it succeeds with a very high probability for an honest verifier and an honest prover. The acceptable level of probability depends on the application.

Soundness: The protocol is considered sound, if it fails for any other false assertion, given a dishonest prover and an honest verifier.

Cryptographic Authentication

Page 15

Cryptographic Authentication 2010
Advantages of Zero-knowledge proofs
Zero knowledge transfer As the verifier does not learn anything about prover s secret s (no knowledge transferred between two parties), he cannot impersonate the prover to a third person. Also the prover cannot cheat the verifier with several iterations of the protocol.

Efficiency The computational efficiency of ZK protocol is because of its interactive proofs nature. The costly computation related to encryption is avoided.

Degradation The security of protocol itself does not get degraded with continuous use as no information about the secret is divulged.

Unsolved mathematical assumptions

ZK protocols are based on various mathematical

Problems like discrete logarithms and integer factorization.
Fiat-Shamir Identification protocol

Fiat-Shamir identification protocol is an example of ZK protocol. In this protocol Alice proves to Bob her knowledge of a secret, s, using many rounds of three message challenge-responses.

Step1 - A random modulus, n, product of two large prime numbers p and q, is generated by a Trusted Party. The trusted party keeps the primes p and q secret and publishes n.

Step2 -Alice, the prover selects a secret s, relatively prime to n. Alice, then makes v (=s2) public.

Step3 -To prove her knowledge of the secret s, Alice chooses a random number r, (1e r e n-1) using a random generator. She sends x = r2 mod n, to Bob, the verifier. This is her commitment to authentication.

Step4 -Bob randomly sends either a 0 or a 1 as e, his challenge.

Cryptographic Authentication

Page 16

Cryptographic Authentication 2010
Step5 -Alice computes the response y = r se mod n, where e  {0,1} is the challenge she receives from Bob. Thus, depending on Bob s challenge, 0 or 1, Alice responds with r or, r.se mod n.

Step6 -Bob accepts the response upon checking y2 | x * ve mod n, and rejects if y = 0.

Steps 3-6 are repeated every time Alice wants to prove her knowledge of the secret, symbolically represented in Fig- 1.

A A A

B: x = r2 mod n B: e  {0,1} B: y = r * s e mod n

Fig ± 1 Fiat-Shamir Zero-knowledge protocol

After several iterations, with a very high probability Bob can verify Alice s identification. Also Alice s response in either case does not reveal the secret s (with y = r or y = r* s mod n).

Since the prover is required to commit a value (the random num ber r) before the verifier sends a challenge, the probability that a dishonest impersonator can authenticate as Alice is only ½. Repeating the above steps several times decreases the probability that an impersonator without knowledge of the secret can get the correct response.

It is important that Alice does not repeat the random number r. Bob can collect a set of Alice s responses and learn about the secret s, with repeated r. Later Bob can impersonate Alice to a third person.

Classic Example of Zero-Knowledge Proofs

Cryptographic Authentication

Page 17

Cryptographic Authentication 2010

Ali Baba¶s cave
Lets consider an example of Ali Baba s Cave. Alice wants to prove to Bob her knowledge of the secret to open the door R -S in the cave without revealing the secret.

Fig 2. Representation of Ali Baba s Cave

They work as follows:
Alice enters the tunnel and takes the path either R or S. Bob is not aware of this, standing outside the tunnel (P). Bob comes to Q and calls out Alice through either R or S. The probability that Alice comes out through the right tunn el is only ½ , if she does not know the secret. So bob can repeat this several times until he is convinced that Alice knows the secret to open the door. In this process, Bob doesn t learn the secret.

Real-Time Applications of Zero-Knowledge Proofs

ZK protocols are used for many real-time applications like authentication, e-voting, watermark verification, etc. Some products like Sky s VideoCrypt, Microsoft s NGSCB also use ZK protocols. Here, a few of them are mentioned.

Cryptographic Authentication

Page 18

Cryptographic Authentication 2010

Digital Signature
The Digital Signature Algorithm (DSA) is a United States Federal Government standard or FIPS for digital signatures. It was proposed by the National Institute of Standards and Technology (NIST) in August 1991 for use in their Digital Signature Standard (DSS).
A digital signature is an encrypted hash value. From our previous example, if Kevin wanted to ensure that the message he sent to Maureen was not modified and he wants her to be sure that it came only from him, he can digitally sign the message. This means that a one-way hashing function would be run on the message and then Kevin would encrypt that hash value with his private key. When Maureen receives the message, she will perform the hashing function on the message and come up with her own hash value. Then she will decrypt the sent hash value with Kevin s public key. She then compares the two values and if they are the same, she can be sure that the message was not altered during transmission. She is also sure that the message came from Kevin because the value was encrypted with his private key. The hashing function ensures the integrity of the message and the signing of the hash value provides authentication and nonrepudiation. The act of signing just means that the value was encrypted with a private key. The steps of a digital signature are outlined in Figure . We need to be clear on all the avail able choices within cryptography, because different steps and algorithms provide different types of security services: A message can be encrypted, which provides confidentiality. A message can be hashed, which provides integrity A message can be digitally signed, which provides authentication and integrity. A message can be encrypted and digitally signed, which provides confidentiality, authentication, and integrity. Some algorithms can only perform encryption, whereas others can perform digital signatures and encryption. When hashing is involved, a hashing algorithm is used, not an encryption algorithm.

Cryptographic Authentication

Page 19

Cr

t

r

hi

uth

ti ti

2010

K
p

ti

:

: Prime number where 2 L-1 < p < 2L For 512 <= L <= 1024 and L is multiple of 64; q : Prime devisor of (P-1) , where 2 159 < q < 2 160; g : h (p-1)/q mod p, where h is any integer with 1 < h < (p-1) such that h (p-1)/q mod p > 1

¶ Pi
X :

t K li K :

:

Random or Pseudorandom integer with 0 < x < q

¶ P
x

Y = g mod p

¶ P Si i :

M

S

t

K = random or pseudorandom integer with 0 < k < q

R = (g k mod) mod q S = [k -1(H(M) + xr)] mod q Signature = (r , s)

Cr

t

r

hi

uth

ti ti

P

Cr
Verif i :
w = (s ) -1 mod q u1 = [H(M )w] mod q 2 = r¶) q 2 ) = [ Test : = r¶ DSA is sed schemes ri i
! "!

t

r

hi

uth

ti ti

2010

]

q

ll

t e diffi lt f resented El

ti discrete l rit mal and Schnorr .

s

d is

sed

Cr

t

r

hi

uth

ti ti

P

Cryptographic Authentication 2010

Conclusion 
User authentication can be handled using one or more different authentication methods. Some authentication methods such as plain password authentication are easily implemented but are in general weak and primitive.  The fact that plain password authentication it is still by far the most widely used form of authentication, gives credence to the seriousness of the lack of security on both the Internet and within private networks.  Other methods of authentication, that may be more complex and require more time to implement and maintain, provide strong and reliable authentication (provided one keeps its secrets secret, i.e. private keys and phrases).

References
y y y

Cryptography and Network Security ,Principles and Practices ± William Stallings
http://en.wikipedia.org

www.google.com , etc

Cryptographic Authentication

Page 22