A Review of Authentication Protocols

Authentication is a process that ensures and confirms a users identity. Authorization is the process of giving someone permissions to do or have something. There are different types of authentication methods such as local password authentication, server-based-password authentication, certificate-based authentication, two-factor authentication etc. Authentication protocol developed for Password Authentication Protocol (PAP), Challenge-Handshake Authentication Protocol (CHAP), and Extensible Authentication Protocol (EAP). There are different types of application for authentications are as follows: 1.protocols developed for PPP Point-to-Point Protocol 2. Authentication, Authorization and Accounting 3.Kerberos

Not invented here: Power and politics in public key infrastructure (PKI) institutionalisation at two global organisations.

This dissertation explores the impact of power and politics in Public Key Infrastructure (PKI) institutionalisation. We argue that this process can be understood in power and politics terms because the infrastructure skews the control of organisational action in favour of dominant individuals and groups. Indeed, as our case studies show, shifting power balances is not only a desired outcome of PKI deployment, power drives institutionalisation. Therefore, despite the rational goals of improving security and reducing the total cost of ownership for IT, the PKIs in our field organisations have actually been catalysts for power and politics. Although current research focuses on external technical interoperation, we believe emphasis should be on the interaction between the at once restrictive and flexible PKI technical features, organisational structures, goals of sponsors and potential user resistance. We use the Circuits of Power (CoP) framework to explain how a PKI conditions and is conditioned by power and politics. Drawing on the concepts of infrastructure and institution, we submit that PKIs are politically explosive in pluralistic, distributed global organisations because by limiting freedom of action in favour of stability and security, they set a stage for disaffection. The result of antipathy towards the infrastructure would not be a major concern if public key cryptography, which underpins PKI, had a centralised mechanism for enforcing the user discipline it relies on to work properly. However, since this discipline is not automatic, a PKI bereft of support from existing power arrangements faces considerable institutionalisation challenges. We assess these ideas in two case studies in London and Switzerland. In London, we explain how an oil company used its institutional structures to implement PKI as part of a desktop standard covering 105,000 employees. In Zurich and London, we give a power analysis of attempts by a global financial services firm to roll out PKI to over 70,000 users. Our dissertation makes an important contribution by showing that where PKI supporters engage in a shrewdly orchestrated campaign to knit the infrastructure with the existing institutional order, it becomes an accepted part of organisational life without much ceremony. In sum, we both fill gaps in information security literature and extend knowledge on the efficacy of the Circuits of Power framework in conducting IS institutionalisation studies

Autenticação em sistemas telemáticos biomédicos

Mestrado em Engenharia Electrónica e TelecomunicaçõesNeste documento apresenta-se uma arquitectura para identificar e autenticar profissionais de saúde num sistema telemático de informação médica (Rede Telemática da Saúde - RTS). A arquitectura proposta é independente dos mecanismos de identificação e autenticação dos profissionais nos restantes sistemas das suas instituições de origem e potencia a mobilidade dos profissionais de saúde inter e intra instituições. Baseia-se numa Infra-Estrutura de Chave Pública (PKI) simplificada, em certificados de chave publica de curta duração, na utilização de smart cards para o armazenamento das credenciais dos profissionais e em certificação cruzada para o estabelecimento de relações de confiança entre as IS e a RTS. É, também, flexível e escalável, sendo capaz de suportar futuras adesões à RTS de forma simples e sem degradação de serviço. ABSTRACT: This document presents an architecture to identify and authenticate health professionals accessing a Telematic Health Information System (RTS – Rede Telemática da Saúde). The proposed architecture, is independent of other identification and authentication systems in health professionals home organizations, and promotes health professionals mobility inter and intra health organizations. It is based in a simplified Public Key Infrastructure, with short-lived public key certificates, the use of personal smart cards to store health professional credentials and in the cross-certification to establish trust relations between RTS and health organizations. The architecture is also flexible and scalable, supporting the future RTS adherence of more health organizations, smoothly and without quality of service degradation