Logout Open In App
Open In App
Warning: foreach() argument must be of type array|object, bool given in /var/www/html/web/app/themes/studypress-core-theme/template-parts/header/mobile-offcanvas.php on line 20

Chapter 8: Problem 15

One mechanism for resisting "replay" attacks in password authentication is to use one-time passwords: A list of passwords is prepared, and once password \([N]\) has been accepted, the server decrements \(N\) and prompts for password \([N-1]\) next time. At \(N=0\) a new list is needed. Outline a mechanism by which the user and server need only remember one master password \(m p\) and have available locally a way to compute password \([N]=f(m p, N)\). Hint: Let \(g\) be an appropriate one-way function (e.g., MD5) and let password \([N]=g^{N}(m p)=g\), applied \(N\) times to \(m p .\) Explain why knowing password \([N]\) doesn't help reveal password \([N-1]\).

Short Answer

Expert verified
Use a one-way function \(g\) to compute \(password[N] = g^N(m p)\). Knowing \(password[N]\) does not help in computing \(password[N-1]\) due to the one-way nature of \(g\).

Step by step solution

01

Understanding one-way functions

One-way functions are cryptographic functions that are easy to compute but hard to invert. This means if you know the output, it is computationally infeasible to determine the input. In this example, the one-way function is denoted as \(g\).
02

Define the master password

The master password \(m p\) is a secret password known only to the user and server. This will be the starting point for generating a list of passwords.
03

Initialize password generation

Given the master password \(m p\), the user and server can compute the first password in the sequence using the one-way function \(f(m p, N) = g^N(m p)\). For example, \(g^N(m p)\) means applying the function \(g\) to \(m p\) a total of \(N\) times.
04

Computing password \( [N] \)

To find password \([N]\), apply the one-way function \(g\) to the master password \(N\) times. Mathematically, this is written as \(password[N] = g^N(m p)\).
05

Computing password \([N-1]\)

To find the next password in the sequence, apply the one-way function one fewer time: \(password[N-1] = g^{N-1}(m p)\).
06

Security analysis

Knowing password \([N]\) does not reveal password \([N-1]\) because to find \(password[N-1]\) from \(password[N]\), one would need to invert the one-way function \(g\), which is computationally infeasible by design. Hence, even if an attacker captures password \([N]\), they cannot compute previous passwords.
07

Resetting the list

When the counter \(N\) reaches 0, a new list of passwords needs to be generated. This can be done by reinitializing the master password and computing again as needed using the same process.

Key Concepts

These are the key concepts you need to understand to accurately answer the question.

Password Authentication
Password authentication is the process of verifying that a user is who they claim to be, based on a password. In most cases, a user's password is checked against a stored password. The challenge is to ensure both security and usability. For enhanced security, one-time passwords (OTPs) can be used. OTPs are temporary passwords that are valid for only one login session or transaction. This makes them resistant to interception and replay attacks.
Replay Attacks
A replay attack occurs when an attacker captures a valid data transmission, such as a password or token, and retransmits it to gain unauthorized access. OTPs greatly mitigate this risk because they become invalid once they have been used. So, even if an attacker intercepts a one-time password, they can't reuse it in future attempts.
One-way Functions
One-way functions play a crucial role in generating secure passwords. These are cryptographic functions that are easy to compute in one direction but nearly impossible to reverse. In the context of OTP generation, a one-way function, such as MD5, is applied multiple times to a master password. For instance, if the master password is `mp` and the function is represented as `g`, then the OTP for step `N` can be written mathematically as `g^N(mp)`, meaning that the function `g` is applied `N` times to the master password.
Cryptographic Security
Cryptographic security ensures that information cannot be accessed or altered by unauthorized parties. Using cryptographic techniques, like one-way functions, in password generation enhances security. Notably, knowing the OTP for a particular step does not help an attacker determine previous or future passwords. This is due to the computational difficulty of reversing one-way functions, making it infeasible to derive the master password or other OTPs from the captured password. Cryptographic security thus provides robust defense mechanisms against various threats, including replay attacks and unauthorized access.

One App. One Place for Learning.

All the tools & learning materials you need for study success - in one app.

Get started for free

Most popular questions from this chapter

The Diffie-Hellman key exchange protocol is vulnerable to a "man-in-the- middle" attack. Explain how an adversary sitting between two participants can trick them into thinking they have established a shared secret between themselves, when in fact they have each established a secret with the adversary. Outline how DiffieHellman can be extended to protect against this possibility.

Suppose two people want to play poker over the network. To "deal" the cards they need a mechanism for fairly choosing a random number \(x\) between them; each party stands to lose if the other party can unfairly influence the choice of \(x\). Describe such a mechanism. Hint: You may assume that if either of two bit strings \(x_{1}\) and \(x_{2}\) are random, then the exclusive-OR \(x=x_{1} \oplus x_{2}\) is random.

Using the browser of your choice, find out what certification authorities for HTTPS your browser is configured by default to trust. Do you trust these agencies? Find out what happens when you disable trust of some or all of these certification authorities.

Suppose you want your filter-based firewall to block all incoming Telnet connections, but to allow outbound Telnet connections. One approach would be to block all inbound packets to the designated Telnet port (23). (a) We might want to block inbound packets to other ports as well, but what inbound TCP connections must be permitted in order not to interfere with outbound Telnet? (b) Now suppose your firewall is allowed to use the TCP header Flags bits in addition to the port numbers. Explain how you can achieve the desired Telnet effect here while at the same time allowing no inbound TCP connections.

Suppose we have a very short secret \(s\) (e.g., a single bit or even a Social Security number), and we wish to send someone else a message \(m\) now that will not reveal \(s\) but that can be used later to verify that we did know \(s\). Explain why \(m=\operatorname{MD} 5(s)\) or \(m=\mathrm{E}(s)\) with RSA encryption would not be secure choices, and suggest a better choice.
See all solutions

Recommended explanations on Computer Science Textbooks

Databases

Read Explanation

Computer Organisation and Architecture

Read Explanation

Computer Network

Read Explanation

Game Design in Computer Science

Read Explanation

Data Structures

Read Explanation

Functional Programming

Read Explanation
View all explanations

What do you think about this solution?

We value your feedback to improve our textbook solutions.

Study anywhere. Anytime. Across all devices.

Sign-up for free