بخشی از پاورپوینت

--- پاورپوینت شامل تصاویر میباشد ----

اسلاید 1 :

فهرست مطالب

  • مقدمه
  • احرازاصالت ضعيف( كلمات عبور)
  • احرازاصالت قوي (مبتني بر سؤال و جواب)
  • پروتکل کربروس

اسلاید 2 :

  • Something you know (a PIN, or password).
  • Something you have:

–secureID card or other token, generating a one-time password.

–a key imbedded in a ‘secure area’

–a smartcard (which may have keys imbedded and can perform cryptographic operations on behalf of a user).

  • Something you are (a biometric).

اسلاید 3 :

  • With no constraints on choice of password

–15 were a single ASCII letter.

–72 were strings of two ASCII letters.

–464 were strings of three ASCII letters.

–47 were strings of four alphanumerics.

–706 were five letters, all upper-case or all lower-case.

–605 were six letters, all lower case.

اسلاید 4 :

  • In strong authentication, one entity ‘proves’ its identity to another by demonstrating knowledge of a secret known to be associated with that entity, without revealing that secret itself during the protocol.
  • Also called `challenge-response’ authentication.
  • Use cryptographic mechanisms to protect messages in protocol:

–Encryption.

–Integrity mechanism (e.g. MAC).

–Digital signature.

اسلاید 5 :

1.A     B:  ‘Hi Bob, I’m Alice’

2.B     A:  R  (challenge)

3.A     B:  {R || B}K  (response)

      (Here, {X}K means string X encrypted under key K, and || means concatenation of strings.)

اسلاید 6 :

  • Eve ‘sees’ R and {R || B}K. Because of idealised encryption, she should learn nothing about K.
  • Bob gets his challenge R back again, in an encrypted form that only Alice can prepare. This allows him to be sure of origin and integrity of the message.
  • But Mallory can impersonate Bob easily: so Bob not authenticated to Alice. Only unilateral authentication (of Alice to Bob).

اسلاید 7 :

  • Mallory can’t prepare the correct response {R || B}K to Bob’s challenge because he doesn’t know K.
  • But R must be unpredictable: otherwise Mallory can masquerade as Alice in a subsequent protocol run, replaying Alice’s response.

اسلاید 8 :

Replay Attack

  • The replay attack shows that origin and integrity checking are not enough – we also need a means of checking freshness of messages and liveness of principals.
  • Freshness: assurance that message has not been used previously and originated within an acceptably recent timeframe.
  • Liveness: assurance that message sent by a principal within an acceptably recent timeframe.
  • Three main methods for providing freshness:

–Nonce (Number used ONCE).

–Sequence numbers

–Time-stamps (clock-based or `logical’ time-stamps).

اسلاید 9 :

Standard bilateral Authentication

  • Alice and Bob share (strong) key k
  • Simple challenge-response type protocol: (Na,Nb - nonces)

اسلاید 10 :

  • SSH: Relies on public key
    • Similar protocols relying on public keys:

    –[SSL],[Halevi-Krawczyk],[Boyarsky],[Shoup]

در متن اصلی پاورپوینت به هم ریختگی وجود ندارد. برای مطالعه بیشتر پاورپوینت آن را خریداری کنید