Transcribed Image Text:

For instance, we studied how a dual-factor authentication works when a password generator is used: S → U : N U → P : N,PIN P → U : {N,PIN}x U → S: {N,PIN}K Can you modify the set of rules outlined above to describe the protocol of dual-factor authentication when a mobile device is involved? To receive full credit, please submit 1. a high-level overview of how the protocol would work 2. the description of the protocol using the formal notation

Transcribed Image Text:

• Where T represents the timestamp Protocols The Dual Factor Authentication S - u: N U → P: N,PIN P → U : {N,PIN}x U → S : {N,PIN}K • More specifically security protocols N? (N, PIN)x N? .... "specify the steps that principals use to establish trust relationships" Where • S: server • P: password generator The Case of the Garage U: User • K: encryption K Trust On First Use (TOFU) EXIT EXIT ENTRANCE PUBLIC PARKING PUBLIC Security module that handles • Trust software machine T → G : T, {T,N}KT • T: token (represented by serial number) Where Software tries to find machine ID • No id then ask the user (e.g. Whatsapp, Smart TV ...) • G: garage • N: "unique number" The Case of the Dual Factor Pay Pal a Authentication Remote Key Management S - U: N U → P: N,PIN P → U : {N,PIN}x U → S: {N,PIN}x N? KDC (A,B) (N, PIN}. KDC N? .... Where Alice KA-KDC(R1, KB-KDC (A,R1)) S: server knows R1 • P: password generator U: User Кв.кос (А, R1) (A,R1) Bob knows R1 • K: encryption K When do Protocols Fail? Alice, Bob communicate using shared session key R1 Remote Key Management (cont'd) • User authentication is heavily based on a protocol that uses a Password/PIN - Eavesdropping Using protocol notation A → S: A,B S → A : {A,B, KAB, T}Ks {A, B, KAB, T}Ks A → B : {A,B, KAB, T}Ks• {M}K People looking over your shoulder Fake login Webpage AB» • Devices capturing keystrokes Man-in-the-middle attack The Challenge-Response • Where T represents the timestamp Protocol Needham-Schroeder protocol E → T : N T → E : T, {T,N}K 10:24 Audi A4 - Today 10:24 AM 4th St, San Francisco, CA San Francisto Marriott Marquis Message 1 A → S : A,B,NA Message 2 S → A : {N4,B, KAB, {KAB,A}kng }Kns where Yerba Buena Gardens Samova • E is the engine controller O AMC Metreon te Message 3 A → B : {KAB,A}Kps • Tis the transponder K is the encryption key Mssage 4 B - А: (NB]к.. Moscone West Message 5 A - В: (NB — 1}к ла. Budget • N random challenge Howard St tinental In Practice Kerberos User is given Exit Enter • Developed by MIT User wants to enter User is presented with a challenge Yes User attempts the challenge access to the system the system • Network authentication tool No A → S : A,B S → A : {Ts,L, KAB, B, {Ts, L, KAB,A}Kpg }Kas A → B : {Ts,L, KAB,A}Kns• {A, TA}}K B → A : {TẠ+1}KR surce: https://www.geeksforgeeks.org/challenge-response-authentication-mechanism-cram/ S» • Challenge Response Authentication Mechanism (CRAM) AB» Completely Automated Public Turing Test Login Example: Microsoft ActiveDirectory Biometric