Security Handshake Pitfalls
For proper security, authentication, integrity protection an encrypting of information is applied. There are varied protocols applied which have varied tradeoffs. Certain security breaches are found more in one area than the other. Skills are needed when designing security attributes.
In login in, the past protocols involved use of name and password. This was later surpassed by a cleartext authentication mechanism composing of cryptographic reaction. In the shared secret, one notation is cryptographically changed with the tow users sharing a secret key. This is done by hashing through concatenating the transformation and the users and computing and information digest on the outcome (Chapter 11: Security Handshake Pitfalls, 2012). The method does not allow eaves dropping so as to acquire the key ( ). This technique is advancement over the application of passwords, there are however some disadvantages.
The mode of authentication is not common. One of the users authenticates the other but the other way round. A third party has the ability to hijack a conversation after the first communication between, in this case Alice and Bob. The third party has the ability to guess the password when he or she knows the cryptograph and the notation. The other person who goes over the database at one of the users is able to impersonate the other user. It several instances it is hard to protect the worksheet at the prior user. Even with these disadvantages, with inadequate means to increase security, substituting the cleartext password transmission is very important in security development.
A small difference exists with the protocol for login in using password and name. This protocol needs reversible cryptography like a secret key technique. The use of password and a name is undertaken by a hash function, for instance, the notation may be the information digest of the key concatenated with the cryptograph. However using a shared key has to be reversed by what the user has undertaken to acquire the key. The instance that the notation of the two users is acquired from the password it risks dictionary attack. The transformation has small period of existence.
The authentication of users centered on synchronized clocks and a shared secret key, needs that the users to have synchronized clocks. One user encrypts the present time while the other user decrypts the outcome and ensures the outcomes is acceptable. The effect of the change is; ease to increase the protocol design for transfer of cleartext passwords, more proficient, impersonating a user is done using suitable clock skew, security threat occurs with multiple servers with a user using similar secret key, ability to reuse encrypted timestamps and time setting requires security authority.
In login in, computing of the protocol notations for the users may be undertaken using a secret key encryption technique or concatenating with cryptograph transformation or hashing it. This is applicable in timestamps.
In a one-way public key, the protocols may be avoided using a public key signature. Here one user, Alice, signs; changes the cryptograph by using her private key. The other user, Bob will assert Alice’s signature by using her public key and agree to login in if the outcome coincide. The significance of this protocol is that the worksheet for Bob is not subtle on security to an intruder going over it. The database belonging to Bob has to be safeguarded from unacceptable changes though not from unacceptable revelation.
It is here that Bob selects the transformed cryptograph, encrypts it by Alice’s key, which decrypts it so as to acquire the information. There are however other public key methods that do not use signs. In using a public key signature and decrypting a message with a public key, there is bound to be errors. The latter, one may be tricked in assenting.
Strong Password Protocols
When one desires to use a workstation to access the server to meet another user, Bob. The user, Alice just has a password; she may use it to authenticate herself to another server. This is one by passing it over the wire open, undertaking a Diffie-Hellman interchange to acquire the secret key and an encoded tunnel and transmit the password over the encoded tunnel, generating an SSL interface by using acknowledged anchors designed into the client device and server certificate offered by anchors for Alice’s machine to validate Bob and transmit the password SSL-encoded to Bob, computing a hash of Alice’s password and apply it as a secret key, applying a onetime password method like Lamport’s Hash, and applying a strong protocol.
The Lamport’s Hash is below standard memory that operates backwards. This method provides Bob ability to allow Alice in a manner that does make it easy to imitate Alice, is applied with no public key cryptography (Chapter 12: Strong Password Protocols, 2012). There is the security weakness known as small n attack; an invader imitates Bob’s network address and does the same to Alice once accesses Bobs network with the n being bigger than 50. This may be hindered if Alice does a sanity check on the n.
The strong password protocols are created in way that those who eavesdrop or imitate others may not acquire enough data to undertake off-line authentication guesses.
The basic form is called the EKE for encoded key interchange. This form allows Alice and Bob to share secret W. a Diffie-Hellman interchange is done. This protocol is rather sensitive. These methods do more than to secure; there is precise execution specifics so as to do away with eavesdropping. The proper design does away with password guesses. There is however other vulnerabilities which SPEKE is prone to, they are done away with by selecting a p which is lower than power 2. The SPEKE susceptibility is evaded by guaranteeing that W is a perfect square password and squared by mod p to acquire W. the PDM is computer intensive for the user machine.
In the augmented strong password protocols, it involves the EKE, SPEKE and PDM arrangements as well as the SRP. The server keeps a quantity factor from the password applied to verify the password; however the user device is needed to know the password. It is complicated in EKE and too slow in PDM.
In the strong password credentials download protocols, credentials is applied to prove you are authorized to undertake something. If one does not have a smart card, one may as well as have access using a private key through downloading from the directory which is safe as the data which require integrity-safeguarding may be signed using a private key. In the acquisition of a private key, a strong password protocol is applied. It is placed in a directory, encrypted with a client password. One may apply traditional access control to acquire a quantity. These protocols are perfect for downloading credentials. These downloads do not have an extra aspect of security.
References
Anonymous (2012). Chapter 11: Security Handshake Pitfalls.
Anonymous (2012). Chapter 12: Strong Password Protocols.
