A Review of Authentication Protocols

Authentication is a process that ensures and confirms a users identity. Authorization is the process of giving someone permissions to do or have something. There are different types of authentication methods such as local password authentication, server-based-password authentication, certificate-based authentication, two-factor authentication etc. Authentication protocol developed for Password Authentication Protocol (PAP), Challenge-Handshake Authentication Protocol (CHAP), and Extensible Authentication Protocol (EAP). There are different types of application for authentications are as follows: 1.protocols developed for PPP Point-to-Point Protocol 2. Authentication, Authorization and Accounting 3.Kerberos

Classification of EAP methods and Some Major Attacks on EAP

This paper presents an overview of authentication protocol and analysis of Extensible Authentication Protocol (EAP) and its place in securing network. In general, authentication procedure adds extra messages to the original message flow and results in throughput reduction/ increase in processing time. Extensible Authentication Protocol (EAP) is a framework which aims to provide a flexible authentication for wireless networks. A number of specific widely used EAP methods are examined and evaluated for their advantages and susceptibility to types of attack. In addition, we evaluate how we communicate between two entities over the network

ZERO KNOWLEDGE PASSWORD AUTHENTICATION PROTOCOL

In many applications, the password is sent as cleartext to the server to be authenticated thus providing the eavesdropper with opportunity to steal valuable data. This paper presents a simple protocol based on zero knowledge proof by which the user can prove to the authentication server that he has the password without having to send the password to the server as either cleartext or in encrypted format. Thus the user can authenticate himself without having to actually reveal the password to the server. Also, another version of this protocol has been proposed which makes use of public key cryptography thus adding one more level of security to the protocol and enabling mutual authentication between the client & server

Security protocols for networks and Internet: a global vision

This work was supported by the MINECO grant TIN2013-46469-R (SPINY: Security and Privacy in the Internet of You), by the CAM grant S2013/ICE-3095 (CIBERDINE: Cybersecurity, Data, and Risks), which is co-funded by European Funds (FEDER), and by the MINECO grant TIN2016-79095-C2-2-R (SMOG-DEV—Security mechanisms for fog computing: advanced security for devices)

Security of Eduroam Passwords

Tartu Ülikool on otsustanud, et ülikooli traadita ühenduse kasutajanimi ja parool peab ühtima ülikooli kontos kasutusel oleva kasutajanime ja parooliga. See tähendab, et juhul kui ülikooli eduroam võrgul leidub mõni nõrkus, on seda potentsiaalselt võimalik ära kasutada kasutajate ülikooli kontole ligipääsuks. Antud uurimistöö on avastanud ühe sellise nõrkuse, milles luuakse võltsitud traadita ühenduse pääsupunkt, et saada kätte kasutaja autentimiseks kasutatava protokolli kasutajapoolset vastust. Selle vastuse põhjal on ründajal võimalik kätte saada kasutaja parooli räsi, mida on omakorda võimalik kasutada Tartu Ülikooli Samba serveriga autentimiseks. Antud uurimistöö sisaldab eduroami ning rünnakus vaja minevate protokollide kirjeldusi ning ettepanekuid, kuidas Tartu Ülikooli eduroami turvalisemaks muuta.The University of Tartu has decided that the university's eduroam accounts will share the same user credentials as the rest of the university's services. This could potentially be abused by exploiting weaknesses in wireless security in order to gain access to a user's university account. The aim of this research was to uncover any such weaknesses. In the course of the research, an attack was discovered, which uses a spoofed access point to capture a handshake between the user and the authenticator, which can be used to retrieve a hash of the user's password. That hash is then used to authenticate to the university's Samba server. The thesis also provides the reader with details on how eduroam and the protocols used in the attack work, and discusses potential improvements to strengthen the security of Tartu University's eduroam

Authentication Mechanism Based on Adaptable Context Management Framework for Secure Network Services

A system, which uses context information is a new trend in IT. A lot of researcherscreate frameworks, which collect some data and perform actions based on them. Recently, there havebeen observed more and more different security solutions, in which we can use context. But not eachworks dynamically and ensures a high level of user's quality of experience (QoE). This paper outlineswhat the context information is and shows a secure and user-friendly authentication mechanism for amail box in cloud computing, based on using contextual data

An Analisys of Business VPN Case Studies

A VPN (Virtual Private Network) simulates a secure private network through a shared public insecure infrastructure like the Internet. The VPN protocol provides a secure and reliable access from home/office on any networking technology transporting IP packets. In this article we study the standards for VPN implementation and analyze two case studies regarding a VPN between two routers and two firewalls.VPN; Network; Protocol.

Inter-Domain Authentication for Seamless Roaming in Heterogeneous Wireless Networks

The convergence of diverse but complementary wireless access technologies and inter-operation among administrative domains have been envisioned as crucial for the next generation wireless networks that will provide support for end-user devices to seamlessly roam across domain boundaries. The integration of existing and emerging heterogeneous wireless networks to provide such seamless roaming requires the design of a handover scheme that provides uninterrupted service continuity while facilitating the establishment of authenticity of the entities involved. The existing protocols for supporting re-authentication of a mobile node during a handover across administrative domains typically involve several round trips to the home domain, and hence introduce long latencies. Furthermore, the existing methods for negotiating roaming agreements to establish inter-domain trust rely on a lengthy manual process, thus, impeding seamless roaming across multiple domains in a truly heterogeneous wireless network. In this thesis, we present a new proof-token based authentication protocol that supports quick re-authentication of a mobile node as it moves to a new foreign domain without involving communication with the home domain. The proposed proof-token based protocol can also support establishment of spontaneous roaming agreements between a pair of domains that do not already have a direct roaming agreement, thus allowing flexible business models to be supported. We describe details of the new authentication architecture, the proposed protocol, which is based on EAP-TLS and compare the proposed protocol with existing protocols

Analysis of data transfer security issues at particular OSI model layers

Táto práca sa zaoberá analýzou protokolov zaisťujúcich zabezpečený prenos dát. V prvej časti je stručne popísaný referenčný model ISO/OSI. Druhá časť je zameraná na samotné zabezpečené protokoly na jednotlivých vrstvách ISO/OSI modelu, z ktorých je v tretej časti podrobne analyzovaný protokol SSL/TLS. Posledná časť sa venuje často používaným útokom v oblasti počítačových sietí a ich služieb, kde je uvedená aj základná prevencia proti nim.The aim of this Bachelor's thesis is the analysis of secured data transfer protocols. The very first part is dedicated to the short description of the reference model ISO/OSI. The second one is focused to the secured protocols at particular layers of ISO/OSI model, of which SSL/TLS protocol is closely analysed in the third part. The last part is about often used attacks in the area of computer networks and their services and the basic protection against them is also mentioned.

Password Authentication for multicast host using zero knowledge Proof

The password which is a more secure and valuable data should be highly protected from eavesdropper. This paper presents how password required for authentication of members of group communication is securely delivered by the source or initiator of the group. The password delivery uses zero knowledge proof and sent to the group member in an encrypted format using cipher block mode encryption. The password delivered is a One Time Password which can be used for certain amount of time in order to ensure a highly secure communication environment among the group