Friday, December 16, 2005

Authentication Schemes

Two parties are trying to authenticate each other using a shared private key. Listed below are two possible schemes for authenticating.

Scheme 1:
  1. A -> Establish Connection -> B
  2. A -> Send Challenge (X) -> B
  3. A <- Send Response Encrypted(X) <- B
  4. A validates encryption
  5. A <- Send Challenge (Y) <- B
  6. A -> Send Response Encrypted(Y) -> B
  7. B validates encryption
  8. Authenticated!
Scheme 2:
  1. A -> Establish Connection -> B
  2. A <- Send Challenge (X) -<- B
  3. A -> Send Response Encrypted(X) -> B
  4. B validates encryption
  5. A -> Send Challenge (Y) -> B
  6. A <- Send Response Encrypted(Y) <-B
  7. A validates encryption
  8. Authenticated!

Can either or both be exploited? How? Are there multiple vulnerabilities?
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)