Authentification classifications

Discussion in 'Computer Security' started by Marc Jaeger, Apr 27, 2004.

  1. Marc Jaeger

    Marc Jaeger Guest

    Hi everybody,

    I try currently to make a classification of every authentication
    methods that exist.

    I have noted as authentication methods : /etc/passwd, Windows SAM
    file, Active Directory, NIS, PAM, Kerberos, PAP, CHAP, EAP, RADIUS,
    NTLM, SASL, SSL, TLS, NDS, TACACS, IPsec, ISAkmp, pki, ..., MD5,
    3DES, LDAP,...

    Now I try to classify these into criteria such as :
    is an authentication binary
    is an authentication protocol
    uses an authentication protocol
    uses cryptography
    has a user database
    is a framework regrouping other authentications methods
    ???
    ??

    The goal of this is to make a comparison of authentication methods
    which are comparable !
    And then see which ones I should implement in my application so it
    will be the most flexible.

    For instance RADIUS is not a binary (it is much more than that), I
    don't know if it is a protocol at its own, it uses a bunch of other
    authentication protocols, I don't know if it use cryptographics at its
    own, it hasn't its own user database, and yes it is a framework
    regrouping other authentications protocols.

    Any advice would be welcome !

    Marc Jaeger
     
    Marc Jaeger, Apr 27, 2004
    #1
    1. Advertising

  2. (Marc Jaeger) writes:
    > Hi everybody,
    >
    > I try currently to make a classification of every authentication
    > methods that exist.
    >
    > I have noted as authentication methods : /etc/passwd, Windows SAM
    > file, Active Directory, NIS, PAM, Kerberos, PAP, CHAP, EAP, RADIUS,
    > NTLM, SASL, SSL, TLS, NDS, TACACS, IPsec, ISAkmp, pki, ..., MD5,
    > 3DES, LDAP,...


    another classification/taxonomy for authentication is what does the
    authentication really represent ... i.e. 3-factor authentication:

    1) something you know
    2) something you have
    3) something you are

    furthermore most of the factors can either be implicit or explicit and
    can either utilize shared-secrets or non-shared-secrets.

    this is "authentication method" with respect to the meaning of the
    authentication as opposed to the implementation authentication
    product/mechanism.

    passwords then tend to be

    a) something you know and
    b) shared-secret

    it is possible to have a hardware-token implementation that only
    operates in a specific way when the owner imputs the correct PIN into
    the token. the infrastructure then infers by responses from the token

    a) something you have (i.e. inferred because only the token could
    provide the correct response)
    b) something you know (i.e. inferred because only the token only works
    with the correct pin)
    c) non-shared secret (i.e. what is known is only inferred by the
    operation of the hardware taken, the server side doesn't actually have
    to verify what is known, only that it is known).

    lots of posts about what does a server domain name certificate in SSL
    really represent:
    http://www.garlic.com/~lynn/subpubkey.html#sslcerts

    misc. stuff on radius & kerberos:
    http://www.garlic.com/~lynn/subpubkey.html#radius
    http://www.garlic.com/~lynn/subpubkey.html#kerberos

    some stuff about identity, authentication, and privacy:
    http://www.garlic.com/~lynn/subpubkey.html#privacy

    --
    Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
     
    Anne & Lynn Wheeler, Apr 27, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?RmFUaGVSLVRlRA==?=

    XP Pro authentification tool

    =?Utf-8?B?RmFUaGVSLVRlRA==?=, Jul 27, 2005, in forum: Microsoft Certification
    Replies:
    2
    Views:
    603
    =?Utf-8?B?TWl0Y2ggR2FydmlzLCBNQ1NB?=
    Jul 28, 2005
  2. =?Utf-8?B?RmFUaGVSLVRlRA==?=

    XP Authentification....

    =?Utf-8?B?RmFUaGVSLVRlRA==?=, Jul 27, 2005, in forum: Microsoft Certification
    Replies:
    2
    Views:
    814
    =?Utf-8?B?R2F1cmF2IFNheGVuYQ==?=
    Aug 8, 2005
  3. Private

    Authentification?

    Private, Mar 7, 2004, in forum: Computer Information
    Replies:
    1
    Views:
    655
    Duane Arnold
    Mar 7, 2004
  4. dannizap83

    WLAN with RADIUS authentification

    dannizap83, Jun 15, 2007, in forum: Wireless Networking
    Replies:
    0
    Views:
    375
    dannizap83
    Jun 15, 2007
  5. Jeffersonly0017

    Authentification tab disabled

    Jeffersonly0017, Oct 12, 2011, in forum: General Computer Support
    Replies:
    0
    Views:
    961
    Jeffersonly0017
    Oct 12, 2011
Loading...

Share This Page