User Authentication

Chapter 15 USER AUTHENTICATION

o Remote  User-Authentication Principles

·        Mutual Authentication One-Way Authentication

o Remote User-Authentication Using Symmetric  Encryption

·        Mutual Authentication One-Way Authentication

o Kerberos

·        Motivation Kerberos Version 4

·        Kerberos Version 5

o Remote User Authentication Using Asymmetric  Encryption

·        Mutual Authentication One-Way Authentication

o Federated Identity Management

·        Identity Management Identity Federation

KEY POINTS

◆     Mutual authentication protocols enable communicating parties to satisfy themselves mutually about each other’s identity and to exchange session keys.

◆     Kerberos is an authentication service designed for use in a distributed environment.

◆     Kerberos provides a trusted third-party authentication service that enables clients and servers to establish authenticated communication.

◆     Identity management is a centralized, automated approach to provide enterprise-wide access to resources by employees and other authorized individuals.

◆     Identity federation is, in essence, an extension of identity management to multiple security domains.

This chapter examines some of the authentication functions that have been developed to support network-based use authentication. The chapter begins with an introduction to some of the concepts and key considerations for user authentication over a network or the Internet. The next section examines user-authentication protocols that rely on symmetric encryption. This is followed by a section on one of the earliest and also one of the most widely used authentication services: Kerberos. Next, the chapter looks at user-authentication protocols that rely on asymmetric encryption. This is followed by a discussion of the X.509 user-authentication protocol. Finally, the concept of federated identity is introduced.