Authenticity

Note: SNMP doesn’t provide security management to the #Network Management System (NMS). It severely lacks authentication capability.

Security Service is a service that improve the security data processing system and/or information transfers. It needs to at least secure four elements: confidentiality#, authenticity#, integrity#, and availability#. It has Security Mechanism# implemented in order to fulfil its promises and prevents potential Security Attack.

PGP is a #Asymmetric Cryptographic program used to encrypt, decrypt and sign emails over insecure transmission channel such as Internet with Digital Signature# which is developed by Philip R. Zimmermann in 1991. It has become the de facto #standard for email security. It provides five services: Confidentiality#, Authentication#, compression, e-mail compatibility (encode raw binary to ASCII characters using Radix-64 Encoding#) and segmentation (if the message is too large). It guarantees the security in Application Layer#.

MAC is a technique generates a small fixed-size block of data, using a secret key shared between sender and receiver(Symmetric Cryptography#), that will append to the message. It provides Security Services# such as Data Integrity# and data origin authentication# (whether the message is sent by the claimed sender).

Authentication Server will verify if the user is valid in the local network upon request (to avoid impersonation#). If it is, then the server will send two encrypted messages that is encrypted with a secret key which is derived from the user’s own password (which is vulnerable to password attacks):

IPsec is an #Network Layer security framework for secure communications over Internet Protocol (IP)# network. This means it could protect every application or Protocol#, including those that are security-ignorant (doesn’t design around security), running on top of IP (IPv4 or IPv6#, however, both of them are not compatible to each other). It is common having it to have secure access over the Internet, extranet and intranet connectivity with partners or just to enhance the security especially in electronic commerce. It provides Authentication#, Confidentiality#, and key management (secure key exchanges) services.

Hash Function, denoted as \(h = H(M)\), is an unkey function that condense arbitrary lengths of value into a fixed size output (fingerprint). It could be used as a mapping function of #Hash Table key into an appropriate cell, in #Digital Signature for authentication#, creating one-way password, detecting intrusion or virus, or construct pseudorandom# function (PRF) or a pseudorandom number generator (PRNG).

Digital Signature is a #Security Mechanism where hashed# data is appended to (sometimes encrypted# using Rivest-Shamir-Adleman (RSA)#) a data unit, allowing a recipient of the data unit to prove the source and Integrity# of the data unit. It could protect against forgery# due to its Non-Repudiation# nature. At the receiver side, it will either reject (return value 0) or accept (return value 1) the signature.

A transparent Authentication Exchange could be happened if the user doesn’t aware that the Authentication# is taking place. The underlying mechanism is that the user is blocked by the network, without letting they know that they are being blocked. After a successful authentication, the user will be able to access the network since the port is open to the user.