For authentication, if 2 persons know a secret then we just require to prove that no third person may have generated the message. But for Non-repudiation we need to show that even the sender could not have created the message. So authentication is easier than Non- repudiation. To make sure all this, we take the help of cryptography. We can have 2 kinds of encryption:
1. Symmetric Key Encryption: There is a single key which is shared between the two users and the same key is used for encrypting and decrypting the message.
2. Public Key Encryption: There are two keys with each user : a public key and a private key. The public key of a user is identified to all but the private key is not known to anyone except the owner of the key. When a user encrypts a message in his private key then it can be decrypted by anyone by using the sender's public key. When wewant to send a message securely then we encrypt the message in the public key of the receiver which can only be decrypted by the user with his private key.
Symmetric key encryption is much faster and efficient in terms of performance. Other than it does not give us Non-repudiation. And there is a trouble of how do the two sides agree on the key to be used assuming that the channel is insecure (others may snoop on our packet). In symmetric key exchange, we require some amount of public key encryption for authentication. Yet, in public key encryption, we could send the public key in plain text and so key exchange is trivial. But this does not authenticate anyone. So along with the public key, there needs to be a certificate. Therefore we would need a public key infrastructure to distribute such certificates in the world.
Key Exchange in Symmetric Key Schemes
We will first look at the case where we can use public key encryption for this key exchange. . The sender 1st encrypts the message using the symmetric key. After that the sender encrypts the symmetric key first using it's private key and then using the receiver's public key. Therefore we are doing the encryption twice. Again,If we send the certificate also along with this then we have authentication also. As a result what we finally send looks like this:
Z : Certificatesender + Publicreciever ( Privatesender ( Ek ) ) + Ek ( M )
Here Ek stands for the symmetric key and Ek ( M ) for the message which has been encrypted in this symmetric key.
However this still does not ensure integrity. The reason is that if there is a few change in the middle element, then we may will not get the correct key and hence the message which we decrypt will be junk. Therefore we need something similar to CRC but slightly more complicated. This is because someone might change the CRC and the message consistently. This function is known Digital Signature.
Digital Signatures
Suppose A has to send a message to B. A calculates a hash function of the message and then sends this after encrypting it using its own private key. This contains the signature produced by A. B could now decrypt it, recompute the hash function of the message it has
Key Distribution Centre
There is a middle trusted node called the Key Distribution Center ( KDC ). each node has a key which is shared between it and the KDC. Because no one else knows node A's secret key KA, KDC is certain that the message it received has come from A. When A wants to speak with B it could do 2 things:
1. A sends a message encrypted in it's key KA to the KD and after that The KDC then sends a common key KS to both A and B encrypted in their respective keys KA and KB. A and B could communicate safely using this key.
2. Or else A sends a key KS to KDC saying that it wants to talk to B encrypted in the key KA. KDC will send a message to B saying that A wants to converse with you using KS.
There is a difficulty with this execution. It is prone to replay attack. The messages are in encrypted form and therefore would not make sense to an intruder but they could be replayed to the listener again and again with the listener believing that the messages are from the correct source.After this, when A send a message KA(M), C could send the same message to B by using the IP address of A. A result to be used is to use the key only once. If B sends the 1st message KA(A,KS) also alongside with K(s,M), then again we could have trouble. In case this occurs, B should accept packets just with higher sequence numbers.
To prevent this, we can use:
- Timestamps which however don't generally work because of the offset in time among machines. Synchronization over the network becomes a problem.
- Nonce numbers which are like ticket numbers. B will accepts a message only if it has not seen this nonce number before.
Email based Computer Science assignment help - homework help at Expertsmind
Are you searching Computer Science expert for help with Encryption for Authentication questions? Encryption for Authentication topic is not easier to learn without external help? We at www.expertsmind.com offer finest service of Computer Science assignment help and computer science homework help. Live tutors are available for 24x7 hours helping students in their Encryption for Authentication related problems. We provide step by step Encryption for Authentication question's answers with 100% plagiarism free content. We prepare quality content and notes for Encryption for Authentication topic under computer science theory and study material. These are avail for subscribed users and they can get advantages anytime.
Why Expertsmind for assignment help
- Higher degree holder and experienced experts network
- Punctuality and responsibility of work
- Quality solution with 100% plagiarism free answers
- Time on Delivery
- Privacy of information and details
- Excellence in solving computer science questions in excels and word format.
- Best tutoring assistance 24x7 hours