Scribd
Upload
76 views7 pages

Remote User Authentication Protocols

The document discusses remote user authentication using asymmetric encryption, highlighting the role of the authentication server (AS) in providing public-key certificates without distributing secret keys. It outlines various protocols for mutual and one-way authentication, noting the disadvantages of existing methods that require knowledge of public keys. A new approach is proposed, emphasizing efficiency based on whether confidentiality or authentication is the primary concern, utilizing digital signatures and certificates for assurance.

Uploaded by

Malkapurapu Sivamanikanta
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
76 views7 pages

Remote User Authentication Protocols

The document discusses remote user authentication using asymmetric encryption, highlighting the role of the authentication server (AS) in providing public-key certificates without distributing secret keys. It outlines various protocols for mutual and one-way authentication, noting the disadvantages of existing methods that require knowledge of public keys. A new approach is proposed, emphasizing efficiency based on whether confidentiality or authentication is the primary concern, utilizing digital signatures and certificates for assurance.

Uploaded by

Malkapurapu Sivamanikanta
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd

Session 15

Remote User Authentication Using Asymmetric


Encryption
Mutual Authentication

• PROTOCOL:1
contd
• The central system is referred to as an authentication server (AS),
because it is not actually responsible for secret-key distribution.

• Rather, the AS provides public-key certificates.

• The session key is chosen and encrypted by A; hence, there is no risk


of exposure by the AS.

• The timestamps protect against replays of compromised keys.


Protocol :2(Another approach, proposed by Woo and Lam
[WOO92a], makes use of nonces. )
Protocol 3:
One way Authentication
Disadvantages of the Existing Protocols:

• Approaches require that either the sender know the recipient’s


public key 502 CHAPTER 15 / USER AUTHENTICATION (confidentiality),
the recipient know the sender’s public key (authentication), or both
(confidentiality plus authentication).

• In addition, the public-key algorithm must be applied once or twice to


what may be a long message.
New Approach
1. If confidentiality is the primary concern, then the following may be
more efficient:
2. If authentication is the primary concern, then a digital signature
may suffice,
3. To counter such a scheme, both the message and signature can be
encrypted with the recipient’s public key.
4. An effective way to provide this assurance is the digital certificate,

You might also like