Authenticity is a quality of how true or authentic the entity is the one as claimed. There are several threats to Authenticity such as physical access to authenticated device, impersonation of authenticated device by masking its Media Access Control Address (MAC) (Masquerade), and gaining entrance to server or disrupting operations with Replay Attack. This could be avoid with cryptographic techniques.
Authenticity
- TNS3131 Chapter 7: Web Security
- TNS3131 Chapter 4: Authentication Application
-
Simple Network Management Protocol (SNMP)
Note: SNMP doesn’t provide security management to the #Network Management System (NMS). It severely lacks authentication capability.
-
Security Service
Security Service is a service that improve the security data processing system and/or information transfers. It needs to at least secure four elements: confidentiality#, authenticity#, integrity#, and availability#. It has Security Mechanism# implemented in order to fulfil its promises and prevents potential Security Attack.
-
Pretty Good Privacy (PGP)
PGP is a #Asymmetric Cryptographic program used to encrypt, decrypt and sign emails over insecure transmission channel such as Internet with Digital Signature# which is developed by Philip R. Zimmermann in 1991. It has become the de facto #standard for email security. It provides five services: Confidentiality#, Authentication#, compression, e-mail compatibility (encode raw binary to ASCII characters using Radix-64 Encoding#) and segmentation (if the message is too large). It guarantees the security in Application Layer#.
-
Message Authentication Code (MAC)
MAC is a technique generates a small fixed-size block of data, using a secret key shared between sender and receiver(Symmetric Cryptography#), that will append to the message. It provides Security Services# such as Data Integrity# and data origin authentication# (whether the message is sent by the claimed sender).
-
Kerberos
Authentication Server will verify if the user is valid in the local network upon request (to avoid impersonation#). If it is, then the server will send two encrypted messages that is encrypted with a secret key which is derived from the user’s own password (which is vulnerable to password attacks):
-
IP Security (IPsec)
IPsec is an #Network Layer security framework for secure communications over Internet Protocol (IP)# network. This means it could protect every application or Protocol#, including those that are security-ignorant (doesn’t design around security), running on top of IP (IPv4 or IPv6#, however, both of them are not compatible to each other). It is common having it to have secure access over the Internet, extranet and intranet connectivity with partners or just to enhance the security especially in electronic commerce. It provides Authentication#, Confidentiality#, and key management (secure key exchanges) services.
-
Hash Function
Hash Function, denoted as \(h = H(M)\), is an unkey function that condense arbitrary lengths of value into a fixed size output (fingerprint). It could be used as a mapping function of #Hash Table key into an appropriate cell, in #Digital Signature for authentication#, creating one-way password, detecting intrusion or virus, or construct pseudorandom# function (PRF) or a pseudorandom number generator (PRNG).
-
Digital Signature
Digital Signature is a #Security Mechanism where hashed# data is appended to (sometimes encrypted# using Rivest-Shamir-Adleman (RSA)#) a data unit, allowing a recipient of the data unit to prove the source and Integrity# of the data unit. It could protect against forgery# due to its Non-Repudiation# nature. At the receiver side, it will either reject (return value 0) or accept (return value 1) the signature.
-
Authentication Exchange
A transparent Authentication Exchange could be happened if the user doesn’t aware that the Authentication# is taking place. The underlying mechanism is that the user is blocked by the network, without letting they know that they are being blocked. After a successful authentication, the user will be able to access the network since the port is open to the user.