Authentication protocols

• designed for transfer of authentication data between two entities.
• for secure communication within computer networks.

Authentication protocols Types

• Authentication protocols developed for PPP Point-to-Point Protocol

1. PAP - Password Authentication Protocol
2. CHAP - Challenge-handshake authentication protocol
3. EAP - Extensible Authentication Protocol

• AAA architecture protocols (Authentication, Authorization, Accounting)
  1. TACACS, XTACACS and TACACS+
  2. RADIUS
  3. DIAMETER
• Kerberos (protocol)
• List of various other authentication protocols

List of various other authentication protocols

• AKA : Authentication and Key Agreement (AKA) is a security protocol used in 3G networks. AKA is also used for one-time password generation mechanism for digest access authentication. AKA is a challenge-response based mechanism that uses symmetric cryptography.
• CAVE-based authentication : access authentication protocol used in CDMA/1xRTT computer network systems.
• CRAM-MD5 : CRAM-MD5 is a challenge-response authentication mechanism (CRAM) based on the HMAC-MD5 algorithm
• Digest : Digest access authentication use to negotiate credentials, such as username or password, with a user's web browser. This can be used to confirm the identity of a user before sending sensitive information, such as online banking transaction history. It applies a hash function to the username and password before sending them over the network. In contrast, basic access authentication uses the easily reversible Base64 encoding instead of encryption, making it non-secure unless used in conjunction with TLS. Digest authentication is an application of MD5 cryptographic hashing with usage of nonce values to prevent replay attacks. It uses the HTTP protocol.
• Host Identity Protocol (HIP)
• LAN Manager
• NTLM, also known as NT LAN Manager
• OpenID protocol
• Password-authenticated key agreement protocols
• Protocol for Carrying Authentication for Network Access (PANA)
• Secure Remote Password protocol (SRP) : The Secure Remote Password protocol (SRP) is an augmented password-authenticated key agreement (PAKE) protocol, specifically designed to work around existing patents.[1]
• In layman's terms, during SRP (or any other PAKE protocol) authentication, one party (the "client" or "user") demonstrates to another party (the "server") that they know the password, without sending the password itself nor any other information from which the password can be broken. The password never leaves the client and is unknown to the server.
• RFID-Authentication Protocols
• Woo Lam 92 (protocol)
• SAML : Security Assertion Markup Language (SAML, pronounced sam-el[1]) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider