Identification objectives and applications
The general setting for an identification protocol involves a prover or claimant A and a verifier В. The verifier is presented with, or presumes beforehand, the purported identity of the claimant. The goal is to corroborate that the identity of the claimant is indeed A, i.e., to provide entity authentication.
- 10.1 Definition Entity authentication is the process whereby one party is assured (through acquisition of corroborative evidence) of the identity of a second party involved in a protocol, and that the second has actually participated (i.e., is active at, or immediately prior to, the time the evidence is acquired).
- 10.2 Remark (identification terminology) The terms identification and entity authentication are used synonymously throughout this book. Distinction is made between weak, strong, and zero-knowledge based authentication. Elsewhere in the literature, sometimes identification implies only a claimed or stated identity whereas entity authentication suggests a corroborated identity.
- (i) Objectives of identification protocols
From the point of view of the verifier, the outcome of an entity authentication protocol is either acceptance of the claimant’s identity as authentic (completion with acceptance), or termination without acceptance (rejection). More specifically, the objectives of an identification protocol include the following.
- 1. In the case of honest parties A and B, A is able to successfully authenticate itself to B, i.e., В will complete the protocol having accepted ,4’s identity.
- 2. (transferability) В cannot reuse an identification exchange with A so as to successfully impersonate A to a thud party C.
- 3. (impersonation) The probability is negligible that any party C distinct from A, carrying out the protocol and playing the role of .4, can cause В to complete and accept ri’s identity. Here negligible typically means “is so small that it is not of practical significance”; the precise definition depends on the application.
- 4. The previous points remain true even if: a (polynomially) large number of previous authentications between A and В have been observed; the adversary C has participated in previous protocol executions with either or both A and B and multiple instances of the protocol, possibly initiated by C, may be run simultaneously.
The idea of zero-knowledge-based protocols is that protocol executions do not even reveal any partial information which makes C’s task any easier whatsoever.
An identification (or entity authentication) protocol is a “real-time” process in the sense that it provides an assurance that the party being authenticated is operational at the time of protocol execution - that party is taking part, having carried out some action since the start of the protocol execution. Identification protocols provide assurances only at the particular instant in time of successful protocol completion. If ongoing assurances are required, additional measures may be necessary; see §10.5.
(ii) Basis of identification
Entity authentication techniques may be divided into three main categories, depending on which of the following the security is based:
- 1. something known. Examples include standard passwords (sometimes used to derive a symmetric key), Personal Identification Numbers (PINs), and the secret or private keys whose knowledge is demonstrated in challenge-response protocols.
- 2. something possessed. This is typically a physical accessory, resembling a passport in function. Examples include magnetic-striped cards, chipcards (plastic cards the size of credit cards, containing an embedded microprocessor or integrated circuit; also called smart cards or 1C cards), and hand-held customized calculators (password generators) which provide time-variant passwords.
- 3. something inherent (to a human individual). This category includes methods which make use of human physical characteristics and involuntary actions (biometrics), such as handwritten signatures, fingerprints, voice, retinal patterns, hand geometries, and dynamic keyboarding characteristics. These techniques are typically non- cryptographic and are not discussed further here.
- (iii) Applications of identification protocols
One of the primary purposes of identification is to facilitate access control to a resource, when an access privilege is linked to a particular identity (e.g., local or remote access to computer accounts; withdrawals from automated cash dispensers; communications permissions through a communications port; access to software applications; physical entry to restricted areas or border crossings). A password scheme used to allow access to a user’s computer account may be viewed as the simplest instance of an access control matrix: each resource has a Ust of identities associated with it (e.g., a computer account which authorized entities may access), and successful corroboration of an identity allows access to the authorized resources as listed for that entity. In many applications (e.g., cellular telephony) the motivation for identification is to allow resource usage to be tracked to identified entities, to facilitate appropriate billing. Identification is also typically an inherent requirement in authenticated key establishment protocols (see Chapter 12).