* 4 *

Authentication hints

  1. Explain what is meant by entity authentication and origin authentication. Entity auithentication is about determining the identity of objects. Origin authentication is abut determining the location of objects.
  2. Explain how encryption can play a role in authenticating an entity. If there is some shared secret of key pair, and the keys are secure, then only the holder of a key can encrypt/decrypt a message. That means that a properly encrypted message or signature can only be decrypted if it has come from someone with a knowledge of the key.
  3. What is meant by replay attack? How can one protect against such an attack? This is where one simply records an earlier session and tries to play back the responses in a challenge response scenario.
  4. Explain how a challenge response system can be designed so that it is not necessary to send a password over the network.One time passwords. The password can instead be used as part of a key to encrypt a message. Only the holder of the password would be able to do this, but it is not necessary to send the actual password over the network.