Identification and Authentication
Next: Distributed System Authentication
Up: Robust Authentication Procedures
Previous: Robust Authentication Procedures
With few exceptions, there is a need in modern network
environments to:
- control access to the network itself.
- control access to the resources and services provided by the
network.
- be able to verify that the mechanisms used to
control that access are providing proper protection.
Controlling access to the network is provided by the network's
identification and authentication service. This service is
pivotal in providing for (2) and (3) above. If network users
are not properly identified, and if that identification is not
proven through authentication, there can be no trust that access
to network resources and services is being properly controlled
and executed.
Authentication is the verification of the entity's
identification. That is the host, to whom the entity must prove
his identity, trusts (through an authentication process) that
the entity is in fact who he claims to be. The threat to the
network that the identification and authentication service must
protect against is impersonation. According to [TA91],
impersonation can be achieved by:
- forgery, attempting to guess or otherwise fabricate the
evidence that the impersonator knows or possesses the
authenticating information (the secret);
- replay, where one can eavesdrop upon another's authentication
exchange and learn enough to impersonate a user; and
- interception, where one is able to slip in-between the
communications and ``hijack'' the communications channel.
John Barkley
Fri Oct 7 16:17:21 EDT 1994