A nonce-based user authentication protocol

A: What is a nonce

Wikipedia : in Security engineering , A Nonce is a number that can only be used once in an encrypted communication. In the authentication protocol, it is often a random or pseudo -random number to avoid replay attacks.

II: Examples

A typical nonce-based authentication protocol is as follows:

The cnonce here is the client nonce (which will be discussed later why cnonce is needed). The Client does not send the password directly (or ciphertext encrypted directly after the password) to prevent the attacker from stealing the password directly (or ciphertext after the password is encrypted) and impersonating the user for authentication.

Do not consider the Client nonce first. The server first sends the nonce to Client,client and then commits the password and nonce through the hash operation to the Server for authentication, so that we can assume (rather than absolutely) that each time the hash value used for authentication is different, even if the attacker steals the previous one for The hash value of the authentication is also unable to impersonate the user to log on. The formula is as follows:

A = Hash (nonce, password)

In an insecure network environment, A, nonce, Hash algorithm can be obtained by the attacker, if the following conditions can be met:

1. The nonce is used only once.
2. Hash operation does not conflict

An attacker would theoretically not be able to implement Replay attack. Therefore, the nonce is used only once in a particular context and the Hash algorithm avoids conflicts as much as possible is the key to security. To ensure that the nonce is used only once in a particular context, you can generate a nonce using the following strategies:

• A nonce can be a time-dependent variable
• A nonce can be a long enough bits generated by enough random algorithms

The above algorithms are difficult to prevent attackers from using a dictionary for password cracking. One possible method is: An attacker can intercept a in a = Hash (nonce, password), nonce, and then crack the user's password password through a dictionary. However, the process of cracking is time consuming, and using a medium-sized cluster (Medium-scale cluster) can take weeks, and if you expect to crack thousands of users ' passwords, you will consume a significant amount of time.

If an attacker is able to build an precomputed table (for example, Rainbow tables), then the time to crack a large number of user passwords will be greatly shortened. The nonce blocks the generation of the precomputed tables (because the Server nonce is different every time), but the situation is different if the data transferred in the network can be tampered with. Suppose an attacker forges a fixed nonce to send to clients in the network and records the Nonce and Clients Responses (Hash (nonce, password)), and because the nonce is a fixed value, the attacker can construct an precomputed table that uses This fixed nonce. This table can greatly shorten the time to crack the user's password.

In order to prevent attackers from using the above methods to build an estimated table. A nonce was also introduced in the Client. This way, each time a different cnonce prevents the generation of the precomputed table.

A nonce-based user authentication protocol