Implementing an effective authentication method
Now that we understand the importance of authentication, let’s discuss how to implement it. The most trivial way to authenticate is to use a password. In our smart meter example, the device could send a password to the grid control system. The server would verify the password and then authorize further transactions. While this method is easy to understand, it is by far not the best one. An attacker could quite easily spy on the communication, record the password, and re-use it to authenticate a non-genuine piece of equipment. For this reason, we consider password-based authentication as weak.
A much better way to perform authentication in the digital world is the challenge-response method. Let’s take a look at two flavors of the challenge-response method: one based on symmetric cryptography and another one based on asymmetric cryptography.
Symmetric cryptography-based authentication relies on a shared secret. The host and the device to be authenticated hold the same secret number. The host sends a random number, the challenge, to the device. The device computes a digital signature as a function of the secret and the challenge and sends it back to the device. The host then runs the same computation and compares the result. If both computations match, then the device is authenticated – see figure 1.