16. Prototypes of Authentication A B : APubKey { B , r B } A B : r B DA F, Ack A B : APubKey { B , r B } DA F, NoAck A B : APubKey { B } DA Destination Authentication (DA) A B : r B A B : APriKey { B , r B } OA F A B : TS A , APriKey { B , TS A } OA S A B : APriKey { B } OA Origin Authentication (OA) A B : r B A: Ap riKey { B , r B } IA F A : ApriKey { B } IA Ø Implicit Authentication (IA) Example Authentication Type
17. Prototypes of Mutual Authentication 1. A B: r A 2. A B: r B A: APriKey { B , r B } B: BPriKey { A , r A } IA F -IA F A: APriKey { B } B: BPriKey { A } 1. A B: BPubKey { A } DA 1. A B: r A B: IA F- Example Prototype
18. Prototypes of Mutual Authentication 1. A B: r A 2. A B: APubKey { B , r B , BPriKey { A , r A } } or, 1. A B: r A 2. A B: BPriKey { A , r A , APubKey { B , r B } } OA F - DA F , NoAck 1. A B: r A 2. A B: BPriKey { A , r A }, r B 3. A B: APrikey { B , r B } OA F -OA F 1. A B: r A , TS A , APriKey { B , TS A } B: BPriKey { r A } IA F -OA S Example Prototype
19. Prototypes of Mutual Authentication 1. A B: BPubKey { A , r A } 2. A B: APubKey { B , r B }, r A 3. A B: r B DA F,Ack -DA F,Ack 1. A B: BPubKey { A , r A } 2. A B: APubKey { B , r B } DA F,NoAck -DA F,NoAck 1. A B: BPubKey { A , r A } 2. A B: r A , r B 3. A B: APriKey { B , r B } DA F,Ack -OA F 1. A B: BPubKey { A , r A , TS A , APriKey { B , TS A } } or, 1. A B: TSA , APriKey { B , TS A , BPubKey { A , r A } } DA F,NoAck -OA S Example Prototype
. Origin Authentication (OA): If a protocol contains a message which is generated applying a private key on random nonce i.e. the message is of the form APriKey {·} then we say the protocol provides origin authentication of the entity . Destination Authentication (DA ): If a protocol contains a message which is generated by application of public key on randomly generated nonce i.e. the message is of the form APubKey {·} then it provides destination authentication of the entity A . Implicit Authentication (IA): If a protocol contains no message of the form APriKey {·} or APubKey {·}, but still requires entity A to compute a value of the form APriKey { ·}, then we say that the protocol provides implicit authentication of A.
IA F - ( Implicit Authentication with forced challenge and no msg from the prover ) implies that the message does not contain any message of the form APriKey {·} or ApubKey {·}, but still requires the verifier (A ) to compute a value of the form ApriKey { ·} and there is no subsequent response from the prover (B) it just computes the msg BPriKey { r A } for eg. ISO/IEC key agreement mechanism 2 DA ( Destination Authentication with forced challenge and no message from the prover) implies the verifier does not contain any message of the form APriKey {·} or ApubKey {·}, and asks the prover to compute message BPubKey { A } which it keeps with itself and does not send it back to the verifier for eg. ISO/IEC key transport mechanism 1 IA -IA (Implicit Authentication with no challenge- Implicit Authentication with no challenge): There is no message exchange of the form APriKey {·} or ApubKey {·}, and both entities A and B generate data of the form A: APriKey { B } B: BPriKey { A }, respectively Eg. ISO/IEC key agreement mechanism 1 IA F -IA F (Implicit Authentication with forced challenge- Implicit Authentication with forced challenge) : Both entities A and B exchange random nonce r a and r b to compute A: APriKey { B , r B }, B: BPriKey { A , r A } respectively and no message exchange of the form APriKey {·} or ApubKey {·} takes place. Eg ISO/IEC key agreement mechanism 5, Goss protocol.
IA F -OA S Implicit Authentication with forced challenge-Origin Authentication with self challenge In this protocol the verifier A sends a random nonce, time stamp and the message APriKey {B, TS A } and the prover generates the message BPriKey {r A } its examples include ISO/IEC key agreement mechanism 3, Nyberg-Rueppel key agreement protocol Origin Authentication with forced challenge - Origin Authentication with forced challenge is the class of those types of protocols where the prover gets the random nonce r A from the verifier encrypts in to the form BPriKey { A , r A }, r B and the receiver send the message of the form APriKey {B, r B }, eg ISO/IEC key transport mechanism 5, ASPeCT protocol for UMTS OA F - DA F , NoAck (Origin Authentication with forced challenge – destination authentication with forced challenge and no acknowledgment ) describes the protocols where the random nonce generated at the receiver end and the prover send a data of the form APubKey it may contain a nested encrypted values. ISO/IEC key transport mechanism 4, Beller-Yacobi’ s two-pass protocol
DA F,NoAck -OA S Destination Authentication with forced challenge and no acknowledgment and Origin Authentication with self challenge have just one message exchange, since it is a self challenge it may contain some time stamp. Verifier A sends the message which contains A’s Private key encrypted message embed inside a public key encrypted message of prover B along with its time stamp or B’s Public Key message inside A’s private Key’s message. Eg. ISO/IEC key transport mechanism 2, North American PACS public key AKA protocol. DA F,Ack -OA F Destination Authentication with forced challenge and Acknowledgment and Origin Authentication with forced challenge has the message exchange such that A sends public key encrypted message to B which responds by sending decrypted nonce r A and its own generated random nonce r B . Verifier then sends private decrypted message back to the prover to authenticate himself eg Boyd-Park protocol The last two prototypes namely DA F,NoAck -DA F,NoAck ( Destination Authentication with no acknowledgment- Destination Authentication with no acknowledgment) and DA F,Ack -DA F,Ack ( Destination Authentication with acknowledgment- Destination Authentication with acknowledgment) have similar message exchange i.e. A sending message encrypted as BPubKey {} and B sending a message as APubKey {}, the only difference bieng with the fact that as latter is a prototype with acknowledgment, we have acknowledgments in the form or r A and r B ’s respectively . Eg. SKEME protocol ( DA F,NoAck -DA F,NoAck ) and ISO/IEC key transport mechanism 6, Needham-Schroeder public key protocol ( both for DA F,Ack -DA F,Ack )