Authentication and Integrity

#network #authentication #integrity

Authentication

• Optional prerequisite
• Many implementations\
• Enables authorization & accounting
  • Logs
  • Authentication is who you are, and authorization is what you are allowed to do.
  • Group membership many times determines authorization.

Authentication Examples

• Point-to-Point Protocol (PPP)
  • Its a little bit older
  • It was attached to other technologies
• Extensive Authentication Protocol (EAP)
  • Many forms of EAP:
    • EAP - MD5
      • Uses digests.
    • EAP - TLS
      • Uses digital certificates.
    • PEAP (Protective)
      • Uses certificate on one side, which is Microsoft's implementation.
  • When you get to the Access Point (AP), you are going to pass your credentials, username and password, to that AP/Switch (if wired connection)/Router/Firewall - they are all network doors, they can authenticate you.
• IPsec VPN
  • Built-in authentication.
• HTTP
  • Built-in authentication.

Integrity

• Ensures data is free from modification
  • Not confidentiallity
• Implemented at many levels of OSI model
• Can be combined with authentication
  • We call it Hash Message Authentication Code (HMAC)
  • It will take a secret key, will hash data with that key and it will include it. The other side gets your data, gets the hash and it can be recreate it because it knows the key and if it is successful it knows that that data came from you so it's authenticated, and we know that has not been modified.