Authentication protocol

Summary

An authentication protocol is a type of computer communications protocol or cryptographic protocol specifically designed for transfer of authentication data between two entities. It allows the receiving entity to authenticate the connecting entity (e.g. Client connecting to a Server) as well as authenticate itself to the connecting entity (Server to a client) by declaring the type of information needed for authentication as well as syntax. It is the most important layer of protection needed for secure communication within computer networks. With the increasing amount of trustworthy information being accessible over the network, the need for keeping unauthorized persons from access to this data emerged. Stealing someone's identity is easy in the computing world - special verification methods had to be invented to find out whether the person/computer requesting data is really who he says he is. The task of the authentication protocol is to specify the exact series of steps needed for execution of the authentication. It has to comply with the main protocol principles: A Protocol has to involve two or more parties and everyone involved in the protocol must know the protocol in advance. All the included parties have to follow the protocol. A protocol has to be unambiguous - each step must be defined precisely. A protocol must be complete - must include a specified action for every possible situation. An illustration of password-based authentication using simple authentication protocol: Alice (an entity wishing to be verified) and Bob (an entity verifying Alice's identity) are both aware of the protocol they agreed on using. Bob has Alice's password stored in a database for comparison. Alice sends Bob her password in a packet complying with the protocol rules. Bob checks the received password against the one stored in his database. Then he sends a packet saying "Authentication successful" or "Authentication failed" based on the result.

Official source

https://en.wikipedia.org/wiki/Authentication_protocol

About this result

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Related publications (6)

Implications of Position in Cryptography

Handan Kilinç Alper

In our daily lives, people or devices frequently need to learn their location for many reasons as some services depend on the absolute location or the proximity. The outcomes of positioning systems ca

EPFL2018

Security and Privacy in RFID Systems

Khaled Ouafi

This PhD thesis is concerned with authentication protocols using portable lightweight devices such as RFID tags. these devices have lately gained a significant attention for the diversity of the appli

EPFL2012

Privacy of Recent RFID Authentication Protocols

Khaled Ouafi

Privacy is a major concern in RFID systems, especially with widespread deployment of wireless-enabled interconnected personal devices e.g. PDAs and mobile phones, credit cards, e-passports, even cloth

Springer2008

Related people (6)

Serge Vaudenay, Khaled Ouafi, Christos Dimitrakakis, Aikaterini Mitrokotsa, Uwe Wilhelm, Levente Buttyan

Related concepts (4)

Authentication protocol

Replay attack

A replay attack (also known as a repeat attack or playback attack) is a form of network attack in which valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and re-transmits it, possibly as part of a spoofing attack by IP packet substitution. This is one of the lower-tier versions of a man-in-the-middle attack. Replay attacks are usually passive in nature.

Password

A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of password-protected services that a typical individual accesses can make memorization of unique passwords for each service impractical. Using the terminology of the NIST Digital Identity Guidelines, the secret is held by a party called the claimant while the party verifying the identity of the claimant is called the verifier.

Related courses (2)

COM-401: Cryptography and security

This course introduces the basics of cryptography. We review several types of cryptographic primitives, when it is safe to use them and how to select the appropriate security parameters. We detail how

COM-301: Computer security

This is an introductory course to computer security and privacy. Its goal is to provide students with means to reason about security and privacy problems, and provide them with tools to confront them.

Related lectures (46)

Password Security

Emphasizes the importance of creating secure passwords and safeguarding credentials.

Password Security

Emphasizes the importance of safeguarding passwords and avoiding sharing them.

Authentication - Biometrics

Covers the concept of biometrics, the process of enrolling and verifying biometrics, and the importance of balancing false positives and false negatives.