Properties of identification protocols

Identification protocols may have many properties. Properties of interest to users include:

  • 1. reciprocity’ of identification. Either one or both parties may corroborate their identities to the other, providing, respectively, unilateral or mutual identification. Some techniques, such as fixed-password schemes, may be susceptible to an entity posing as a verifier simply in order to capture a claimant’s password.
  • 2. computational efficiency. The number of operations required to execute a protocol.

3. communication efficiency. This includes the number of passes (message exchanges) and the bandwidth required (total number of bits transmitted).

More subtle properties include:

  • 4. real-time involvement of a third party (if any). Examples of thud parties include an on-line trusted third party to distribute common symmetric keys to communicating entities for authentication purposes; and an on-line (untrusted) directory sendee for distributing public-key certificates, supported by an off-line certification authority (see Chapter 13).
  • 5. nature of trust required in a third party> (if any). Examples include trusting a thud party to correctly authenticate and bind an entity’s name to a public key; and trusting a third party with knowledge of an entity’s private key.
  • 6. nature of security guarantees. Examples include provable security and zero-knowledge properties (see §10.4.1).
  • 7. storage of secrets. This includes the location and method used (e.g., software only, local disks, hardware tokens, etc.) to store ciitical keying material.

Relation between identification and signature schemes

Identification schemes are closely related to, but simpler than, digital signature schemes, which involve a variable message and typically provide a non-repudiation feature allowing disputes to be resolved by judges after the fact. For identification schemes, the semantics of the message are essentially fixed - a claimed identity at the current instant in time. The claim is either corroborated or rejected immediately, with associated privileges or access either granted or denied in real time. Identifications do not have “lifetimes” as signatures do[1] - disputes need not typically be resolved afterwards regarding a prior identification, and attacks which may become feasible in the future do not affect the validity of a prior identification. In some cases, identification schemes may also be converted to signature schemes using a standard technique (see Note 10.30).

  • [1] Some identification techniques involve, as a by-product, the grantmg of tickets which provide tune-huntedaccess to specified resources (see Chapter 13).
 
Source
< Prev   CONTENTS   Source   Next >