Challenge-Response Authentication
The challenge-response procedure (translated as request-response procedure ) is a secure authentication procedure for a participant based on knowledge. Here, one participant sets a task ( challenge ) that the other has to solve ( response ) in order to prove that he knows certain information ( shared secret ) without transmitting this information himself. This is a protection against the fact that the password can be overheard by attackers on the line.
There are different methods for this in detail, based on this basic principle: If one side ( usually called Alice in cryptography ) wants to authenticate to another side (usually called Bob ), Bob sends a random number N ( nonce ) to Alice (So Bob presents the challenge). Alice adds her password to this number N, applies a cryptological hash function or encryption to this combination and sends the result to Bob (and thus provides the response). Bob, who knows both the random number and the shared secret (= Alice's password) and the hash function or encryption used, carries out the same calculation and compares his result with the response he receives from Alice. If both data are identical, Alice has successfully authenticated herself.
Attacks
However, an attacker listening in on the line has the option of launching a so-called known plain text attack . To do this, it records the random number ( challenge ) transmitted and the associated response and tries to use cryptanalytical methods to determine the password used. Such attacks have z. B. in GSM systems to success. Another possibility is the dictionary attack . Here the attacker guesses the password, uses it to encrypt the random number and compares his result with the response . In this way, version 4 of the Kerberos protocol could be successfully attacked. In this case, for example, the encrypted transmission of the random number from Bob to Alice can help. Another possibility for largely preventing this chosen plain text attack is to include a time stamp that is only valid for a short time in the challenge so that the response period expires before the attacker can guess the password. In order to make a retransmission ( replay attack ) of an intercepted response unsuccessful, it must also be ensured that the random number in the challenge changes with each connection or session and that long-term collection of the response responses by the attacker is not worthwhile; this is achieved by the expiry of the time stamp.
disadvantage
It must be ensured that the password hash, which is on the server side, can be generated on the client side. Otherwise the password would have to be saved in clear text on the server side. With hashing algorithms with salt , the client must have this in order to generate the hash on the client side.
Another disadvantage is that the secret must also be available on the client side (Alice) in plain text so that the client can pretend to be an unauthorized user. This can be remedied by calculating the response on a chip card, but then you have the problem again that you have to ensure that no unauthorized person is using Alice's chip card.
application
Applications finds the challenge-response authentication in APOP -Authentifikationsverfahren the POP3 - protocol , in the CHAP authentication for PPP Network Connections (eg. ADSL - or modem -Internetverbindungen) or CRAM-MD5 method.
Apple's version of the VNC protocol for screen sharing also uses a challenge-response procedure for logging in.
Web links
- RFC 2195 - IMAP / POP AUTHorize Extension for Simple Challenge / Response
- Unencapsulated MS-CHAP v2 Authentication Could Allow Information Disclosure .
Individual evidence
- ^ Albrecht Beutelspacher: Kryptologie. Springer DE, 2009, ISBN 9783834896063 , page 76.