Content deleted Content added
m Reverted edits by 121.200.57.14 (talk) to last revision by 134.35.24.238: not providing a reliable source (WP:CITE, WP:RS) |
Minor rewording |
||
| (16 intermediate revisions by 14 users not shown) | |||
Line 1:
{{Short description|Type of cryptographic protocol}}
An '''authentication protocol''' is a type of computer [[communications protocol]] or [[cryptographic protocol]] specifically designed for transfer of [[authentication
▲[[authentication|n]] data between two entities. It allows the receiving entity to authenticate the connecting entity (e.g. Client connecting to a Server) as well as authenticate itself to the connecting entity (Server to a client) by declaring the type of information needed for authentication as well as syntax.<ref>{{cite web|url = https://www.sans.org/reading-room/whitepapers/authentication/overview-authentication-methods-protocols-118|title = An Overview of Different Authentication Methods and Protocols|date = 23 October 2001|access-date = 31 October 2015|website = www.sans.org|publisher = SANS Institute|last = Duncan|first = Richard}}</ref> It is the most important layer of protection needed for secure communication within computer networks.
==Purpose ==
Line 20 ⟶ 19:
===Authentication protocols developed for PPP [[Point-to-Point Protocol]]===
Protocols are used mainly by [[Point-to-Point Protocol]] (PPP) servers to validate the identity of remote clients before granting them access to server data. Most of them use a password as the cornerstone of the authentication. In most cases, the password has to be shared between the communicating entities in advance.<ref>{{cite
[[File:PAP 2way handshake.png|thumb|PAP 2-way handshake scheme|461x461px]]
Line 28 ⟶ 27:
====CHAP - [[Challenge-handshake authentication protocol]]====
The authentication process in this protocol is always
====[[Extensible Authentication Protocol|EAP - Extensible Authentication Protocol]]====
EAP was originally developed for PPP(Point-to-Point Protocol) but today is widely used in [[IEEE 802.3]], [[IEEE 802.11]](WiFi) or [[IEEE 802.16]] as a part of [[IEEE 802.1x]] authentication framework. The latest version is standardized in RFC 5247. The advantage of EAP is that it is only a general authentication framework for client-server authentication - the specific way of authentication is defined in its many versions called EAP-methods. More than 40 EAP-methods exist, the most common are:
Line 49 ⟶ 48:
[[Remote Authentication Dial-In User Service]] (RADIUS) is a full [[AAA (computer security)|AAA protocol
]] commonly used by [[ISP]]s. Credentials are mostly username-password combination based, and it uses [[Network access server|NAS]] and [[User Datagram Protocol|UDP]] protocol for transport.<ref>{{cite web|url = http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-1/user/guide/acsuserguide/rad_tac_phase.html|title = AAA protocols|access-date = 31 October 2015|website = www.cisco.com|publisher = CISCO}}</ref>
====[[DIAMETER]]====
[[Diameter (protocol)]] evolved from RADIUS and involves many improvements such as usage of more reliable TCP or [[SCTP]] transport protocol and higher security thanks to [[Transport Layer Security|TLS]].<ref>{{cite web|url = http://www.ibm.com/developerworks/wireless/library/wi-diameter/|title = Introduction to Diameter|date = 24 January 2006|access-date = 31 October 2015|website = www.ibm.com|publisher = IBM|last = Liu|first = Jeffrey}}</ref>
===Other===
| |||