Authentication Methods

1. Introduction

Authentication is the process of determining whether someone or something is, in fact, who or what it says it is. Authentication technology provides access control for systems by checking to see if a user's credentials match the credentials in a database of authorized users or in a data authentication server.

2. Secret authentication key

2.1. Classic method

Alice declares to be A
Bob generates a random integer
Alice replies encrypting the received number, by using shared key between A and B
Alice generates a radom integer
Bob replies encrypting the received number, by using shared key between A and B

2.1.1. Reflection attack

Legend

First session
Second session

Alice declares to be A
The intruder declares to be B
A replies with a random integer
The intruder uses the integer received from A as the random integer
A replies with encrypted random integer
The intruder replies to A with the encrypted integer, sent by A in the first session
A sends a random integer
The intruder sends the random integer sent by A in the first session
A replies with the encrypted random integer
The intruder replies to A with the encrypted random integer, sent by A, in the second session

2.2. Simplified classic method

Alice declares to be A and sends a random integer
Bob replies encrypting the received number, by using shared key between A and B, and sending a new random integer
Alice replies encrypting the received number

2.1.1. Reflection attack

Legend

First session
Second session

The intruder sends a random integer
Bob replies with a random integer and with the encrypted intruder integer
The intruder uses the random integer received from Bob as the random integer
Bob replies with a new random integer and the encrypted intruder integer
The intruder shuts the second session and replies to A with the encrypted random integer, sent by A in the second session.