Home > Authentication for Computer Communication > An Overview of Authentication for Computer Communications

An Overview of Authentication for Computer Communications

13 Conclusion

A good metaphor for authentication is how we recognize each other. When we meet in person, or talk over the phone or see pictures of each other, how we are able to recognize our close friend. The recognition is so natural and automatic that we don’t know what goes on inside the brain. We bring in additional support from our memories and are certain that the person is indeed our closest friend. If someone tries to impersonate as a closest friend, we will be on our guard and watchful that something fishy is going on. Computer machines and systems should emulate “human authentication” to the best possible extent.

Traditionally, authentication methods are classified into something you know (password), something you have (tokens), something you did (behavioral) and something you are (biometric). Password is the simplest of these methods and biometric/behavioral are complex to implement. We can combine these methods to obtain multi-factor authentication to get better security. Banking over Internet is a good example that requires both the PIN and the credit card. A brief overview of biometric system is described. It is useful to consider biometrics as an unforgeable identity and use it in combination with encryption to perform a strong authentication. Of late behavioral metrics such as handwriting, keystrokes are receiving more attention to identify unique identity trait. These methods come in handy for systems that need continuous authentication.

Despite security weakness, password methods are popular and widely used. It is mandated that the password must not be transmitted in clear text. CHAP protocol avoids sending the password in clear text and uses challenge-response mechanism to avoid replay attacks as well as to assure mutual authentication. Related PAP, EAP and MSCHAP protocols are mentioned. CRAM-MD5 uses hashed passwords and challenge response mechanisms to prevent replay attacks. However, it is susceptible to offline dictionary attacks. To circumvent this, SCRAM protocol based on salt and iteration is described. A brief account of RADIUS and DIAMETER AAA protocols is presented.

An explanation of Kerberos based on trusted Ticket Granting server is given. Kerberos provides better security but requires time synchronization requirement across the network. PKC based enhancements are being proposed to improve the security.

A brief overview of PKC is given and authentication schemes based on PKC are described. The operations of encryption and decryption in RSA is explained. The user is required to prove his knowledge of private key to the server. To avoid man-in-the-middle attack and to bind the private key to the user’s identity, it is required that trusted third party, Certificate Authority, sign the user’s certificates. The well-known TLS protocol is explained. Various kinds of SSL certificates and their significance are explained.

To avoid memorizing and entering multiple credentials, SSO authentication is described when logging into an enterprise and accessing many application servers. A secure implementation of SSO requires that enterprise user’s identities be strongly protected in a secure directory. Related OpenID and OAuth technologies are described. An overview of cloud architecture is given with security concerns. The role of authentication to mitigate security threats and vulnerabilities is explained and various authentication methods used are given. Finally, a brief overview of authentication in a IoT network of sensors and actuators with limited power and computational capabilities is given. An explanation of authentication method using centralized server is presented. Finally, a brief explanation of UIDAI authentication is given.

While explaining the authentication methods, related RFC and NIST standards are mentioned and a good account of known security weaknesses is given. The direction for future research is to improve various authentication methods to address the security risks. There is no one authentication method befitting all situation and therefore researchers should try to improvise existing and widely used authentication methods and in the meantime to look out for new methods that offer better efficiency and security.PIC

References

  • [1] “Applied Cryptography – Protocols, Algorithms and Source Code in C” by Bruce Schneier, John Wiley & Sons, Inc. 1996.
  • [2] “Secrets and Lies: Digital Security in a Networked World” by Bruce Schneier, John Wiley & Sons, Inc. 2004.
  • [3] “A Survey of Automated Biometric Authentication Techniques” by Atul N. Kataria, Dipak. M Adhyaru, Ankit. K. Sharma, Tanish H. Zaveri, Nirma University International Conference on Engineering, 2013.
  • [4] “Survey and Analysis of Modern Authentication System” by Anoop Kumar Singh, Sandeep Kumar, Mayank Agarwal and Sukumar Nandi, International Conference on Accessibility to Digital World (ICADW), 2016.
  • [5] RFC 1994 PPP Challenge Handshake Authentication Protocol (CHAP), Network Working Group, Standards Track, W. Simpson (DayDreamer), August 1996.
  • [6] RFC 2195 IMAP/POP AUTHorize Extension for Simple Challenge/Response, Network Working Group, Standards Track, J. Klensin, R. Catoe, P. Krumviede (MCI), September 1997.
  • [7] RFC 5802 Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms, Internet Engineering Task Force (IETF), Standards Track, C. Newman (Oracle), A. Menon-Sen (Oryx Mail Systems GmbH), A. Melnikov (Isode, Ltd.), N. Williams (Oracle) July 2010.
  • [8] RFC 2865 Remote Authentication Dial In User Service (RADIUS), Network Working Group, Standards Track, C. Rigney, S. Willens (Livingston), A. Rubens (Merit), W. Simpson (Daydreamer), June 2000.
  • [9] RFC 3748 Extensible Authentication Protocol (EAP), Network Working Group, Standards Track, B. Aboba (Microsoft), L. Blunk (Merit Network, Inc), J. Vollbrecht (Vollbrecht Consulting LLC), J. Carlson (Sun), H. Levkowetz, Ed. (ipUnplugged), June 2004.
  • [10] RFC 2104 – HMAC: Keyed-Hashing for Message Authentication, Network Working Group, Informational, H. Krawczyk (IBM), M. Bellare (UCSD), R. Canetti (IBM), February 1997.
  • [11] RFC 8018 – PKCS #5: Password-Based Cryptography Specification, Version 2.1, Internet Engineering Task Force (IETF), Informational, K. Moriarty, Ed. (Dell EMC), B. Kaliski (Verisign), A. Rusch (RSA), January 2017.
  • [12] RFC 4120 – The Kerberos Network Authentication Service (V5), Network Working Group, Standards Track, C. Neuman (USC-ISI), T. Yu, S. Hartman, K. Raeburn (MIT), July 2005.
  • [13] “New Directions in Cryptography”, Whitefield Diffie, Martin E. Hellman, IEEE Transactions on Information Theory, Vol IT-22, No. 6, November 1976.
  • [14] “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems”, R.L. Rivest, A. Shamir, and L. Adleman, Communications of the ACM, Vol. 21, No. 2, Feb. 1978.
  • [15] RFC 5280 – Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, Network Working Group, Standards Track, D. Cooper (NIST), S. Santesson (Microsoft), S. Farrell (Trinity College Dublin), S. Boeyen (Entrust), R. Housley (Vigil Security), W. Polk(NIST), May 2008.
  • [16] RFC 5246 – The Transport Layer Security (TLS) Protocol, Version 1.2, Network Working Group, Standards Track, T. Dierks (Independent), E. Rescorla(RTFM, Inc.), August 2008.
  • [17] “Top Threats to Cloud Computing V1.0”, Cloud Security Alliance, https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf, March 2010.
  • [18] “A Survey of Authentication Methods in Cloud Computing”, Ankita Yadav, Nagendra Kumar, International Journal of Innovative Research in Computer and Communication Engineering, Vol. 4, Issue 11, November 2016.
  • [19] “Oracle Single Sign-On, Application Developer’s Guide”, Release 3.0.6, Part No, A86782-03, November 21, 2000.
  • [20] “SSO and LDAP Authentication”. Authenticationworld.com. Archived from the original on 2014-05-23;https://archive.is/20140523114521/http://www.authenticationworld.com/Single-Sign-On-Authentication/SSOandLDAP.html.
  • [21] RFC 6749 – The OAuth 2.0 Authorization Framework, Internet Engineering Task Force (IETF), Standards Track, D. Hardt, Ed. (Microsoft), October 2012.
  • [22] “A Survey on Authentication Schemes in IoT”, Kumar Sekhar Roy, Hemanta Kumar Kalita, International Conference on Information Technology, 2017.
  • [23] “A light weight authentication protocol for IoT-enabled devices in distributed Cloud Computing Environment”, Future Generation Computer Systems, 2016.
  • [24] RFC 7075 – Realm-Based Redirection In Diameter, Internet Engineering Task Force (IETF), Standards Track, T. Tsou (Huawei Technologies (USA)), R. Hao (Comcast Cable), T. Taylor, Ed. (Huawei Technologies), November 2013.
  • [25] OpenID Authentication 2.0 – Final, specs@openid.net, https://openid.net/specs/openid-authentication-2_0.html, December 5, 2007.
  • [26] RFC 6749 – The OAuth 2.0 Authorization Framework, Internet Engineering Task Force (IETF), Standards Track, D. Hardt, Ed. (Microsoft), October 2012.
  • [27] AADHAAR AUTHENTICATION API SPECIFICATION – VERSION 2.0 (REVISION 1), FEBRUARY 2017, https://uidai.gov.in/images/FrontPageUpdates/aadhaar_authentication_api_2_0.pdf.
Pages ( 7 of 7 ): « Previous1 ... 56 7

Leave a Comment:

Your email address will not be published. Required fields are marked *