Information Technology Reference
In-Depth Information
authentication requirements. The X.509 authentication framework
provides the standard for public-key certificates used in SSL, Secure
Shell (SSH), and other types of public-key infrastructure (PKI)
authentication.
•
Password Authentication Protocol (PAP).
PAP is a legacy form of
authentication that utilizes unencrypted password transfer. Although
it is still supported by authentication services such as RADIUS and
DIAMETER, it is considered an unsecure authentication protocol
that is no longer suitable for enterprise use.
•
Challenge-Handshake Authentication Protocol (CHAP).
CHAP
is a form of authentication used in establishing Point-to-Point Pro-
tocol (PPP) connections between remote systems. The authenticat-
ing system sends a “challenge” message, which the receiving system
translates using a one-way mathematical function into a unique
“hash” value that is returned to the authenticating system. If this
value matches the value the authenticating system calculated inter-
nally, the connection is validated.
•
Extensible Authentication Protocol (EAP).
EAP is an authenti-
cation protocol standard that is widely used in PPP and wireless
connections. The WiFi Protected Access (WPA/WPA2) standards
implement EAP to ensure interconnectivity between wireless net-
working manufacturers' products.
•
IP Security (IPSEC).
IPSEC is a standard for TCP/IP network com-
munication that can encrypt and authenticate all IP packets transmit-
ted between interconnected systems. The Authentication Header (AH)
protocol ensures integrity and authentication, while the Encapsulated
Security Payload (ESP) protocol supports authentication, confidenti-
ality, and data integrity. This standard also includes the Internet Key
Exchange (IKE) protocol used for public-key distribution, facilitating
key-based authentication solutions such as “smart” cards.
•
Kerberos.
Named after the three-headed dog that guarded Hades'
realm, the Kerberos protocol is a time-synchronized protocol used for
authenticating two endpoints against a trusted third source. Unlike
public-key encryption solutions, the Kerberos protocol utilizes a
symmetric-key algorithm to calculate values exchanged between the
authenticating systems and relies on a common time synchronized
with the authenticating agent. Kerberos is commonly used in Micro-
soft and Linux networks, and forms the basis for some enterprise
single-sign-on solutions.
