Authentication Protocol is a strong security measure which is followed between two legitimate communication parties to protect their communication system from false or fraud transmissions by forming a set of rules. Before that the parties involved in communication must also prove their identity whether they are eligible to participate in communication or not. The messages exchanged between them must be genuine and completely secured so that the hackers by any means should not detect them. In short their communication should be completely secured. There are many different authentication protocols involved in different scenarios such as:
CAVE-based authentication Protocol
Cellular Authentication and Voice Encryption authentication protocol involves two network entities namely Authentication Center and Visitor location register which has two shared keys the Authentication key and shared secret data. The Authentication center authenticates Mobile station or it shares the Shared secret data with the visitor location register for authentication to occur. Visitor location register authenticates the mobile when it is in roaming if the shared secret data is shared with the network or it proxies the responses of the authentication from roamers to its home network. Here authentication key is 64-bit and shared secret data is 128-bit keys.
Challenge-handshake authentication protocol
CHAP is an authentication protocol that authenticates a user with other authenticating user like internet service provider and checks the validity or identity of the remote clients. This is used by Point-to-point protocol. It checks the identity at the time of establishment of link and the verification process is done by the shared secret like the password. When the connection is made the authenticator sends a challenge to the other client. The other client responds the challenge by calculating it using one way hash function and with the shared secret. Now the authenticator checks the calculated value with its own value, if it matches it acknowledges the client otherwise it terminates the connection. The authenticator sends the challenge at randomly selected time also.
Host Identity Protocol
This Protocol is used for technology of host identification for the use of Internet Protocol networks. This protocol uses IP addresses and domain name system as two main entities. This protocol is used in mobile computing. The networks in which HIP is implemented the occurrences of IP addresses are removed and replaced with cryptographic host identifiers.
Remote Authentication Dial In User Service
This protocol provides AAA management i.e. Authentication, authorization and accounting management for the computers that use a particular network service and also to connect to that service. This protocol authenticates the users before giving permission to access a particular network. It again authorizes certain network services for those particular users only and also accesses the account for usage to those users only. This is a client/server protocol which uses UDP for transport and it runs in the application layer.
This authenticating protocol form the rules to prove their identity for the nodes that are communicating which each other over a non- secure network in a secure manner. It mainly functions a client-server model and provides mutual authentication. This protocol helps in escaping from replay attacks and eavesdrops. This protocol builds on symmetric key cryptography and a third trusted party is required which is called key distribution center (KDC) which maintains the database of secret keys i.e. each of the client server maintains a secret key known to themselves and KDC. KDC generates session key which helps to continue on their secure interactions. The User logon the client machine which performs one way hash function on the given password and this becomes the session key. Then client authentication followed by client service authorization then client service requests are main steps of execution.
Password Authenticated key exchange Protocol
This protocol helps in sharing the password between entities and shares the information using session key with each other after verifying their identities. But the major challenge to protocol is to deal with the password guessing attack or it is called dictionary attack, this is of two type's on-line dictionary attack in which the enemy attacker acts as a legitimate partner in the communication and maintains the interaction normally by running the protocol by selecting a random password. If the adversary protocol run is successful then he gets the correct password or he excludes the assumption password. The other type of attack is off-line dictionary attack in which the adversary secretly listens to the conversation of the communication of two legitimate parties and tries to gather data during their protocol execution. Then he checks the correctness of the guessed passwords from their conversation by being in off-line with the help of recorded data. Here off-line attacks are more difficult to defend. To defend the off-line attacks the conversation between legitimate parties should not reveal any hint to guess the information of password. Then some protocols were shown to be secure against off-line attacks by using public key cryptographic techniques. These protocols were known as Encrypted key exchange (EKE). Different public-key cryptosystems were tried to implement EKE but among all Diffe-Hellman key exchange became most well-known.
NT LAN Manager, also known as NTLM
Password-authenticated key agreement protocols
Extensible Authentication Protocol
Password Authentication Protocol
Protected Extensible Authentication Protocol
Secure Remote Password protocol
Authentication and key agreement Protocol
Radio Frequency Identification-Authentication Protocols
Challenge Response Authentication Mechanism-MD5
Microsoft Version-CHAP and Microsoft-CHAPv2 variants of CHAP
Terminal Access Controller and Access Control System and TACACS+