Jump to content

Authentication protocol: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
Tag: Reverted
Minor rewording
 
(38 intermediate revisions by 31 users not shown)
Line 1: Line 1:
{{Short description|Type of cryptographic protocol}}
{{course assignment | course = Education Program:University College London/MSIN1003 Information World (Autumn 2015) | term = 2015 Q3}}
An '''authentication protocol''' is a type of computer [[communications protocol]] or [[cryptographic protocol]] specifically designed for transfer of [[authentication]] data between two entities. It allows the receiving entity to authenticate the connecting entity (e.g. Client connecting to a Server) as well as authenticate itself to the connecting entity (Server to a client) by declaring the type of information needed for authentication as well as syntax.<ref>{{cite web|url = https://www.sans.org/reading-room/whitepapers/authentication/overview-authentication-methods-protocols-118|title = An Overview of Different Authentication Methods and Protocols|date = 23 October 2001|accessdate = 31 October 2015|website = www.sans.org|publisher = SANS Institute|last = Duncan|first = Richard}}</ref> It is the most important layer of protection needed for secure communication within computer networks.
An '''authentication protocol''' is a type of computer [[communications protocol]] or [[cryptographic protocol]] specifically designed for transfer of [[authentication]] data between two entities. It allows the receiving entity to authenticate the connecting entity (e.g. Client connecting to a Server) as well as authenticate itself to the connecting entity (Server to a client) by declaring the type of information needed for authentication as well as syntax.<ref>{{cite web|url = https://www.sans.org/reading-room/whitepapers/authentication/overview-authentication-methods-protocols-118|title = An Overview of Different Authentication Methods and Protocols|date = 23 October 2001|access-date = 31 October 2015|website = www.sans.org|publisher = SANS Institute|last = Duncan|first = Richard}}</ref> It is the most important layer of protection needed for secure communication within computer networks.


==Purpose ==
==Purpose ==


With the increasing amount of trustworthy information being accessible over the network, the need for keeping unauthorized persons from access to this data emerged. Stealing someone's identity is easy in the computing world - special verification methods had to be invented to find out whether the person/computer requesting data is really who he says he is.<ref>{{cite web|url = http://www.techrepublic.com/article/understanding-and-selecting-authentication-methods/|title = Understanding and selecting authentication methods|date = 28 August 2001|accessdate = 30 October 2015|website = www.techrepublic.com|publisher = |last = Shinder|first = Deb}}</ref> The task of the authentication protocol is to specify the exact series of steps needed for execution of the authentication. It has to comply with the main protocol principles:
With the increasing amount of trustworthy information being accessible over the network, the need for keeping unauthorized persons from access to this data emerged. Stealing someone's identity is easy in the computing world - special verification methods had to be invented to find out whether the person/computer requesting data is really who he says he is.<ref>{{cite web|url = http://www.techrepublic.com/article/understanding-and-selecting-authentication-methods/|title = Understanding and selecting authentication methods|date = 28 August 2001|access-date = 30 October 2015|website = www.techrepublic.com|last = Shinder|first = Deb}}</ref> The task of the authentication protocol is to specify the exact series of steps needed for execution of the authentication. It has to comply with the main protocol principles:
# A Protocol has to involve two or more parties and everyone involved in the protocol must know the protocol in advance.
# A Protocol has to involve two or more parties and everyone involved in the protocol must know the protocol in advance.
# All the included parties have to follow the protocol.
# All the included parties have to follow the protocol.
Line 14: Line 14:
# Alice sends Bob her password in a packet complying with the protocol rules.
# Alice sends Bob her password in a packet complying with the protocol rules.
# Bob checks the received password against the one stored in his database. Then he sends a packet saying "Authentication successful" or "Authentication failed" based on the result.<ref>{{Cite book|title = Fundamentals of Cryptology|last = van Tilborg|first = Henk C.A.|publisher = Kluwer Academic Publishers|year = 2000|isbn = 0-7923-8675-2|location = Massachusetts|pages = 66–67}}</ref>
# Bob checks the received password against the one stored in his database. Then he sends a packet saying "Authentication successful" or "Authentication failed" based on the result.<ref>{{Cite book|title = Fundamentals of Cryptology|last = van Tilborg|first = Henk C.A.|publisher = Kluwer Academic Publishers|year = 2000|isbn = 0-7923-8675-2|location = Massachusetts|pages = 66–67}}</ref>
This is an example of a very basic authentication protocol vulnerable to many threats such as [[eavesdropping]], [[replay attack]], [[man-in-the-middle]] attacks, dictionary attacks or brute-force attacks. Most authentication protocols are more complicated in order to be resilient against these attacks.<ref>{{Cite book|title = Internet Cryptography|last = Smith|first = Richard E.|publisher = Addison Wesley Longman|year = 1997|isbn = 0-201-92480-3|location = Massachusetts|pages = [https://archive.org/details/internetcryptogr0000smit/page/1 1–27]|url = https://archive.org/details/internetcryptogr0000smit/page/1}}</ref>
This is an example of a very basic authentication protocol vulnerable to many threats such as [[eavesdropping]], [[replay attack]], [[man-in-the-middle]] attacks, [[Dictionary attack|dictionary attacks]] or [[Brute-force attack|brute-force attacks]]. Most authentication protocols are more complicated in order to be resilient against these attacks.<ref>{{Cite book|title = Internet Cryptography|last = Smith|first = Richard E.|publisher = Addison Wesley Longman|year = 1997|isbn = 0-201-92480-3|location = Massachusetts|pages = [https://archive.org/details/internetcryptogr0000smit/page/1 1–27]|url = https://archive.org/details/internetcryptogr0000smit/page/1}}</ref>


==Types==
==Types==


===Authentication protocols developed for PPP [[Point-to-Point Protocol]]===
===Authentication protocols developed for PPP [[Point-to-Point Protocol]]===
Protocols are used mainly by [[Point-to-Point Protocol]] (PPP) servers to validate the identity of remote clients before granting them access to server data. Most of them use a password as the cornerstone of the authentication. In most cases, the password has to be shared between the communicating entities in advance.<ref>{{cite document|title = Public-key cryptography and password protocols|date = |publisher = |last = Halevi|first = Shai|citeseerx = 10.1.1.45.6423}}</ref>
Protocols are used mainly by [[Point-to-Point Protocol]] (PPP) servers to validate the identity of remote clients before granting them access to server data. Most of them use a password as the cornerstone of the authentication. In most cases, the password has to be shared between the communicating entities in advance.<ref>{{cite CiteSeerX|title = Public-key cryptography and password protocols|last = Halevi|first = Shai| year=1998 | pages=230–268 |citeseerx = 10.1.1.45.6423}}</ref>
[[File:PAP 2way handshake.png|thumb|PAP 2-way handshake scheme|461x461px]]
[[File:PAP 2way handshake.png|thumb|PAP 2-way handshake scheme|461x461px]]


====PAP - Password Authentication Protocol====
====PAP - Password Authentication Protocol====
[[Password Authentication Protocol]] is one of the oldest authentication protocols. Authentication is initialized by the client sending a packet with [[credentials]] (username and password) at the beginning of the connection, with the client repeating the authentication request until acknowledgement is received.<ref>{{cite web|url = http://data.cedupoint.cz/oppa_e-learning/2_KME/044.pdf|title = Autentizacní telekomunikacních a datových sítích|date = |accessdate = 31 October 2015|website = |publisher = CVUT Prague|last = Vanek|first = Tomas|archive-url = https://web.archive.org/web/20160304080620/http://data.cedupoint.cz/oppa_e-learning/2_KME/044.pdf|archive-date = 4 March 2016|url-status = dead}}</ref> It is highly insecure because credentials are sent "[[Plaintext|in the clear]]" and repeatedly, making it vulnerable even to the most simple attacks like [[eavesdropping]] and [[man-in-the-middle]] based attacks. Although widely supported, it is specified that if an implementation offers a stronger authentication method, that method ''must'' be offered before PAP. Mixed authentication (e.g. the same client alternately using both PAP and CHAP) is also not expected, as the CHAP authentication would be compromised by PAP sending the password in plain-text.
[[Password Authentication Protocol]] is one of the oldest authentication protocols. Authentication is initialized by the client sending a packet with [[credentials]] (username and password) at the beginning of the connection, with the client repeating the authentication request until acknowledgement is received.<ref>{{cite web|url = http://data.cedupoint.cz/oppa_e-learning/2_KME/044.pdf|title = Autentizacní telekomunikacních a datových sítích|access-date = 31 October 2015|publisher = CVUT Prague|last = Vanek|first = Tomas|archive-url = https://web.archive.org/web/20160304080620/http://data.cedupoint.cz/oppa_e-learning/2_KME/044.pdf|archive-date = 4 March 2016|url-status = dead}}</ref> It is highly insecure because credentials are sent "[[Plaintext|in the clear]]" and repeatedly, making it vulnerable even to the most simple attacks like [[eavesdropping]] and [[man-in-the-middle]] based attacks. Although widely supported, it is specified that if an implementation offers a stronger authentication method, that method ''must'' be offered before PAP. Mixed authentication (e.g. the same client alternately using both PAP and CHAP) is also not expected, as the CHAP authentication would be compromised by PAP sending the password in plain-text.


====CHAP - [[Challenge-handshake authentication protocol]]====
====CHAP - [[Challenge-handshake authentication protocol]]====


The authentication process in this protocol is always initialized by the server/host and can be performed anytime during the session, even repeatedly. Server sends a random string (usually 128B long). The client uses password and the string received as parameters for MD5 hash function and then sends the result together with username in plain text. Server uses the username to apply the same function and compares the calculated and received hash. An authentication is successful or unsuccessful.
The authentication process in this protocol is always initiated by the server/host and can be performed anytime during the session, even repeatedly. The server sends a random string (usually 128B long). The client uses the password and the string received as input to a hash function and then sends the result together with username in plain text. The server uses the username to apply the same function and compares the calculated and received hash. An authentication is successful when the calculated and received hashes match.


====EAP - [[https://en.wikipedia.org/wiki/Extensible_Authentication_Protocol|Extensible Authentication Protocol]]====
====[[Extensible Authentication Protocol|EAP - Extensible Authentication Protocol]]====


EAP was originally developed for PPP(Point-to-Point Protocol) but today is widely used in [[IEEE 802.3]], [[IEEE 802.11]](WiFi) or [[IEEE 802.16]] as a part of [[IEEE 802.1x]] authentication framework. The latest version is standardized in RFC 5247. The advantage of EAP is that it is only a general authentication framework for client-server authentication - the specific way of authentication is defined in its many versions called EAP-methods. More than 40 EAP-methods exist, the most common are:
EAP was originally developed for PPP(Point-to-Point Protocol) but today is widely used in [[IEEE 802.3]], [[IEEE 802.11]](WiFi) or [[IEEE 802.16]] as a part of [[IEEE 802.1x]] authentication framework. The latest version is standardized in RFC 5247. The advantage of EAP is that it is only a general authentication framework for client-server authentication - the specific way of authentication is defined in its many versions called EAP-methods. More than 40 EAP-methods exist, the most common are:
Line 48: Line 48:


[[Remote Authentication Dial-In User Service]] (RADIUS) is a full [[AAA (computer security)|AAA protocol
[[Remote Authentication Dial-In User Service]] (RADIUS) is a full [[AAA (computer security)|AAA protocol
]] commonly used by [[ISP]]. Credentials are mostly username-password combination based, it uses [[Network access server|NAS]] and [[User Datagram Protocol|UDP]] protocol for transport.<ref>{{cite web|url = http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-1/user/guide/acsuserguide/rad_tac_phase.html|title = AAA protocols|date = |accessdate = 31 October 2015|website = www.cisco.com|publisher = CISCO|last = |first = }}</ref>
]] commonly used by [[ISP]]s. Credentials are mostly username-password combination based, and it uses [[Network access server|NAS]] and [[User Datagram Protocol|UDP]] protocol for transport.<ref>{{cite web|url = http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-1/user/guide/acsuserguide/rad_tac_phase.html|title = AAA protocols|access-date = 31 October 2015|website = www.cisco.com|publisher = CISCO}}</ref>


====[[DIAMETER]]====
====[[DIAMETER]]====
[[Diameter (protocol)]] evolved from RADIUS and involves many improvements such as usage of more reliable TCP or SCTP transport protocol and higher security thanks to [[Transport Layer Security|TLS]].<ref>{{cite web|url = http://www.ibm.com/developerworks/wireless/library/wi-diameter/|title = Introduction to Diameter|date = 24 January 2006|accessdate = 31 October 2015|website = www.ibm.com|publisher = IBM|last = Liu|first = Jeffrey}}</ref>
[[Diameter (protocol)]] evolved from RADIUS and involves many improvements such as usage of more reliable TCP or [[SCTP]] transport protocol and higher security thanks to [[Transport Layer Security|TLS]].<ref>{{cite web|url = http://www.ibm.com/developerworks/wireless/library/wi-diameter/|title = Introduction to Diameter|date = 24 January 2006|access-date = 31 October 2015|website = www.ibm.com|publisher = IBM|last = Liu|first = Jeffrey}}</ref>


===Other===
===Other===
Line 57: Line 57:


====[[Kerberos (protocol)]]====
====[[Kerberos (protocol)]]====
Kerberos is a centralized network authentication system developed at [[MIT]] and available as a free implementation from MIT but also in many commercial products. It is the default authentication method in [[Windows 2000]] and later. The authentication process itself is much more complicated than in the previous protocols - Kerberos uses [[symmetric key cryptography]], requires a [[trusted third party]] and can use [[public-key cryptography]] during certain phases of authentication if need be.<ref>{{cite web|url = http://web.mit.edu/kerberos/|title = Kerberos: The Network Authentication Protocol|date = 10 September 2015|accessdate = 31 October 2015|website = web.mit.edu|publisher = MIT Kerberos|last = |first = }}</ref><ref>{{Cite book|title = Applied Cryptography|last = Schneier|first = Bruce|publisher = John Wiley & Sons,Inc.|year = 1997|isbn = 0-471-12845-7|location = New York|pages = 52–74}}</ref><ref>{{cite web|url = http://srp.stanford.edu/history.html|title = Protocols of the Past|date = |accessdate = 31 October 2015|website = srp.stanford.edu|publisher = Stanford University|last = |first = }}</ref>
Kerberos is a centralized network authentication system developed at [[MIT]] and available as a free implementation from MIT but also in many commercial products. It is the default authentication method in [[Windows 2000]] and later. The authentication process itself is much more complicated than in the previous protocols - Kerberos uses [[symmetric key cryptography]], requires a [[trusted third party]] and can use [[public-key cryptography]] during certain phases of authentication if need be.<ref>{{cite web|url = http://web.mit.edu/kerberos/|title = Kerberos: The Network Authentication Protocol|date = 10 September 2015|access-date = 31 October 2015|website = web.mit.edu|publisher = MIT Kerberos}}</ref><ref>{{Cite book|title = Applied Cryptography|last = Schneier|first = Bruce|publisher = John Wiley & Sons, Inc.|year = 1997|isbn = 0-471-12845-7|location = New York|pages = 52–74}}</ref><ref>{{cite web|url = http://srp.stanford.edu/history.html|title = Protocols of the Past|access-date = 31 October 2015|website = srp.stanford.edu|publisher = Stanford University}}</ref>


==List of various other authentication protocols==
==List of various other authentication protocols==
* [[AKA (security)|AKA]]
* [[AKA (security)|AKA]]
* [[Basic access authentication]]
* [[CAVE-based authentication]]
* [[CAVE-based authentication]]
* [[CRAM-MD5]]
* [[CRAM-MD5]]

Latest revision as of 23:19, 10 July 2024

An authentication protocol is a type of computer communications protocol or cryptographic protocol specifically designed for transfer of authentication data between two entities. It allows the receiving entity to authenticate the connecting entity (e.g. Client connecting to a Server) as well as authenticate itself to the connecting entity (Server to a client) by declaring the type of information needed for authentication as well as syntax.[1] It is the most important layer of protection needed for secure communication within computer networks.

Purpose

[edit]

With the increasing amount of trustworthy information being accessible over the network, the need for keeping unauthorized persons from access to this data emerged. Stealing someone's identity is easy in the computing world - special verification methods had to be invented to find out whether the person/computer requesting data is really who he says he is.[2] The task of the authentication protocol is to specify the exact series of steps needed for execution of the authentication. It has to comply with the main protocol principles:

  1. A Protocol has to involve two or more parties and everyone involved in the protocol must know the protocol in advance.
  2. All the included parties have to follow the protocol.
  3. A protocol has to be unambiguous - each step must be defined precisely.
  4. A protocol must be complete - must include a specified action for every possible situation.

An illustration of password-based authentication using simple authentication protocol:

Alice (an entity wishing to be verified) and Bob (an entity verifying Alice's identity) are both aware of the protocol they agreed on using. Bob has Alice's password stored in a database for comparison.

  1. Alice sends Bob her password in a packet complying with the protocol rules.
  2. Bob checks the received password against the one stored in his database. Then he sends a packet saying "Authentication successful" or "Authentication failed" based on the result.[3]

This is an example of a very basic authentication protocol vulnerable to many threats such as eavesdropping, replay attack, man-in-the-middle attacks, dictionary attacks or brute-force attacks. Most authentication protocols are more complicated in order to be resilient against these attacks.[4]

Types

[edit]

Authentication protocols developed for PPP Point-to-Point Protocol

[edit]

Protocols are used mainly by Point-to-Point Protocol (PPP) servers to validate the identity of remote clients before granting them access to server data. Most of them use a password as the cornerstone of the authentication. In most cases, the password has to be shared between the communicating entities in advance.[5]

PAP 2-way handshake scheme

PAP - Password Authentication Protocol

[edit]

Password Authentication Protocol is one of the oldest authentication protocols. Authentication is initialized by the client sending a packet with credentials (username and password) at the beginning of the connection, with the client repeating the authentication request until acknowledgement is received.[6] It is highly insecure because credentials are sent "in the clear" and repeatedly, making it vulnerable even to the most simple attacks like eavesdropping and man-in-the-middle based attacks. Although widely supported, it is specified that if an implementation offers a stronger authentication method, that method must be offered before PAP. Mixed authentication (e.g. the same client alternately using both PAP and CHAP) is also not expected, as the CHAP authentication would be compromised by PAP sending the password in plain-text.

CHAP - Challenge-handshake authentication protocol

[edit]

The authentication process in this protocol is always initiated by the server/host and can be performed anytime during the session, even repeatedly. The server sends a random string (usually 128B long). The client uses the password and the string received as input to a hash function and then sends the result together with username in plain text. The server uses the username to apply the same function and compares the calculated and received hash. An authentication is successful when the calculated and received hashes match.

EAP - Extensible Authentication Protocol

[edit]

EAP was originally developed for PPP(Point-to-Point Protocol) but today is widely used in IEEE 802.3, IEEE 802.11(WiFi) or IEEE 802.16 as a part of IEEE 802.1x authentication framework. The latest version is standardized in RFC 5247. The advantage of EAP is that it is only a general authentication framework for client-server authentication - the specific way of authentication is defined in its many versions called EAP-methods. More than 40 EAP-methods exist, the most common are:

AAA architecture protocols (Authentication, Authorization, Accounting)

[edit]

Complex protocols used in larger networks for verifying the user (Authentication), controlling access to server data (Authorization) and monitoring network resources and information needed for billing of services (Accounting).

TACACS, XTACACS and TACACS+

[edit]

The oldest AAA protocol using IP based authentication without any encryption (usernames and passwords were transported as plain text). Later version XTACACS (Extended TACACS) added authorization and accounting. Both of these protocols were later replaced by TACACS+. TACACS+ separates the AAA components thus they can be segregated and handled on separate servers (It can even use another protocol for e.g. Authorization). It uses TCP (Transmission Control Protocol) for transport and encrypts the whole packet. TACACS+ is Cisco proprietary.

RADIUS

[edit]

Remote Authentication Dial-In User Service (RADIUS) is a full AAA protocol commonly used by ISPs. Credentials are mostly username-password combination based, and it uses NAS and UDP protocol for transport.[7]

DIAMETER

[edit]

Diameter (protocol) evolved from RADIUS and involves many improvements such as usage of more reliable TCP or SCTP transport protocol and higher security thanks to TLS.[8]

Other

[edit]
Kerberos authentication scheme

Kerberos (protocol)

[edit]

Kerberos is a centralized network authentication system developed at MIT and available as a free implementation from MIT but also in many commercial products. It is the default authentication method in Windows 2000 and later. The authentication process itself is much more complicated than in the previous protocols - Kerberos uses symmetric key cryptography, requires a trusted third party and can use public-key cryptography during certain phases of authentication if need be.[9][10][11]

List of various other authentication protocols

[edit]

References

[edit]
  1. ^ Duncan, Richard (23 October 2001). "An Overview of Different Authentication Methods and Protocols". www.sans.org. SANS Institute. Retrieved 31 October 2015.
  2. ^ Shinder, Deb (28 August 2001). "Understanding and selecting authentication methods". www.techrepublic.com. Retrieved 30 October 2015.
  3. ^ van Tilborg, Henk C.A. (2000). Fundamentals of Cryptology. Massachusetts: Kluwer Academic Publishers. pp. 66–67. ISBN 0-7923-8675-2.
  4. ^ Smith, Richard E. (1997). Internet Cryptography. Massachusetts: Addison Wesley Longman. pp. 1–27. ISBN 0-201-92480-3.
  5. ^ Halevi, Shai (1998). "Public-key cryptography and password protocols". pp. 230–268. CiteSeerX 10.1.1.45.6423.
  6. ^ Vanek, Tomas. "Autentizacní telekomunikacních a datových sítích" (PDF). CVUT Prague. Archived from the original (PDF) on 4 March 2016. Retrieved 31 October 2015.
  7. ^ "AAA protocols". www.cisco.com. CISCO. Retrieved 31 October 2015.
  8. ^ Liu, Jeffrey (24 January 2006). "Introduction to Diameter". www.ibm.com. IBM. Retrieved 31 October 2015.
  9. ^ "Kerberos: The Network Authentication Protocol". web.mit.edu. MIT Kerberos. 10 September 2015. Retrieved 31 October 2015.
  10. ^ Schneier, Bruce (1997). Applied Cryptography. New York: John Wiley & Sons, Inc. pp. 52–74. ISBN 0-471-12845-7.
  11. ^ "Protocols of the Past". srp.stanford.edu. Stanford University. Retrieved 31 October 2015.
Retrieved from "https://en.wikipedia.org/enwiki/w/index.php?title=Authentication_protocol&oldid=1233799056"