User Oriented Goals

When it comes to entity authentication authors seem to have had a harder time deciding what should be an extensional goal, and in section 2 it was seen that most resort to intensional specifications. One reason for this may be that it is difficult to be clear on the purpose of entity authentication in the absence of key establishment. In fact Bellare and Rogaway [5] have stated:

...entity authentication is rarely useful in the absence of an associated key distribution, while key distribution, all by itself, it not only useful, but it is not appreciably more so when an entity authentication occurs along side ...by the time you become aware of [an entity authentication] there will be no particular reason to believe that the partner is still ``out there'' anyway.

There are situations when entity authentication by itself may be useful, such as when using a secured communication channel. But it is important to appreciate exactly what it provides. Imagine user A having received some messages in an entity authentication protocol. What is it that she can hope to have learned from those messages? One aspect is that user B is really out there now, somewhere on the network. This is the liveness property we have already seen. The only other assurance that seems relevant is to know that B is ready to engage in communication with A .

Considering again the fundamental elements used in authentication protocols this seems to be all that can be achieved. A session key is no longer relevant; therefore messages can convey freshness, or principals with which communication is desired. Combining these leads to a proposed extensional definition of entity authentication. (There are several alternative ways of expressing this property which all indicate that A is authenticated to B only if A is prepared to engage in communications with B .)

Entity Authentication

of A to B . B accepts A only if principal A wishes to communicate with B .

The two subgoals of Entity Authentication are that A once wished to communicate with B , and that A wishes to communicate with an unknown principal. The latter of these is the liveness property discussed before, similar to goal SVO1. Notice that it is straightforward to extend this definition to a multi-party goal of entity authentication of A to a group of users $\cal U$: the principal A wishes to communicate with the principals in $\cal U$.