Authentication

Authentication is a security method whose purpose is to verify the identity of a party who generated some data, and to verify the integrity of that data. Requirement of a password to access a network is one widely used authentication procedure.

URLs:

Kerberos

This contains an extensive description of Kerberos, an authentication service for computer networks. It also contains a good basic description of the authentication process.

Monitor Attacks

Contains subject matter dealing with attacks on network security, published by the Computer Emergency Response Team.

Print References:

• The X.509 extended file system. R. K. Smart. Proceedings of the ISOC Symposium on Network and Distributed System Security. February 1994.

Detail:

Authentication is essential to the security of computer network systems. Without knowing the identity of a person requesting access, it's difficult to know whether that access should be granted or denied. Some authentication systems require a single verifier for access, while others require more than one. Others, referred to as "authentication by assertion," involve applications that assert the identity of the user, with the server accepting that information at face value. Although the password system is a traditional authentication method, it is not foolproof; a password can be intercepted by someone monitoring network traffic. Thus more sophisticated authentication systems have appeared. A one-time passcode employs a different password each time authentication is required. With this method. a stolen password is of no value. Those using the one-time passcode typically use a small credit-card sized device that displays a time-varying password, or they refer to a printed list of passwords, using one after another.

Another method, public key cryptography, performs both encryption and decryption, using a pair of keys in a such way that knowledge of one key does not provide knowledge of the other. One key is published, while the other is kept private. This procedure is well suited to electronic mail and other operations that deal with multiple recipients.

Yet another system, the Kerberos Authentication System, employs a series of encrypted messages to prove to the verifier that the client is running on behalf of a particular user. This system uses time stamps to reduce the number of messages needed for basic authentication, and a "ticket-granting" service that supports subsequent authentication without re-entry of the principal's password. In order to work effectively, Kerberos must be integrated into other parts of the system. It will not protect all messages sent between computers, but only those messages from software that has been modified to use it.