The idea of strong authentication implemented in cryptographic protocols is as follows. The verified (proving) party proves its authenticity to the relying party, demonstrating knowledge of some secret. For example, this secret can be pre-shared in a secure manner between the parties to the authentication exchange. The proof of knowledge of the secret is carried out using a sequence of requests and answers using cryptographic methods and means.
It is significant that the prover demonstrates only knowledge of the secret, but the secret itself is not revealed during the authentication exchange. This is ensured by the prover’s responses to various relying party requests. In this case, the resulting query depends only on the user secret and the initial query, which usually represents a large number arbitrarily selected at the beginning of the protocol.
In most cases, strong authentication is that each user is authenticated on the basis of ownership of his private key. In other words, the user is able to determine whether his communication partner owns the proper secret key and whether he can use this key to confirm that he is indeed a genuine information exchange partner.
Types of Strong Authentication Procedures
The following types of strong authentication procedures are distinguished:
- one-way authentication;
- two-way authentication;
- tripartite authentication.
One-way authentication provides for the exchange of information in only one direction.
Two-way authentication as compared to one-way authentication contains an additional response of the relying party to the prover, which should convince her that the connection is established with the party to which the authentication data was intended
Three-way authentication contains additional data transfer from the prover to the verifier. This approach eliminates the use of timestamps during authentication.
It should be noted that this classification is rather arbitrary. In practice, the set of techniques and tools used depends directly on the specific conditions of the authentication process. It should be taken into account that strict authentication requires the parties to agree on the cryptographic algorithms used and additional parameters.
Before proceeding to the consideration of specific options for strong authentication protocols, we should dwell on the purpose and capabilities of the so-called one-time parameters used in authentication protocols. Disposable parameters are sometimes also called nonces – this is a value used for the same purpose no more than once. Among the disposable parameters used today, it is worth highlighting: random numbers, time stamps, and sequence numbers.
One-time parameters allow you to avoid retransmission, substitution of the authentication exchange side and attacks with the choice of clear text. With their help, it is possible to ensure uniqueness, uniqueness and temporary guarantees of transmitted messages. Various types of one-time parameters can be used both separately and complement each other.
It should be noted that one-time parameters are widely used in other versions of cryptographic protocols (for example, in key information distribution protocols).
Depending on the cryptographic algorithms used, strong authentication protocols are divided into protocols based on:
- on symmetric encryption algorithms;
- unidirectional key hash functions;
- asymmetric encryption algorithms;
- electronic digital signature algorithms.