Computer and Network Authentication

Patrick McDaniel, Pennsylvania State University

Authentication

Meet Alice and Bob

Credentials

Authentication Services

Web Authentication

Password-Based Web Access

Single Sign-On

Certificates

SSL

Host Authentication

Remote Login

SSH

One-Time Passwords

Kerberos

Pretty Good Privacy

IPsec

Wireless Networks

Interactive Media

Conclusion

Glossary

Cross References

References

Authentication is the process by which the identity of an entity is established. Authenticating entities present credentials, such as passwords or certificates, as evidence of their identity. The entity is deemed authentic where presented credentials are valid and sufficient. Note that authentication does not determine which entities should be given access but only verifies that an entity is who they claim to be. However, it is only after an entity is authenticated that their rights to resources can be assessed (through authorization). Hence, failure to correctly authenticate users on the Internet can leave on-line resources vulnerable to misuse.

This article considers the semantics, methods, and mechanisms for authentication on the Internet. The goals and principles of authentication are illustrated through several expository systems. The embodied trust, operation, and limitations of these systems are explored. This article is concluded with a number of axioms for the selection and use of authentication systems on the Internet.

AUTHENTICATION

An authentication process establishes ...