Shared secret keys can also be used to authenticate credentials. Cryptographic authentication assures Alice that her electronic contact is the genuine Bob and not someone masquerading as Bob-unless the masquerader has stolen a copy of Alice and Bob's shared secret key. Here's how Alice is assured it's the authentic Bob.
If Bob wants to send Alice information via computer, all Alice knows is that her phone rings, the modem picks up, and some computer requests access to her computer. Is it Bob? Or is it our book's bad guy, the nefarious BlackHat? How can Alice feel somewhat secure that it's Bob without seeing his face, hearing his voice, or asking for his mother's maiden name? She needs a genuine electronic ID from Bob.
|Challenge and response: Alice authenticates Bob.|
If the computer requesting access to Alice's computer can verify that it knows Alice and Bob's shared secret key, Alice will feel more secure that it's Bob. But it would be foolish to ask Bob to send the secret key to prove it's his computer calling. BlackHat might be listening in and make a copy. Alice needs to know that the person on the other end of the line knows their secret key without either of them divulging it. A way to know whether the caller is the genuine, authentic Bob is called challenge and response. It's shown in Figure 7-4.
Figure 7-4 Alice authenticates Bob with a challenge and response protocol.
When the challenge and response protocol is completed, Alice is assured that the caller is Bob's computer. But note that Bob is not assured that the computer on the other end is Alice's because he has only responded to a challenge from someone he hopes is Alice. Bob must authenticate Alice, as shown in Figure 7-5.
Figure 7-5 Bob authenticates Alice.
An Authentication Attack
Now suppose that BlackHat has listened in and recorded the challenge and response. Later, if Alice challenged with 34 again, BlackHat could impersonate Bob because he knows that Alice and Bob's shared secret key encrypts 34 to %2. That is, BlackHat intercepts Alice's challenge (e.g., 34) before it gets to Bob. He uses the previously recorded response (e.g., %2) and correctly responds to Alice.
Because Alice wants to ensure that she never again challenges Bob with the same number, she picks a random number from a very big group of numbers. A good cryptographic system chooses a challenge between 1 and a very, very big number. How big is big enough? Imagine all the sand on earth in a pile. Choose a grain of sand, put the grain back in the pile, mix up the pile, and choose a grain again. It's unlikely the same grain will be chosen twice. In fact, it's unlikely you could find the same grain again.
Good random numbers draw from a set of even bigger numbers so that you're even more unlikely to choose the same number again. We look at randomness next. You'll find more detail about randomness in Appendix A.2
2. Although it's not shown here, passwords (and random values) should be long to prohibit BlackHat from successfully guessing them.