What is user Authentication?
|
|
| User Authentication The main issue in security is key management. However, key management involves user authentication. We, therefore, briefly discuss these issues. |
| |
| User Authentication with Symmetric-Key Cryptography |
|
| In this section, we discuss authentication as a procedure that verifies the identity of one entity for another. |
|
| An entity can be a person, a process, a client, or a server; in our examples, entities are people. Specifically, Bob needs to verify the identity of Alice and vice versa. |
|
| Note that entity authentication, as discussed here, is different from the message authentication that we discussed in the previous section. |
|
| In message authentication, the identity of the sender is verified for each single message. |
|
| In user authentication, the user identity is verified once for the entire duration of system access. |
| |
| User Authentication with Public-Key Cryptography |
|
| We can use .public-key cryptography to authenticate a user. Alice can encrypt the message with her private key and let Bob use Alice’s public key to decrypt the message and authenticate her. |
|
| However, we have the man-in-the-middle attack problem because Eve can announce her public key to Bob in place of Alice. |
|
| Eve can then encrypt the message containing a nonce with her private key. Bob decrypts it with Eve’s public key, which he believes is Alice’s. Bob is fooled. |
|
| Alice needs a better means to advertise her public key; Bob needs a better way to verify Alice’s public key. |