SecurityArena

Guide to Practical Info Security!

Who's Online

We have 2 guests online
CBK Telecommunications and Network Security
Print E-mail
Written by Administrator   
Saturday, 11 July 2009 04:09
Article Index
CBK Telecommunications and Network Security
Open System Interconnect Model
LAN media Access technologies
Cabling
Types of transmission
Network Topology
Protocols
Networking devices
Firewalls
Firewall architecture
Networking Services
VPN - Virtual Private Network
Common Authentication Protocols
RAID
SAN vs NAS
All Pages
Page 13 of 15

Common Authentication Protocols

PAP
Short for Password Authentication Protocol, the most basic form of authentication, in which a user's name and password are transmitted over a network and compared to a table of name-password pairs. Typically, the passwords stored in the table are encrypted. The Basic Authentication feature built into the HTTP protocol uses PAP. The main weakness of PAP is that both the username and password are transmitted "in the clear" -- that is, in an unencrypted form. Contrast with CHAP.
CHAP
Short for Challenge Handshake Authentication Protocol, a type of authentication in which the authentication agent (typically a network server) sends the client program a random value that is used only once and an ID value. Both the sender and peer share a predefined secret. The peer concatenates the random value (or nonce), the ID and the secret and calculates a one-way hash using MD5. The hash value is sent to the authenticator, which in turn builds that same string on its side, calculates the MD5 sum itself and compares the result with the value received from the peer. If the values match, the peer is authenticated.
By transmitting only the hash, the secret can't be reverse-engineered. The ID value is increased with each CHAP dialogue to protect against replay attacks.
EAP
Extensible Authentication Protocol, or EAP, is a universal authentication framework frequently used in wireless networks (but not limited to) and Point-to-Point connections. It is an authentication framework, not a specific authentication mechanism. The EAP provides some common functions and a negotiation of the desired authentication mechanism. Such mechanisms are called EAP methods and there are currently about 40 different methods.
Methods defined in IETF RFCs include EAP-MD5, EAP-OTP, EAP-GTC, EAP-TLS, EAP-IKEv2, EAP-SIM, and EAP-AKA, and in addition a number of vendor specific methods and new proposals exist.
When EAP is invoked by an 802.1X enabled NAS (Network Access Server) device such as an 802.11 a/b/g Wireless Access Point, modern EAP methods can provide a secure authentication mechanism and negotiate a secure PMK (Pair-wise Master Key) between the client and NAS. The PMK can then be used for the encryption session.
EAP is not an actual protocol; instead it only defines message formats. Each protocol that uses EAP defines a way to encapsulate EAP messages within that protocol's messages. In the case of 802.1X, this encapsulation is called EAPOL, "EAP over LANs".



Last Updated on Friday, 28 August 2009 05:02
 
Please register or login to add your comments to this article.
Banner
Copyright © 2010 Information Security Arena. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.
 
Joomla 1.5 Templates by Joomlashack