Authentication is the first and foremost security principle that involves validation of identity of an user or a machine. The successful authentication is required for authorization and secure data exchanges. A common classification of authentication system based on factors – something you know, something you own, something you did and something you are – is explained. Well-known and used password schemes employed in practice is described along with standards. A description Kerberos of authentication system based on symmetric key encryption and SSL based authentication which is based on public key encryption is given. Related Single-Sign-On technologies are explained. A brief overview of authentication for cloud computing, IoT and UIDAI is presented.
It is important to know the basic principles of information security as applicable to computer science. This knowledge helps one to develop products with required security and to analyze competing security claims. The first and foremost security principle is “Authentication”, which is the process of verifying the identity of a machine or person. One has to provide valid credentials for successful authentication to get access to computer system resources. The second basic security principle is “authorization”, which controls the access to resources after successful authentication. A common tendency is to combine authentication and authorization, but it is important to understand that they are distinct. The next principles are “confidentiality” to provide data protection and “data integrity” to assure data is not modified in transit/storage. The related concept of key management is tied with these principles. The final principle is “availability” which is to make systems available despite threats and attacks.
The identity of a security principal, either you or a computer, is a declaration of who you are. This is the answer to the question “Who are you?” Some common examples of identity are user IDs, digital certificates and ATM cards. The system wants to be certain that it is indeed you and not someone else. The system will challenge the principal and expects correct responses in some way. Common examples of authenticators are passwords, private keys and PINs. Whereas identity is generally public, authentication is private: it’s a secret known only by the Principal. A typical scenario is where the client authenticates to the server to get access to service or resource. The case where both parties want to authenticate to each other is called mutual authentication.
Further, authentication is also applicable to message sent to each other. The receiver wants to be confident that the authentic message is indeed sent by the intended sender and not by someone masquerading as the sender. He also wants to be sure that the message has not been modified in transit. These authentic messages exchanged between the server and the client is the basis for arriving at the common shared key for protected data transfers.
This paper is organized as follows. A common classification of authentication into password, biometric and tokens/certificates is explained. The well-known standards for authentication is highlighted. A different way of classification based on security level is described next. This is followed by a survey of various password based authentication schemes. A description of Kerberos standards follows. The popular SSL based authentication is explained next. Related authentication technologies OpenID and OAuth are explained. A brief survey of authentication for cloud computing IoT and UIDAI is given.
The most common attacks against authentication include impersonation and message tampering. The impersonation attack means the attacker pretending to be a bonafide sender and tricking the receiver to think it has come from the sender. The second attack is to modify the sender’s message undetected by the receiver. As and when an authentication method is explained, a description of various attacks/threats handled by the scheme will be given.
A traditional way to classify is based on the following factors :
Something you know – Password
Something you are – Biometric
Something you have – Access tokens, Certificates
Something you do – make a gesture, read a
text, match a CAPTCHA
The password is simple to use and remember. It has been used in military since ancient times. A person wishing to enter protected area is to supply a password and he is allowed entry only if the password is correct. Even in modern times, its use is widespread to gain entry into computers, mobile phones, ATM, etc. If the password is formed from multiple words it is called passphrase and if it is formed from numbers, it is called passcode or passkey. A good practice is to choose password which is easy to remember and type but hard to guess .
Biometric authentication makes use of many physiological and behavioral characteristics that are believed to be unique to individuals. The identification characteristics is something you are and uniqueness ensures difficulty of forging. A survey of physiological and behavioral characteristics useful for biometric identification are fingerprints, voice, iris, retina, hand geometry, face recognition, signature, key stroke, bio-electric signals, gait, ear shape, head resonance, odor and finger shape is given in . A comparative study of these characteristics for biometric authentication system is presented.
Another type of authentication based on tokens is modeled on a physical key which is restricted to open a room, a building, etc. This type has to do with the ownership. Corporate badges, possession of king’s seal, passport and smart cards are other examples. Token verifiers may or may not have readers. In the latter case, the user has a token and can compute the reply to challenge posed by the remote host for authentication. Alternatively, a time-based token calculator, where passwords change regularly and in sync with that on the host. Yet another way is to use One-time passwords. The user has a list of passwords and uses each of them only once . The certificate based authentication will be described later.
When only a single method among the preceding options is used, it is called single-factor authentication. Multi-factor authentication uses more than one of the options simultaneously during the authentication process (two-factor uses two, three-factor uses three, and so on) . A familiar example of two-factor authentication is the “sign-on” process at a banking machine where the user presents a credit or debit card (“something you have”) and enters a PIN (“something you know”) to gain access to his/her bank account. Clearly, multi-factor systems are more burdensome for the user as more tasks are to be completed before the authentication process is finished. However, the security benefit is that impersonation attacks become much more difficult. Another example is online mobile banking transactions where the user is required to provide a password and One-time pseudorandom number received over the mobile (ownership factor).
A biometric system should take into account day-to-day variations in individuals bio-metric and be reliable. Though biometrics characteristics are hard to forge, it is easy to forge after a measurement is taken. An important criterion during biometric authentication is to check for liveliness of the input data. To make biometrics more effective, it is combined with a secret of some kind — a PIN, a private key on a smart card, or, yes, even a password. In other words biometric characteristic should be treated as pure identity and use other forms for authentication verification.
If the security technology has not kept pace with rapid development of Information Technology (IT), IT systems, users and data, both organization and private, will be vulnerable to attacks. The attackers could be criminals or politically motivated or financially motivated. Information security standards help to prevent most of the threats, to manage security risks by making it harder for attacks to succeed and by reducing the effects of attacks.
The goal of information security standards is to improve the security of the information systems, to define functional and assurance requirements, to promote vendors to build standard-compliant product, to enable consistency among product developers and to serve as a reliable metric for purchasing products.
Request for Comments (RFC) is a collaborative publication from engineers and computer scientists in the form of a memorandum describing methods, behaviors, research, or innovations applicable to the working of the Internet and Internet-connected systems. The Internet Engineering Task Force (IETF) adopts some of the proposals published as Request for Comments (RFC) as Internet Standards. For authentication methods described here RFC’s will be mentioned where applicable.
The US National Institute of Standards and Technology (NIST) publishes white papers and other resources in its Security Management & Assurance working group. These standards are followed by mainly, US federal agencies. The recommendations are applicable to other organizations as well and referred to as NIST standards.
The users connect to the network via a remote connection over VPN or dial up network. In this case Password Authentication Protocol (PAP) is used . After the user establishes a link, it repeatedly sends his id/password to authenticator. If he receives ACK, the connection is established. If the user receives NAK instead, the connection is terminated. The protocol is simple and the drawback is that the password is sent in the clear text.
Challenge Handshake Authentication Protocol (CHAP) is more secure than the PAP and makes use of a cryptographic hash function such as MD5 or SHA . A cryptographic hash is a one-way function takes arbitrary size input and after computations it outputs 128-bit output. The security of the cryptographic hash comes from the fact that given a message “m” which hashes to digest “d”, it is computationally hard to find another message “m′” that hashes to the same digest “d”.
RFC 1994 is the standard for CHAP for authentication used by the servers to validate the identity of remote clients . Both the server and the client perform a hash operation on the password and transmits the hash result rather than sending the password itself as shown in Figure 1. After the link is established the server sends a random challenge to the authenticating client entity. The entity responds with hash value calculated using the password and the challenge. The server checks the client response against its own computation and if the values match authentication is successful, else the connection is terminated.
CHAP provides protection against replay attacks through the use of random challenge value. Further the challenge can be used repeatedly to limit the time of exposure for any single attack. If the CHAP negotiations can be carried out in both directions, this results in mutual authentication.
The Microsoft Windows 2000 default authentication is based on the standard CHAP and the latest version is called MS-CHAP v2 . It uses two-way authentication so that both the server and the client identities are verified. Like CHAP, MS-CHAP uses challenge-response mechanism to authenticate connection without sending any passwords. The MD4-hashed version of the user password, the peer-challenge string, the session identifier are combined to form SHA hash based response. Other authentication methods related to CHAP is EAP (Extensible Authentication Protocol), and PAP (Password Authentication Protocol) .
CRAM-MD5 defined in IETF RFC 2195  is a challenge-response authentication mechanism (CRAM) based on the HMAC-MD5 algorithm. HMAC-MD5 is keyed MD5 hash where the key is shared secret. CRAM provides protection against replay attacks. However, it can’t prevent cracking the password through a brute-force attack, so it is less effective than alternative mechanisms that avoid passwords or that use connections encrypted with SSL/TLS.
A more secure Salted Challenge Response Authentication Mechanism (SCRAM) defined in RFC 5802  is a family of modern, password-based challenge–response authentication mechanisms providing authentication of a user to a server. In this protocol, both the client and the server exchange their respective nonce and prove to each other the knowledge of the shared secret leading to mutual authentication as shown in Figure 2. This is an assurance against man-in-the-middle attack. Although all clients and servers have to support the SHA-1, all hashing algorithm and functions defined by the IANA are supported. The main advantage of SCRAM is in storing passwords in data servers in a secure manner to avoid data breaches. The password along with the salt and iteration count are used in Password Based Key Derivation 2 (PBKDF2) algorithm to compute the hashed password. PBKDF2 applies a pseudorandom function to the input password along with a salt value and repeats the process many times to produce a derived key, which can then be used as a cryptographic key in subsequent operations. This makes the computational work for password cracking much more difficult, and is known as key stretching.
Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting management for users who connect and use a network service. RADIUS uses two packet types to manage the full AAA process; Access-Request, which manages authentication and authorization defined in RFC 2865 ; and Accounting-Request accounting, which is described by RFC 2866. RADIUS is often used by Internet Service Providers (ISPs) and enterprises to manage access to the Internet or internal networks, wireless networks, and integrated e-mail services. These networks may incorporate modems, digital subscriber line (DSL), access points, virtual private networks (VPNs), network ports, web servers, etc.
The user or machine sends a request to a Network Access Server (NAS) to gain access to a particular network resource using access credentials. In turn, the NAS sends a RADIUS Access Request message to the RADIUS server, requesting authorization to grant access via the RADIUS protocol. This request includes access credentials, typically in the form of username and password or security certificate provided by the user. Additionally, the request may contain other information which the NAS knows about the user, such as its network address or phone number, and information regarding the user’s physical point of attachment to the NAS.
The RADIUS server issues “Access Challenge” requesting additional information from the user such as a secondary password, PIN, token, or card following PAP, CHAP or EAP  authentication schemes. Once the user’s proof of identification is verified, along with, optionally, other information related to the request, RADIUS send “Access Accept” granting access to the user. In case of failure RADIUS returns “Access Reject” and the user is unconditionally denied access to all requested network resources.
DIAMETER, developed to provide a framework for AAA to overcome the limitations of RADIUS, is described in RFC 7075 . The latter had issues with reliability, scalability, security and flexibility. RADIUS cannot deal effectively with remote access, IP mobility and policy control. The Diameter protocol defines a policy protocol used by clients to perform policy, AAA, and resource control. This allows a single server to handle policies for many services.
DIAMETER provides an upgrade path for RADIUS and provides extra features lacking in RADIUS. It has similar features as RADIUS: it can work in both local and roaming AAA situations; it supports stateful and stateless modes; and it supports application layer acknowledgement and defines failover.
DIAMETER uses TCP or SCTP unlike RADIUS which uses UDP, therefore delegating detection and handling of communication problems to those protocols. DIAMETER does not include encryption, but can be protected by transport level security IPSEC or TLS. Diameter has enhanced features to support many different interfaces defined by 3rd Generation Partnership Project (3GPP) IP Multimedia Subsystem (IMS).
Both RADIUS and Diameter support authentication CHAP and EAP (Extensible Authentication Protocol), and PAP (Password Authentication Protocol). However, RADIUS has some limitations: Its CHAP authentication is subject to dictionary attacks, and it protects clear-text passwords (PAP) only on a hop-by-hop basis.
Kerberos is an authentication server developed as a part of Project Athena, MIT. According to Greek mythology, Kerberos is a ferocious 3-headed dog guarding the Gates to the Underworld. Since Kerberos authentication requires 3 entities to authenticate and has an excellent track record of making computing safer, the naming is appropriate.
Kerberos model is based on Needham-Schroeder trusted third party protocol . It uses symmetric key cryptography and requires trusted third-party authorization to verify user identities. It provides centralized private-key third-party authentication in a distributed network. The latest Kerberos Version 5 is specified in RFC 4120 .
It is highly reliable and employs a distributed server architecture. As it is scalable, the system should support large number of clients and servers. This technology is used by Microsoft Windows, Apple OS, FreeBSD, UNIX and Linux. Kerberos protocol messages are protected against eavesdropping and replay attacks. The strong cryptography and third-party ticket authorization make it much more difficult for attackers to infiltrate the network.
Kerberos system has two main parts Authentication Server (AS) and Ticket Granting Server (TGS) as shown in Figure 3. Users interact with AS to identify self and negotiate a ticket granting ticket (TGT) which is a non-corruptible authentication credential. Users can subsequently request access to other services from TGS based on the TGT.
Kerberos V5 Messages:
The client sends a clear text message consisting of the user ID and the TGS server name to the AS.
The AS checks to see if the client is in its database. If it is, the AS generates and sends back the following two messages to the client:
Message A: Client/TGS Session Key encrypted using the secret key of the client
Message B: Ticket-Granting-Ticket (TGT), which includes the client ID, network address, the server name, a time-stamp and the client/TGS session key encrypted using the secret key of the TGS.
The client decrypts the first message and retrieves the session key. Only the legitimate client with the correct knowledge of the password is able to decrypt the message.
The client saves the session key and TGT for the future use. It erases the password and its one way hash to reduce the chance of compromise.
A client sends a request to the TGS to obtain separate tickets for each of the services she wants to use from TGT. The request consists of an authenticator encrypted with the shared session key between the client and the server and TGT. The authenticator consists of the client name, time stamp and optional key. The TGS, upon receiving the request, decrypts the TGT and retrieves the shared session key. Then the shared key is used to decrypt the authenticator. After due validations of the client information from the ticket and the authenticator, the request is allowed to proceed.
Checking timestamps assumes all machines in Kerberos authentication network have synchronized clocks, at least to within several minutes. If the timestamp in the request is too far from the current time, TGS treats the request as an attempt to replay.
TGS responds to the valid request by returning a valid ticket for the client to present to the app server along with the new session key for the client and the app server.
The client similar to step 3 creates an authenticator for the app server and sends authenticator encrypted with the shared key and the app server ticket.
The server decrypts the ticket to retrieve the shared session key and then uses it to decrypt the authenticator. It compares client credentials and timestamp in the ticket as well as authenticator. If everything checks out, the app server grants service access to the client.
Kerberos may be susceptible to replay attacks from old and cached authenticators. Although, the timestamps are used to prevent this, replays are possible during ticket’s lifetime. The servers are supposed to store all live tickets to stop this but this is not always practicable. Another requirement is that all the clocks in the network are time synchronized. If a host is fooled about the correct time, old authenticator replay is possible. Yet another vulnerability is password cracking attacks. If the intruder collects enough tickets his chances of success are good.
Though the use of shared key or symmetric key encryptions is widespread because of its moderate computations, the key distribution and management becomes more unwieldy and complex. If “n” users want to securely communicate with each other, this would require “(n2−n)/2(n2−n)/2” secret keys. It is difficult to arrange in advance secure physical means of sharing secret keys for large “n”. Public key cryptography (PKC) is invented as a solution by Whitefield Diffie and Martin Hellman and independently by Merkle , . In a PKC system, each user will have only one private key, which should be kept secret and the related public key which can be shared with others.
The generation of private and public keys depends on cryptographic algorithms based on mathematical problems to produce one-way functions. A typical invertible one-way function “ff” be a function defined over integers modulo a large number N (which can be a prime or product of two large primes) such that computing f(x)=yf(x)=y, given ‘xx’ is easy; however, given y=f(x)y=f(x), computing ‘xx’ from ‘yy’ is difficult or hard. If “N” is a single prime, the computation of xx given yy is termed the discrete logarithm problem . If “N” is the product of 2 prime numbers, the computation of x given y is equivalent to finding the factors of N, termed the factorization problem . The well-known Rivest-Shamir-Adelman (RSA) PKC system, named after its inventors, is based on a number which is product of two large primes . Typical operations of encryption and decryption are shown in Figure 4.
Two of the best-known uses of public key cryptography are to ensure confidentiality and signature. In the first case, if any one wants to send a message to user A, the message has to be encrypted with the user-A’s public key. This encrypted message cannot be decrypted by anyone other than user-A, who does not possess the matching private key. Only the user-A can decrypt the message who is the owner of that key and the person associated with the public key. This is used in an attempt to ensure confidentiality.