Identification, Authentication and Authorization

Authentication interactions

Basic approaches

Direct approach:

  • Provide credentials.

  • Wait for a verdict.

  • Authenticator checks credentials against what it knows.

Challenge-response approach.

  • Get challenge.

  • Provide a response computed from the challenge and the credentials.

  • Wait for a verdict.

  • The authenticator checks the response for the challenge provided and the credentials it knows.

Direct Approach

With password

A password is matched with a stored value for a claimed identity.

Personal stored value:

  • Transformed by a unidirectional function.

    • Key Derivation Function (KDF).

    • Preferably slow!

    • Bcrypt, scrypt, Argon2, PBKDF2.

  • UNIX: DES hash + salt

  • Linux: KDF + salt

  • Windows: digest function

Advantage

  • Simplicity

  • Sharing

Problems

  • Usage of predictable passwords.

    • They enable dictionary attacks.

  • Different passwords for different systems.

    • To prevent impersonation by malicious admins.

    • Memory limitations.

  • Exchange along insecure communication channels.

    • Eavesdroppers can easily learn the password.

    • e.g. Unix remote services, PAP.

PreviousAuthenticationNextAuthentication of people

Last updated