Authentication Requirements

1. Introduction Authentication requirements of computing systems and networking protocols vary within very wide limits. Passwords that are vulnerable to attack a passive type, can not meet the requirements of modern Internet CERT94. And in addition to passive attacks in a network environment nearly always taken active methods Bellovin89, Bellovin92, Bellovin93, CB94, Stoll90. 2. Definitions and terminology used herein active attacks. Trying to incorrect modification data for authentication or authorization by inserting false packets into the data stream, or derivatives thereof.

Asymmetric cryptography. Cryptographic system that uses different keys for encryption and decryption. These two keys are mathematically related. Also called public key cryptography. Authentication.

Identifying the source of information. Authorization. Granting access rights based on authentication. Privacy Policy. Protection of information, so that the person is not authorized to access the data, could not read them, even if you have access to the appropriate directory or network packet. Encryption. Mechanism used to ensure confidentiality. Integrity. Protecting information from unauthorized modification. Key certificate. Information structure, consisting of a public key identifier persons, systems and information, authenticates the key and association with a public key identifier. Keys used by pem, are examples of key certificate Kent93. Passive attack. An attack on an authentication system that does not involve the introduction of any data stream, but based on the possibility of monitoring the information exchanged between other partners. This information can be used later. Source text (Plain-text). Plain text. Attack play (Replay Attack). The attack on the authentication system by recording and subsequent playback previously sent the correct message, or parts thereof.