[ Home | Class Roster | Syllabus | Status | Glossary | Search | Course Notes]
Need to separate
E = Encryption
D = Decryption
M = Message
one-way functions (invertible and easy to compute)
if y = f(x), then given y and f make it very difficult to find x
Trap-door functions (inverse is easy if you have the trap door - e.g. decryption key)
RSA (Rivest-Shamir-Adleman) method
Example:
p = 5, q = 11, n = 55, (p-1)*(q-1) = 20
choose d = 23
23 *e(mod 40) = 1
satisfied by e = 7
M | M ** 7 | C = M **7 mod 55 | C ** 23 | M = C **23 mod 55 |
8 | 2097152 | 2 | 8388608 | 8 |
9 | 4782969 | 4 | 70368744177664 | 9 |
51 | 897410677851 | 6 | 78930223053602816 | 51 |
Use Authentication Server AS
Problem: what is intruder plays back a old message from A to B to confuse B. I could verify by sending A a nonce identifier Ib encrypted by CK and have A send back Ib-1.
Can use timestamp's
Use server to verify got correct public key
Public Key
Private Key
Public Key:
More information can be found here.
by Dorothy E. Denning and Peter F.
MacDoran
Copyright(c), 1996 - Computer Security Institute - All Rights
Reserved
Existing user authentication mechanisms are based on information
the user
knows (e.g., password or PIN), possession of a device (e.g,
access token
or crypto- card), or information derived from a personal
characteristic
(biometrics). None of these methods are foolproof. Passwords and
PINs are
often vulnerable to guessing, interception or brute force search.
Devices
can be stolen. Biometrics can be vulnerable to interception and
replay.
A new approach to authentication utilizes space geodetic methods
to
form a time-dependent location signature that is virtually impossible to
forge.
The signature is used to determine the location (latitude,
longitude and
height) of a user attempting to access a system, and to reject
access if
the site is not approved for that user. With location-based
controls, a
hacker in Russia would be unable to log into a funds transfer
system
in the United States while pretending to come from a bank in Argentina.
Location-based authentication can be used to control access to
sensitive
systems, transactions or information. It would be a strong
deterrent to
many potential intruders, who now hide behind the anonymity
afforded by
their remote locations and fraudulent use of conventional
authentication
methods. If the fraudulent actors were required to reveal their
location in order to gain access, their anonymity would be significantly
eroded and
their chances of getting caught would increase.
Authentication through geodetic location has other benefits. It
can be
continuous, thereby protecting against channel hijacking. It can
be
transparent to the user. Unlike most other types of
authentication
information, a user's location can serve as a common
authenticator
for all systems the user accesses. These features make location-based
authentication a good technique to use in conjunction with single
log-on.
Another benefit is there is no secret information to protect
either
at the host or user end. If a user's authentication device is stolen,
use of the
device will not compromise the system but only reveal the thief's
location. A further benefit of geodetic-derived location signatures is that
they
provide a mechanism for implementing an electronic notary
function. The
notary could attach a location signature to a document as proof
that the
document existed at a particular location and instant in time.
The use of geographic location can supplement or complement other
methods
of authentication, which are still useful when users at the same
site have separate accounts and privileges. Its added value is a high level
of
assurance against intrusion from any unapproved location
regardless of
whether the other methods have been compromised. In critical
environments, for example, military command and control, telephone switching,
air
traffic control, and banking, this extra assurance could be extremely
important in order to avoid a potential catastrophe with reverberations far
beyond the
individual system cracked.
How it works
International Series Research (Boulder, CO) has developed a
technology for
achieving location-based authentication. Called CyberLocator, the
technology makes use of the microwave signals transmitted by the
twenty-four satellite constellation of the Global Positioning
System
(GPS). Because the signals are everywhere unique and constantly
changing
with the orbital motion of the satellites, they can be used to
create a
location signature that is unique to a particular place and time.
The
signature, which is computed by a special GPS sensor connected to
a small
antenna, is formed from bandwidth compressed raw observations of
all the
GPS satellites in view. As currently implemented, the location
signature
changes every five milliseconds. However, there are options to
create a
new signature every few microseconds.
When attempting to gain access to a host server, the remote
client is
challenged to supply its current location signature. The
signature
is then configured into packets and transferred to the host. The host,
which is
also equipped with a GPS sensor, processes the client signature
and
its own simultaneously acquired satellite signals to verify the client's
location
to within an acceptable threshold (a few meters to centimeters,
if
required).
For two-way authentication, the reverse process would be
performed.
In the current implementation, location signatures are 20,000 bytes. For
continuous authentication, an additional 20 bytes per second are
transferred. Re- authorization can be performed every few seconds
or
longer. The location signature is virtually impossible to forge
at the
required accuracy. This is because the GPS observations at any
given time
are essentially unpredictable to high precision due to subtle
satellite
orbit perturbations, which are unknowable in real-time, and
intentional
signal instabilities (dithering) imposed by the U.S. Department
of
Defense selective availability (SA) security policy. Further, because a
signature
is invalid after five milliseconds, the attacker cannot spoof the
location by replaying an intercepted signature, particularly when it is
bound to the message (e.g., through a checksum or digital signature).
Continuous
authentication provides further protection against such attacks.
Conventional (code correlating and differential) GPS receivers
are not
suitable for location authentication because they compute
latitude,
longitude and height directly from the GPS signals. Thus, anyone
can report an arbitrary set of coordinates and there is no way of knowing if
the
coordinates were actually calculated by a GPS receiver at that
location. A hacker could intercept the coordinates transmitted by a
legitimate
user and then replay those coordinates in order to gain entry. Typical
code
correlating receivers, available to civilian users, are also
limited to 100 meter accuracy. The CyberLocator sensors achieve meter (or
better)
accuracy by employing differential GPS techniques at the host, which has
access to
its own GPS signals as well as those of the client. DGPS methods
attenuate the satellite orbit errors and cancel SA dithering effects.
Where it works
Location-based authentication is ideal for protecting fixed
sites. If a
company operates separate facilities, it could be used to
restrict access
or sensitive transactions to clients located at those sites. For
example, a small (7 cm x 7 cm) GPS antenna might be placed on the rooftop of
each
facility and connected by cable to a location signature sensor
within the
building. The sensor, which would be connected to the site's
local area
network, would authenticate the location of all users attempting
to enter
the protected network. Whenever a user ventured outside the
network, the
sensor would supply the site's location signature. Alternatively,
rather
than using a single sensor, each user could be given a seeninte
device,
programmed to provide a unique signature for that user.
Location-based
authentication could facilitate telecommuting by countering the
vulnerabilities associated with remote access over dial-in lines
and
Internet connections. All that would be needed is a reasonably
unobstructed view of the sky at the employee's home or remote
office.
Related application environments include home banking, remote
medical
diagnosis and remote process control. Although it is desirable
for an
antenna to be positioned with full view of the sky, this is not
always
necessary. If the location and environment are known in advance,
then the
antenna can be placed on a window with only a limited view of the
sky. The environment would be taken into account when the signals are
processed at
the host.
For remote authentication to succeed, the client and host must be
within 2,000 to 3,000 kilometers of each other so that their GPS sensors
pick up signals from some of the same satellites. By utilizing a few
regionally deployed location signature sensors (LSS), this reach can be extended to a
global basis. For example, suppose that a bank in Munich needs to conduct a transaction with a bank in New York and that a London-based LSS
provides a bridge into Europe. Upon receiving the location signatures from London and
Munich, the New York bank can verify the location of the Munich
bank relative to the London LSS and the London LSS relative to its own location in New
York.
The technology is also applicable to mobile computing. In many situations, it would be
possible to know the general vicinity where an
employee is expected to be present and to use that information as a basis for authentication. Even if the location cannot be
known in advance,
the mere fact that remote users make their locations available will
substantially enhance their authenticity. In his new book, The Road Ahead, Bill
Gates predicts that wallet PCs, networked to the information highway,
will have built-in GPS receivers as navigational assistants. With the
CyberLocator technology, these PC receivers can also perform authentication while being
a factor of ten less expensive than conventional code correlating receivers (most of the processing is executed in the host rather than
the remote units), which only achieve 100 meter accuracy, and a factor of a hundred less expensive than conventional DGPS receivers.
Location-based authentication is a powerful new tool that can provide a new
dimension of network security never before possible. The CyberLocator
technology is currently operational in a portable demonstration.
Dorothy E. Denning is professor of computer science at Georgetown
University (Washington, D.C.) and consultant to ISR. She can be
reached at
202-687-5703 or denning@cs.georgetown.edu. Peter F. MacDoran is
president
and CEO of International Series Research, Inc. (Boulder, CO). He
can be
reached at 303-447- 0300 or pmacdorn@isrinc.com.
Rebuttals