Javascript is required
logo-dastralogo-dastra

Strong authentication

Strong authentication
Paul-Emmanuel Bidault
Paul-Emmanuel Bidault
26 December 2023·4 minutes read time

Strong authentication (generally based on a single factor) is authentication based on a cryptographic mechanism whose parameters and security are considered to be robust (the secret element is generally a cryptographic key).

Authentication protocols that can be considered strong are often based on challenge-response protocols.

The message sent by the prover to authenticate himself depends on both a secret key and a variable challenge sent by the verifier.

When a prover wishes to prove his identity to a verifier, the latter sends him a challenge (a random value for example) and the prover must send him a response calculated from this specific challenge (a signature of this challenge for example).

In order to be considered as strong, authentication must be based on a cryptographic protocol which is able to resist certain attacks such as :

  • eavesdropping, in which an attacker passively eavesdrops on the communication channel between the prover and the verifier;
  • replay attacks, which consist of an attacker recovering authentication information (such as a password or its fingerprint) and using this information to replay it in order to usurp the target's identity;
  • man-in-the-middle attacks, in which an attacker intercepts and modifies communications between the prover and the verifier during authentication without being detected;
  • non-forgeability: if an attacker observes several authentication exchanges with a prover, he must not be able to usurp the prover's identity in a new authentication exchange.

Examples of strong authentication based on a possession factor include :

  • certificate-based authentication (stored on smart cards, for example) ;
  • the FIDO2 and FIDO U2F protocols ;
  • OTP** (One-Time Password) protocols such as HOTP (HMAC-based OTP [32]), TOTP (Time- based OTP [34]) or OCRA (OATH Challenge-Response Algorithm [33]).

In each of these cases, the prover proves his identity to the verifier by indirectly demonstrating possession of a cryptographic key which must remain secret.

Examples of strong authentication based on a knowledge factor include :

  • the Kerberos protocol [27] ;
  • PAKE (Password-Authenticated Key Agreement) protocols such as SPAKE2 [3] or OPAQUE [20].

Dastra helps you comply with the GDPR, request a demo to find out more.

Subscribe to our newsletter

We will send you a few emails to keep you informed of our news and what's new in our solution

* You will always be able to unsubscribe on each newsletter. Learn more.