Authentication protocol

An authentication protocol is a type of computer communications protocol or cryptographic protocol specifically designed for transfer of authentication data between two entities. It allows the receiving entity to authenticate the connecting entity (e.g. Client connecting to a Server) as well as authenticate itself to the connecting entity (Server to a client) by declaring the type of information needed for authentication as well as syntax.^[1] It is the most important layer of protection needed for secure communication within computer networks.

Purpose

With the increasing amount of trustworthy information being accessible over the network, the need for keeping unauthorized persons from access to this data emerged. Stealing someone's identity is easy in the computing world - special verification methods had to be invented to find out whether the person/computer requesting data is really who he says he is.^[2] The task of the authentication protocol is to specify the exact series of steps needed for execution of the authentication. It has to comply with the main protocol principles:

A Protocol has to involve two or more parties and everyone involved in the protocol must know the protocol in advance.
All the included parties have to follow the protocol.
A protocol has to be unambiguous - each step must be defined precisely.
A protocol must be complete - must include a specified action for every possible situation.

An illustration of password-based authentication using simple authentication protocol:

Alice (an entity wishing to be verified) and Bob (an entity verifying Alice's identity) are both aware of the protocol they agreed on using. Bob has Alice's password stored in a database for comparison.

Alice sends Bob her password in a packet complying with the protocol rules.
Bob checks the received password against the one stored in his database. Then he sends a packet saying "Authentication successful" or "Authentication failed" based on the result.^[3]

This is an example of a very basic authentication protocol vulnerable to many threats such as eavesdropping, replay attack, man-in-the-middle attacks, dictionary attacks or brute-force attacks. Most authentication protocols are more complicated in order to be resilient against these attacks.^[4]

List of various other authentication protocols

AKA
CAVE-based authentication
CRAM-MD5
Digest
Host Identity Protocol (HIP)
LAN Manager
NTLM, also known as NT LAN Manager
OpenID protocol
Password-authenticated key agreement protocols
Protocol for Carrying Authentication for Network Access (PANA)
Secure Remote Password protocol (SRP)
RFID-Authentication Protocols
Woo Lam 92 (protocol)
SAML

References

^ Duncan, Richard (23 October 2001). "An Overview of Different Authentication Methods and Protocols". www.sans.org. SANS Institute. Retrieved 31 October 2015.
^ Shinder, Deb (28 August 2001). "Understanding and selecting authentication methods". www.techrepublic.com. Retrieved 30 October 2015.
^ van Tilborg, Henk C.A. (2000). Fundamentals of Cryptology. Massachusetts: Kluwer Academic Publishers. pp. 66–67. ISBN 0-7923-8675-2.
^ Smith, Richard E. (1997). Internet Cryptography. Massachusetts: Addison Wesley Longman. pp. 1–27. ISBN 0-201-92480-3.

[1] Duncan, Richard (23 October 2001). "An Overview of Different Authentication Methods and Protocols". www.sans.org. SANS Institute. Retrieved 31 October 2015.

[2] Shinder, Deb (28 August 2001). "Understanding and selecting authentication methods". www.techrepublic.com. Retrieved 30 October 2015.

[3] van Tilborg, Henk C.A. (2000). Fundamentals of Cryptology. Massachusetts: Kluwer Academic Publishers. pp. 66–67. ISBN 0-7923-8675-2.

[4] Smith, Richard E. (1997). Internet Cryptography. Massachusetts: Addison Wesley Longman. pp. 1–27. ISBN 0-201-92480-3.

[1]

[2]

[3]

[4]