Authentication protocol: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 00:21, 13 September 2022 edit 95.185.221.220 (talk) No edit summary Tags: Reverted Mobile edit Mobile web edit ← Previous edit		Latest revision as of 23:19, 10 July 2024 edit undo 96.82.74.94 (talk) Minor rewording Tag: Visual edit
(10 intermediate revisions by 9 users not shown)
Line 1: {{Short description\|Type of cryptographic protocol}} An '''authentication protocol''' is a type of computer [[communications protocol]] or [[cryptographic protocol]] specifically designed for transfer of [[authentication]] data between two entities. It allows the receiving ~~entity٠~~entity to authenticate the connecting entity (e.g. Client connecting to a Server) as well as authenticate itself to the connecting entity (Server to a client) by declaring the type of information needed for authentication as well as syntax.<ref>{{cite web\|url = https://www.sans.org/reading-room/whitepapers/authentication/overview-authentication-methods-protocols-118\|title = An Overview of Different Authentication Methods and Protocols\|date = 23 October 2001\|access-date = 31 October 2015\|website = www.sans.org\|publisher = SANS Institute\|last = Duncan\|first = Richard}}</ref> It is the most important layer of protection needed for secure communication within computer networks. ==Purpose == Line 19: ===Authentication protocols developed for PPP [[Point-to-Point Protocol]]=== Protocols are used mainly by [[Point-to-Point Protocol]] (PPP) servers to validate the identity of remote clients before granting them access to server data. Most of them use a password as the cornerstone of the authentication. In most cases, the password has to be shared between the communicating entities in advance.<ref>{{cite ~~document~~CiteSeerX\|title = Public-key cryptography and password protocols\|last = Halevi\|first = Shai\| year=1998 \| pages=230–268 \|citeseerx = 10.1.1.45.6423}}</ref> [[File:PAP 2way handshake.png\|thumb\|PAP 2-way handshake scheme\|461x461px]] Line 27: ====CHAP - [[Challenge-handshake authentication protocol]]==== The authentication process in this protocol is always ~~initialized~~initiated by the server/host and can be performed anytime during the session, even repeatedly. ~~Server~~The server sends a random string (usually 128B long). The client uses the password and the string received as ~~parameters~~input ~~for~~to ~~MD5~~a hash function and then sends the result together with username in plain text. ~~Server~~The server uses the username to apply the same function and compares the calculated and received hash. An authentication is successful orwhen the calculated and received hashes ~~unsuccessful~~match. ====[[Extensible Authentication Protocol\|EAP - Extensible Authentication Protocol]]==== EAP was originally developed for PPP(Point-to-Point Protocol) but today is widely used in [[IEEE 802.3]], [[IEEE 802.11]](WiFi) or [[IEEE 802.16]] as a part of [[IEEE 802.1x]] authentication framework. The latest version is standardized in RFC 5247. The advantage of EAP is that it is only a general authentication framework for client-server authentication - the specific way of authentication is defined in its many versions called EAP-methods. More than 40 EAP-methods exist, the most common are: Line 48: [[Remote Authentication Dial-In User Service]] (RADIUS) is a full [[AAA (computer security)\|AAA protocol ]] commonly used by [[ISP]]s. Credentials are mostly username-password combination based, and it uses [[Network access server\|NAS]] and [[User Datagram Protocol\|UDP]] protocol for transport.<ref>{{cite web\|url = http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-1/user/guide/acsuserguide/rad_tac_phase.html\|title = AAA protocols\|access-date = 31 October 2015\|website = www.cisco.com\|publisher = CISCO}}</ref> ====[[DIAMETER]]==== [[Diameter (protocol)]] evolved from RADIUS and involves many improvements such as usage of more reliable TCP or [[SCTP]] transport protocol and higher security thanks to [[Transport Layer Security\|TLS]].<ref>{{cite web\|url = http://www.ibm.com/developerworks/wireless/library/wi-diameter/\|title = Introduction to Diameter\|date = 24 January 2006\|access-date = 31 October 2015\|website = www.ibm.com\|publisher = IBM\|last = Liu\|first = Jeffrey}}</ref> ===Other===