Your search keyword '"NT LAN Manager"' showing total 44 results

1. Research on Hadoop Identity Authentication Based on Improved Kerberos Protocol

Author

Yuanxu Zhang, Shujun Pei, Daming Hu, and Deyun Chen

Subjects

Challenge-Handshake Authentication Protocol, General Computer Science, computer.internet_protocol, Computer science, SPNEGO, Generic Security Service Algorithm for Secret Key Transaction, Computer security, computer.software_genre, NT LAN Manager, Authentication protocol, Kerberized Internet Negotiation of Keys, Kerberos, Challenge–response authentication, computer

Abstract

This paper researches the authentication mechanism of Kerberos protocol under HDFS, and points out the problems that identity authentication mechanism of Kerberos protocol faced in HDFS cluster environment: time synchronization, KDC security, dictionary attacks and denial mechanism. Aiming at these security problems, firstly, this paper provides an overview of the authentication process of the current Kerberos protocol under HDFS cluster environment; secondly, it modifies Kerberos protocol by using public key encryption and data signature mechanism; lastly, it provides the authentication process of improved Kerberos protocol in HDFS environment. Comprehensive analysis shows that both safety and time efficiency of the improved Kerberos protocol are improved compared with the existing identity authentication mechanism. It provides a more reliable and efficient identity authentication solution for HDFS cluster.

Published

2015

2. Wireless LAN Security Vulnerabilities and Improvement Measures

Author

Li Li Zeng

Subjects

Authentication, Service set, business.industry, Computer science, MAC address, CCMP, Temporal Key Integrity Protocol, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, General Medicine, Encryption, Computer security, computer.software_genre, Wireless LAN controller, NT LAN Manager, Network Access Control, Lightweight Extensible Authentication Protocol, Wireless lan, business, computer, Computer network

Abstract

This paper mainly analyzed the security of TKIP protocol and VPN technology ,the wireless LAN 802.11 and 802.1x/EXP security vulnerabilities: defects of SSID and MAC Address Filtering, defects of User Authentication Method, security vulnerabilities of WEP Algorithm, defects of 802.1x / EAP and RADIUS Authentication, etc. The author put forward improvement authentication and encryption method as improving wireless LAN security measures.

Published

2014

3. Disconnection of Wireless LAN Attack and Countermeasure

Author

Sunghyuck Hong

Subjects

Engineering, business.industry, Email authentication, Computer security, computer.software_genre, Wireless LAN controller, NT LAN Manager, Authentication protocol, Network Access Control, Lightweight Extensible Authentication Protocol, Challenge–response authentication, business, computer, Data Authentication Algorithm, Computer network

Abstract

In a wireless LAN environment, security is the most important. Security of 802.11 standard has many vulnerabilities of the network attack. IEEE has created mechanisms to security for this vulnerability. But the vulnerabilities is characteristic of broadcast in the air in wireless LAN, it is more disclosure then other network environments. In a wireless LAN environment, it can be accessed to the wireless LAN after authentication. Authentication process is one of most important because of the first security step. However, in the authentication process is not mentioned in the method of reducing the disclosure maximum fundamental. Therefore, in this research, the vulnerability of 802.11 are presented and how to do de-authentication in 802.11. Key Words : 802.11 client authentication, the authentication response to the attack, release, Connected Value creation, Connected Value authentication, MAC address and Connected Value * This research was partially supported by Baekseok University.Received 15 October 2013, Revised 17 December 2013Accepted 20 December 2013Corresponding Author: Hong, Seong Hyuk(Baekseok University)Email: shong@bu.ac.krⒸ The Society of Digital Policy & Management. All rights reserved. This is an open-access article distributed under the terms of the Creative Commons Attribution Non-Commercial License (http://creativecommons.otg/licenses/by-nc/3.0), which permits unrestricted non-commercial use, distribution, and reproduction in any medium, provided the original work is ISSN: 1738-1916 properly cited.

Published

2013

4. Design of LAN Platform for the Fusion of Communication and Networking

Author

Busheng Li and Jingfang Hu

Subjects

Transparent LAN Service, Computer science, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, ComputingMilieux_PERSONALCOMPUTING, Application software, computer.software_genre, Wireless LAN controller, World Wide Web, Set (abstract data type), NT LAN Manager, Software, business, computer, Computer network

Abstract

LAN Platform is application software based on UDP for LAN chat software, set the mainstream communication functions into one body, play LAN stability, quick advantage, provide interactive communication platform for LAN users. The software does not require a server, start the engine and the current online users, the software also provides cross network game search function, provides for the majority of War3 lovers convenient battle platform. Keyword: LAN Platform；UDP；TCP；WarCraft3；LAN

Published

2015

5. An Authentication Interworking Mechanism between Multiple Wireless LANs for Sharing the Network Infrastructure

Author

Wan Yeon Lee

Subjects

Wi-Fi array, Computer science, business.industry, Distributed computing, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, ComputingMilieux_PERSONALCOMPUTING, Wireless WAN, Authentication server, Wireless LAN controller, NT LAN Manager, Authentication protocol, Network Access Control, Lightweight Extensible Authentication Protocol, business, Computer network

Abstract

The previous studies focussed on the security problem and the fast re-authentication mechanism during handoffs in a single wireless LAN system. When the multiple wireless LAN systems share their network infrastructure one another, we propose an authentication mechanism allowing the subscriber to Perform the authentication procedure with the authentication server of its own wireless LAN system even in areas of other wireless LAN systems as well as in areas of its own wireless LAN system. In the proposed mechanism, the access point or the authentication server of other wireless LAN systems plays a role of the authentication agent between the subscriber and the authentication server of the subscriber`s wireless LAN system. The proposed authentication mechanism is designed on the basis of the 802.1X and EAP-MD5 protocols

Published

2004

6. Implementation of a Secure Wireless LAU System using AP Authentication and Dynamic Key Exchange

Author

Myung Sun Lee, Jae Cheol Ryou, and Jong Hu Lee

Subjects

SSLIOP, Computer science, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Multi-factor authentication, Computer security, computer.software_genre, Chip Authentication Program, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, NT LAN Manager, Authentication protocol, Lightweight Extensible Authentication Protocol, Challenge–response authentication, business, computer, Data Authentication Algorithm, Computer network

Abstract

The existing wireless LAN standard IEEE802.11b has many vulnerabilities from security point of view. The authentication mechanisms in IEEE802.11b have many vulnerabilities. As a result to complement the weak of IEEE802.11b authentication, the IEEE802.1x had been developed in the sense of providing strong user authentication with appropriate mechanism. But this mechanism does not perform AP authentication and there are also some weak points. And in confidentiality and message Integrity case, WEP is weak from key stream reuse attack, IV reuse attack and so on. For that reason, in this paper we propose secure wireless LAN system. Our system provides strong user authentication, confidentiality, and message integrity based on existing IEEE802.1x framework and TLS.

Published

2004

7. A hybrid authentication protocol for large mobile network

Author

Hung-Yu Chien and Jinn-Ke Jan

Subjects

Challenge-Handshake Authentication Protocol, Authentication, computer.internet_protocol, Computer science, business.industry, Generic Security Service Algorithm for Secret Key Transaction, Mobile computing, Public-key cryptography, NT LAN Manager, Hardware and Architecture, Authentication protocol, Network Access Control, Lightweight Extensible Authentication Protocol, Hash chain, Session key, Kerberos, Challenge–response authentication, business, computer, Software, Information Systems, Computer network

Abstract

As the rapid development of wireless LAN and mobile network layer protocol Mobile-IP, a mobile user is allowed to access the service at the visited domain after he has been authenticated. The designing criteria of the inter-domain authentication protocols include: the scalability, the communication efficiency and the computational efficiency, and the robustness of security. In this article, we first show the weakness of some existing protocols against the session key compromise, and then propose a new and efficient interdomain authentication protocol. Based on public key, challenge-response and hash chaining, this new approach simultaneously achieves several practical merits: (1) good scalability, (2) low communication cost and low computational cost, and (3) resistance to the session key compromise attack.

Published

2003

8. A self-encryption mechanism for authentication of roaming and teleconference services

Author

Chin-Chen Chang and Kuo-Feng Hwang

Subjects

Authentication, business.industry, Computer science, Applied Mathematics, Local area network, Cryptography, Encryption, Computer security, computer.software_genre, Computer Science Applications, NT LAN Manager, Network Access Control, Authentication protocol, Key (cryptography), Message authentication code, Security management, Electrical and Electronic Engineering, Roaming, business, computer, Computer network

Abstract

A simple authentication technique for use in the global mobility network (GLOMONET) is proposed. This technique is based on the concept of distributed security management, i.e., the original security manager administrates the original authentication key (long-term secret key) acquired when a user makes a contract with his home network, while a temporary security manager is generated for a roaming user in the visited network that provides roaming services. The temporary security manager will take the place of the original security manager when the roaming user stays in the service area of the visited network. In the proposed authentication protocol for the regular communication phase, the procedures of the original security manager and the temporary security manager are the same except for introducing different parameters. Furthermore, the proposed technique not only reduces the number of transmissions during the authentication phase, but it also can decrease the complexity of mobile equipment. The idea behind the proposed technique is to introduce a simple mechanism which is called "self-encryption". We also suggest that this mechanism can be easily adopted as the authentication function for the secure teleconference service.

Published

2003

9. Kerberos authentication in Windows NT 5.0 domains

Author

Peter T. Brundrett

Subjects

Windows NT, Computer Networks and Communications, computer.internet_protocol, business.industry, Computer science, Generic Security Service Algorithm for Secret Key Transaction, Information security, Server Message Block, Computer security, computer.software_genre, AuthIP, NTLMSSP, World Wide Web, NT LAN Manager, Internet Authentication Service, Prospectus, Technical report, Operating system, Kerberos, Safety, Risk, Reliability and Quality, business, computer, Software, Computer network

Abstract

Enterprise networks using Windows NT are growing in size and complexity. Windows NT 5.0 uses the Kerberos Version 5 authentication protocol and the Active Directory for network security in Windows NT domains. The Windows NT implementation of the Kerberos Version 5 protocol is based on RFC 1510, which has gone through a wide industry review and is well known in the security community [1]. Kerberos authentication provides many features that support performance and security objectives for Enterprise networks. Microsoft's implementation will support any RFC 1510-compliant clients, but will be required for full support of Windows NT networks because the Microsoft version includes permitted extensions to the standard. Windows NT 5.0 integrates the Kerberos protocol into the existing Windows NT distributed security model. Windows NT uses the extensibility features of the protocol, as have other security architectures, such as DCE and SESAME [2]. The Kerberos protocol is just one of the security protocols supported in Windows NT 5.0. Others include NTLM for backward compatibility, SSL and the IETF standard Transport Layer Security (TLS) for public-key authentication, Simple Protected Negotiation (SPNEGO) of security mechanisms, and IP security (IPsec) for network layer security using either shared-key or public-key authentication.

Published

1998

10. Developing a Windows NT security policy

Author

Ian White

Subjects

Windows NT, Computer Networks and Communications, Computer science, Information security, Computer security model, Security policy, Computer security, computer.software_genre, Security and safety features new to Windows Vista, Security controls, NT LAN Manager, Internet Authentication Service, Security service, Prospectus, Technical report, Group Policy, Business, Safety, Risk, Reliability and Quality, computer, Software

Abstract

The choice of Windows NT as the strategic platform for the desktop and shared application server is becoming more widespread. A challenge for the security team is to provide guidelines on the minimum level of security controls that should be implemented on these systems. This article discusses some of the controls that might be expected to be included within such a Windows NT Security Policy (the policy).

Published

1998

11. Windows NT security

Author

Ian White

Subjects

World Wide Web, NT LAN Manager, Windows NT, Computer Networks and Communications, Computer science, Best practice, Computer security model, Safety, Risk, Reliability and Quality, Computer security, computer.software_genre, computer, Software, Advice (programming)

Abstract

This article describes the underlying Windows NT security model and provides best practice advice on how Windows NT may be implemented within an organization securely. In addition this article also discusses how the system has evolved to meet recent security, related attacks and what potential weaknesses still remain.

Published

1997

12. A Multi-server Architecture Authentication Protocol Using Smart Card

Author

Jie Yu and Qingqi Pei

Subjects

Challenge-Handshake Authentication Protocol, SSLIOP, Otway–Rees protocol, computer.internet_protocol, Computer science, General Inter-ORB Protocol, Computer security, computer.software_genre, Internet protocol suite, Distributed System Security Architecture, Generic Bootstrapping Architecture, Server, Universal composability, Lightweight Extensible Authentication Protocol, Message authentication code, Replay attack, Data Authentication Algorithm, Password, Authentication, business.industry, Link Control Protocol, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Cryptographic protocol, Multi-factor authentication, Chip Authentication Program, NT LAN Manager, IPsec, Authentication protocol, Network service, Protected Extensible Authentication Protocol, Smart card, Wide Mouth Frog protocol, Challenge–response authentication, Reflection attack, business, computer, Computer network

Abstract

When user wants to access a network service, he/she must authenticate his/herself to the server. With the increasing of the different network services, it is extremely hard for user to remember the different ID and password, so the multi-server authentication protocols have been proposed to solve this problem. There are some authentication protocols for multi-server architecture using smart cards, but there are some serious secure problems in their schemes. The protocols they proposed cannot resist the replay attack, the impersonation attack, etc. So we propose a multi-server architecture authentication protocol with dynamic identify and smart card based on Lee et al.'s scheme. Our protocol can resist several kinds of attacks and remove the aforementioned weaknesses of their protocol. In this paper, we first provide a brief view of the multi-server architecture which is used in the authentication protocol, then we propose our multi-server architecture authentication protocol and give a security analysis of our proposed protocol, finally we make a comparison with our protocol and some other multi-server architecture authentication protocols.

Published

2012

13. Modeling and Verification of Kerberos Protocol Using Symbolic Model Verifier

Author

Punit Mundra, Radhika M. Pai, Shobhit Shukla, Madhavi Sharma, and Sanjay Singh

Subjects

Authentication, computer.internet_protocol, business.industry, Network security, Computer science, Generic Security Service Algorithm for Secret Key Transaction, Information security, NT LAN Manager, Authentication protocol, Kerberized Internet Negotiation of Keys, Kerberos, business, computer, Computer network

Abstract

Authentication is one of the biggest issues concerning information security in the context of distributed environments. Various protocols are used for the authentication purpose such as Needham-Schroeder, Kerberos protocol etc. The aim of this paper is to verify and formalize the Kerberos protocol using NuSMV model checker. The protocol version used in this paper is Kerberos version 4. The paper suggests CTL specifications for authentication, secrecy and integrity. We have also proposed an approach to identify presence of intruder in the system.

Published

2011

14. Distributed lightweight Kerberos protocol for Mobile Agent Systems

Author

Chan Yeob Yeun, Mohamed Jamal Zemerly, Mahmoud Al-Qutayri, and Hussam Al-Hamadi

Subjects

Otway–Rees protocol, computer.internet_protocol, business.industry, Computer science, Generic Security Service Algorithm for Secret Key Transaction, SPNEGO, NT LAN Manager, Authentication protocol, Kerberized Internet Negotiation of Keys, Mobile agent, Kerberos, business, computer, Computer network

Abstract

This paper focuses on an efficient technology for implementing a Mobile Agent System (MAS). The mobile agent is able to hold consumers' requests, migrates between platforms and executes its code autonomously. The agent is required to return results to its owner, so he or she can make the right decisions. Kerberos protocol is one of the best known authentication protocols based on symmetric key. Kerberos is a trusted third-party authentication protocol designed to establish network security. In this paper, we propose a new protocol that is based on enhancements modification of Kerberos and is suited to provide confidentiality, integrity, authentication and authorization. A security analysis of the new protocol is also provided.

Published

2011

15. An improved Kerberos protocol based on fast RSA algorithm

Author

Dahui Hu and Zhiguo Du

Subjects

computer.internet_protocol, business.industry, Computer science, Generic Security Service Algorithm for Secret Key Transaction, Public-key cryptography, NT LAN Manager, Authentication protocol, Key (cryptography), Kerberized Internet Negotiation of Keys, Kerberos, Challenge–response authentication, business, Algorithm, computer, Computer network

Abstract

Kerberos is a widely-adopted network authentication protocol, which provides secure authentication service based on the reliable third-party. By exploiting a shared key, Kerberos ensures the confidentiality and integrity for a session. Kerberos, an authentication protocol based on symmetric cryptography system, has some inherent security flaws, such as undeniability, difficulty in key exchange, inability to fulfill digital signature and authentication. After an analysis of its security flaws, the paper improves Kerberos by applying fast RSA algorithm, more specifically, using Montgomery algorithm to count modular exponentiation of large numbers, and adopting the Chinese Remainder Theorem when using private key to calculate fast RSA algorithm. Thus, the improved Kerberos is more efficient and secure in use. In addition, compared with the original one, the improved protocol has amelioration and improvement in more than one performance, including key storage, clock synchronization, password guess and non-repudiation of the notes. Consequently, its authentication process is safe, authentic and reliable.

Published

2010

16. On Authentication System Based on 802.1X Protocol in LAN

Author

Xiaoqing Zhang, Qiongfen Qian, and Chunlin Li

Subjects

Challenge-Handshake Authentication Protocol, Authentication, Otway–Rees protocol, business.industry, Network security, Computer science, Computer security, computer.software_genre, Wireless LAN controller, NT LAN Manager, Authentication protocol, Network Access Control, business, computer, Computer network

Abstract

Network security plays an important part in LAN system. The 802.1X protocol provides a port-based network access control to the LAN. In this paper, three cases of user name attacks against the 802.1X are given firstly. Then, the design flaws of 802.1X system are analyzed. At last, an improved authentication process is presented and how to prevent the user name attacks is discussed.

Published

2010

17. Modeling and verification of Extensible Authentication Protocol for Transport Layer Security in Wireless LAN Environment

Author

Manzur Ashraf, Md. Rezaul Karim, David M. W. Powers, and Humayra Binte Ali

Subjects

Authentication, Communication protocols, Transport Layer Security, Computer science, business.industry, Distributed computing, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Wireless LAN security, Cryptographic protocol, Wireless LAN controller, NT LAN Manager, Authentication protocol, Protected Extensible Authentication Protocol, Extensible Authentication Protocol, Communications protocol, business, Protocol Engineering, Computer network

Abstract

Today complex edge services are positioned on the Wireless LAN, different cryptographic protocols with complex as well as reactive communication models and event dependencies are increasingly being specified and adopted. To ensure that such protocols (and compositions thereof with existing protocols) do not result in unacceptable behaviors (e.g., deadlocks or live locks); a methodology is desirable for the automated checking of the “correctness” of these protocols. In this paper, we present ingredients of such a methodology. Specifically, we show how SPIN, a tool used for the formal systems verification purposes, can be used to verify as well as quickly identify problematic behaviors (if any) in core component of emergent Wireless LAN with non trivial communication authentication constructs - such as Extensible Authentication Protocol (EAP) for Transport layer Security (TLS). In our analysis, we identify essential elements, model and verify the EAP - TLS protocol using SPIN. It will evidently provide an insight into the scope and utility of formal methods based on state space exploration in testing larger and complex systems, for example, the complete Wireless LAN authentication suit.

Published

2010

18. Authentication for distributed systems

Author

Thomas Y. C. Woo and Simon S. Lam

Subjects

Challenge-Handshake Authentication Protocol, SSLIOP, General Computer Science, Computer science, computer.internet_protocol, Distributed computing, Generic Security Service Algorithm for Secret Key Transaction, Data_MISCELLANEOUS, Email authentication, Computer security, computer.software_genre, NTLMSSP, Distributed System Security Architecture, Generic Bootstrapping Architecture, Lightweight Extensible Authentication Protocol, Message authentication code, Data Authentication Algorithm, Authentication, business.industry, SPNEGO, Multi-factor authentication, Hash-based message authentication code, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, NT LAN Manager, Authentication protocol, Protected Extensible Authentication Protocol, Kerberos, Challenge–response authentication, business, computer, Computer network

Abstract

A number of protocols used to authenticate users, hosts and processes are described. The three main types of authentication in a distributed computing system-message content authentication, message origin authentication, and general identity authentication-are explained. Authentication exchanges are identified, and paradigms of authentication protocols are presented. Authentication protocol failures are addressed, and an authentication framework is provided. As case studies, two authentication services, Kerberos and SPX, are examined. >

Published

1992

19. Network authentication protocol based on McroPayment protocol

Author

Jiong Lv and Qunli Shen

Subjects

Challenge-Handshake Authentication Protocol, Otway–Rees protocol, SSLIOP, Internet Protocol Control Protocol, computer.internet_protocol, Computer science, Generic Security Service Algorithm for Secret Key Transaction, Hash function, Email authentication, Cryptography, NTLMSSP, Internet protocol suite, Lightweight Extensible Authentication Protocol, User Datagram Protocol, Message authentication code, Data Authentication Algorithm, Authentication, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, NT LAN Manager, Authentication protocol, Ticket, Protected Extensible Authentication Protocol, Wide Mouth Frog protocol, Kerberos, Challenge–response authentication, business, computer, Diameter, Computer network

Abstract

Millicent is a excellent micro payment protocol, its script is similar to the ticket of Kerberos protocol. So it can simplify Millicent protocol according to Kerberos protocol. It constructs a new authentication based on micro payment, absorbed Kerberos authentication idea. In the new authentication protocol, there are four symmetrical encryptions and two hashing functions, so authentication efficiency were highly improved. It can solve some simple ID authentication problem, such as intranet, and so on.

Published

2009

20. Improvements of authentication tests on detecting type flaw attacks

Author

Li Xiehua, Li Renfa, and Gao Chun-ming

Subjects

Challenge-Handshake Authentication Protocol, Authentication, Length extension attack, Otway–Rees protocol, Computer science, business.industry, computer.internet_protocol, Generic Security Service Algorithm for Secret Key Transaction, Cryptographic protocol, Computer security, computer.software_genre, NT LAN Manager, Symmetric-key algorithm, Three-pass protocol, IPsec, Authentication protocol, Lightweight Extensible Authentication Protocol, Message authentication code, Wide Mouth Frog protocol, Challenge–response authentication, Reflection attack, business, computer, Data Authentication Algorithm, Cryptographic nonce

Abstract

Authentication tests are widely used in formal analysis, design and automatic verification of security protocols. However, they are not sufficient in proving symmetric key protocols, and fail to detect potential attacks on Neuman-Stubblebine protocol. By analyzing the failure reasons of authentication tests, some of their deficiencies have been pointed out. In order to break through these limitations of analytic capability of the original authentication tests, the improved authentication tests (I-ATs) have been proposed. In the I-ATs, the notion of message type is introduced for detecting the possibility of certain replay and interleaving attacks. The proofs of Neuman-Stubblebine protocol and Kao-Chow authentication protocol show that the I-ATs can easily find the type flaw attack on the initial authentication of Neuman-Stubblebine protocol, and give precise proof for Kao-Chow protocol.

Published

2008

21. Improving kerberos security through the combined use of the timed authentication protocol and frequent key renewal

Author

Yoney Kirsal and Orhan Gemikonakli

Subjects

Challenge-Handshake Authentication Protocol, SSLIOP, Otway–Rees protocol, Network security, Computer science, computer.internet_protocol, Generic Security Service Algorithm for Secret Key Transaction, Email authentication, Cryptography, Computer security, computer.software_genre, NTLMSSP, Public-key cryptography, Generic Bootstrapping Architecture, Lightweight Extensible Authentication Protocol, Data Authentication Algorithm, Password, Authentication, business.industry, Authorization, Cryptographic protocol, Multi-factor authentication, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, NT LAN Manager, Authentication protocol, IPsec, Protected Extensible Authentication Protocol, Wide Mouth Frog protocol, Kerberos, Challenge–response authentication, Reflection attack, business, computer, Computer network

Abstract

Kerberos is a widely used computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. This paper presents an approach that involves a new authentication protocol that combines delaying the decryption with timed authentication by using passwords and session keys for authentication purposes, and frequent key renewal under secure conditions. The analysis and verification of authentication properties and results of the designed protocol are presented and discussed.

Published

2008

22. A New Hash-Based RFID Mutual Authentication Protocol Providing Enhanced User Privacy Protection

Author

Sangjin Kim, Jihwan Lim, and Heekuck Oh

Subjects

Challenge-Handshake Authentication Protocol, SSLIOP, Otway–Rees protocol, Port Control Protocol, computer.internet_protocol, Computer science, Hash function, Email authentication, Computer security, computer.software_genre, Forward secrecy, Lightweight Extensible Authentication Protocol, Radio-frequency identification, Data Authentication Algorithm, Authentication, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Mutual authentication, Chip Authentication Program, NT LAN Manager, IPsec, Authentication protocol, Protected Extensible Authentication Protocol, Wide Mouth Frog protocol, Reflection attack, Challenge–response authentication, business, computer, Computer network

Abstract

The recently proposed Radio Frequency Identification (RFID) authentication protocol based on a hashing function can be divided into two types according to the type of information used for authentication between a reader and a tag: either a value fixed or one updated dynamically in a tag. In this study we classify the RFID authentication protocol into a static ID-based and a dynamic-ID based protocol and then analyze their respective strengths and weaknesses and the previous protocols in the static/dynamic ID-based perspectives. Also, we define four security requirements that must be considered in designing the RFID authentication protocol including mutual authentication, confidentiality, indistinguishability and forward security. Based on these requirements, we suggest a secure and efficient mutual authentication protocol. The proposed protocol is a dynamic ID-based mutual authentication protocol designed to meet requirements of both indistinguishability and forward security by ensuring the unlinkability of tag responses among sessions. Thus, the protocol can provide more strengthened user privacy compared to previous protocols and recognizes a tag efficiently in terms of the operation quantity of tags and database.

Published

2008

23. Designing an Authentication Protocol via Authentication Test

Author

Mingtian Zhou and Jiafen Liu

Subjects

Challenge-Handshake Authentication Protocol, Otway–Rees protocol, Computer science, computer.internet_protocol, Generic Security Service Algorithm for Secret Key Transaction, Email authentication, Computer security, computer.software_genre, NTLMSSP, Generic Bootstrapping Architecture, Lightweight Extensible Authentication Protocol, Message authentication code, Data Authentication Algorithm, Authentication, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Information security, NT LAN Manager, IPsec, Authentication protocol, Protected Extensible Authentication Protocol, Wide Mouth Frog protocol, Challenge–response authentication, Reflection attack, business, computer, Computer network

Abstract

The proving process of protocol with authentication test suggests a design process of a proper authentication protocol. This paper inherits the idea of designing protocols via authentication test, and then describes the thought and procedure of designing protocols in terms of authentication test from protocol analyzing standpoint. We construct a new bilateral authentication and key negotiation protocol KNP under these rules. Bringing authentication test to protocol designing has opened up a new space in the application of authentication test, and this will contribute to understanding of protocol security attributes.

Published

2007

24. Introducing Windows Authentication

Author

Guido Grillenmeier and Jan De Clercq

Subjects

ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, NT LAN Manager, Internet Authentication Service, Computer science, Authentication protocol, Lightweight Extensible Authentication Protocol, Multi-factor authentication, Computer security, computer.software_genre, computer, NTLMSSP, Data Authentication Algorithm, Chip Authentication Program

Abstract

Publisher Summary The chapter focuses n Windows authentication, which is the most fundamental security service of the Windows operating system. The primary purpose of authentication is to prove and validate an entity's identity. The chapter begins with a discussion on general non-Windows specific authentication and authentication infrastructure terminology and explains the importance of qualifying authentication solutions. A terminology pertaining to the topic is also provided. The security quality of an authentication infrastructure largely depends on two factors: the authentication protocol and the authentication method. The quality of the authentication method mainly depends on the number of factors (or credentials) it considers when authenticating a user. Multifactor authentication methods authenticate a user based on multiple factors, for example, as in a smart card. A table showing some of the stronger and/or multifactor authentication solutions available for Windows is also presented. The chapter details the Windows authentication basics that include the protocols, authentication authorities, and Windows security principals. A Windows security principal is uniquely identified by its security identifier (SID). The authentication architecture for interactive and (local) and noninteractive (network) logon is also illustrated. A noninteractive logon can only occur after a successful interactive logon sequence. Unlike interactive logon, a noninteractive logon is invoked by an application—not by the Winlogon process. There are two new concepts of noninteractive logon: the security support provider interface (SSPI) and security support providers (SSPs). The chapter also discusses authentication in the machine startup and user logon sequences, logon rights, NT LAN Manager (NTLM)-based authentication, NTLM flavors, the concept of anonymous access, credential caching, limiting concurrent logon sessions, and general authentication troubleshooting.

Published

2007

25. An Effective Authentication Procedure Considering User Expiry Time During Handover

Author

H. Izumikawa, Keizo Sugiyama, and T. Matsunaka

Subjects

Challenge-Handshake Authentication Protocol, SSLIOP, computer.internet_protocol, Computer science, Generic Security Service Algorithm for Secret Key Transaction, Email authentication, NTLMSSP, Generic Bootstrapping Architecture, Lightweight Extensible Authentication Protocol, Message authentication code, Security level, Data Authentication Algorithm, Authentication, business.industry, Multi-factor authentication, Chip Authentication Program, NT LAN Manager, Network Access Control, IPsec, Authentication protocol, Protected Extensible Authentication Protocol, Extensible Authentication Protocol, Challenge–response authentication, business, computer, Computer network

Abstract

This paper describes an approach to authentication during handover. In order to reduce the authentication delay, information is shared between users and the targeted network using two hash-chains. Users who are likely to change networks are are assigned an expiration time. Therefore, in order to apply the new approach to a real environment, we propose `pre-auth' type in the Extensible Authentication Protocol(EAP) authentication process to utilize the authentication information. The new approach offers a solution that reduces the authentication delay without reducing the security level of the system.

Published

2006

26. Implementation and Performance Evaluation of EAP-TLS-KS

Author

Susanne Wetzel, Jared Cordasco, and Ulrike Meyer

Subjects

Challenge-Handshake Authentication Protocol, Authentication, NT LAN Manager, Computer science, business.industry, Network Access Control, Authentication protocol, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Lightweight Extensible Authentication Protocol, Protected Extensible Authentication Protocol, Roaming, business, Computer network

Abstract

In this paper we analyze the performance of authentication protocols for roaming in 802.11i-protected WLANs. In particular, we compare the recently introduced EAP-TLS-KS protocol to standard configurations in EAP-TLS. Roaming configurations for EAP-TLS are such that all traffic is forwarded to the home network leaving the foreign network no control over the authentication. Alternatively, the foreign network handles authentication on its own, and the home network relinquishes control. In contrast, EAP-TLS-KS involves both networks and gives each of them control over the authentication. In addition to performance evaluations, we discuss how to implement EAP-TLS-KS, what difficulties one may encounter, and how they can be solved.

Published

2006

27. Authentication Components: Engineering Experiences and Guidelines

Author

Jari Arkko and Pasi Eronen

Subjects

Challenge-Handshake Authentication Protocol, NT LAN Manager, computer.internet_protocol, Computer science, Authentication protocol, Generic Security Service Algorithm for Secret Key Transaction, Lightweight Extensible Authentication Protocol, Protected Extensible Authentication Protocol, Kerberos, Extensible Authentication Protocol, Computer security, computer.software_genre, computer

Abstract

Security protocols typically employ an authentication phase followed by a protected data exchange. In some cases, such TLS, these two phases are tightly integrated, while in other cases, such as EAP (Extensible Authentication Protocol) and Kerberos, they are separate and often implemented in different endpoints. However, careless application of this separation has lead to several vulnerabilities. In this paper we discuss reasons why this separation is often useful, what mistakes have been made, and what these mistakes have in common. We then describe some approaches how these problems could be avoided, especially focusing on EAP in wireless LANs. We also present some engineering observations that should be taken into account when designing reusable authentication components in the future.

Published

2006

28. Security Analysis on Chinese Wireless LAN Standard and Its Solution

Author

Fan Zhang and Jianfeng Ma

Subjects

Information privacy, business.industry, Computer science, Key distribution, Cryptography, Computer security, computer.software_genre, WLAN Authentication and Privacy Infrastructure, Public-key cryptography, NT LAN Manager, Security association, Forward secrecy, Authentication protocol, IEEE 802.11i-2004, Network Access Control, Message authentication code, IEEE 802.11e-2005, Pre-shared key, Challenge–response authentication, IEEE 802.1X, business, computer, AKA, Computer network

Abstract

China has established its national standard for Wireless LAN, called GB15629.11-2003, in which, WLAN Authentication and Privacy Infrastructure (WAP1) was proposed. However, WAP1 can be proved insecure with the Canetti-Krawczyk model. Further analysis shows that in the standard there are also other vulnerabilities, such as inability to provide identity protection and resist key consistency attack, lack of private key verification and desirable security attributes like perfect forward secrecy, key control, etc. Therefore, a new protocol is proposed to fix the security problems of WAP1, especially those in the authentication and key agreement procedure. This protocol is designed and analyzed with a modular methodology and proved secure with the Canetti-Krawczyk model, thus it can guarantee the desirable security attributes. In addition, the presented protocol has a better performance than WAP1 in computational overhead and can also be applied to IEEE 802.11i as an authenticated key agreement protocol.

Published

2005

29. Analyzing GetFileVersion and MySQL Passwordless Test

Author

Noam Rathaus, Brian Caswell, Gilbert Ramirez, Neil Archibald, Renaud Deraison, and Josh Burke

Subjects

Authentication, Computer science, business.industry, media_common.quotation_subject, Computer security, computer.software_genre, File format, NT LAN Manager, Server, Header, Code (cryptography), Function (engineering), Software engineering, business, Protocol (object-oriented programming), computer, media_common

Abstract

NT LAN Manager (NTLM) authentication is a widely used type of authentication mechanism, and until now, Nessus has lacked the support necessary to test the Websites that use NTLM authentication for their protection. This chapter underlines the steps that must be taken so that Nessus can incorporate support for NTLM. The chapter explains the way NTLM-based authentication works, describes the way to write an NTLM testing NASL, discusses where changes to Nessus are needed to support Nessus-wide NTLM authentication, and illustrates how everything is glued together. The chapter also focuses on the way the MySQL test can be improved to work better with different versions of MySQL servers. The chapter provides an in-depth analysis of Windows's PE header file structure and explains the way the GetFileVersion function can be improved to better utilize this structure to produce less network overhead when trying to determine a remote file's version. The chapter explains the way to improve the three mechanisms provided by the Nessus environment. Each of these mechanisms can be improved without harming or modifying large sections of the Nessus code base. Moreover, each of these mechanisms can be improved by better implementing the protocol that the Nessus functionality tried to implement.

Published

2005

30. Provably secure entity authentication the three party case

Author

Ali M. Allam, I. I. Ibrahim, A.E.H. Elsawy, and Ihab A. Ali

Subjects

Challenge-Handshake Authentication Protocol, SSLIOP, Otway–Rees protocol, computer.internet_protocol, Computer science, Generic Security Service Algorithm for Secret Key Transaction, Cryptography, Computer security, computer.software_genre, NTLMSSP, Universal composability, Lightweight Extensible Authentication Protocol, Message authentication code, Data Authentication Algorithm, Authentication, Cryptographic primitive, business.industry, Cryptographic protocol, Hash-based message authentication code, NT LAN Manager, Authentication protocol, Network Access Control, IPsec, Protected Extensible Authentication Protocol, Kerberos, Wide Mouth Frog protocol, Challenge–response authentication, business, computer, Computer network, Cryptographic nonce

Abstract

In an open network-computing environment, a workstation cannot be trusted to identify its users correctly to network services. Authentication protocols provide an approach for the receiver of a message to ascertain its origin and to verify the identity of the sender in a distributed environment. However, most of the protocols have suffered from several kinds of attacks. Therefore, it is necessary to verify authentication protocols deliberately with such attacks as a basis. This work presents a new cryptographic protocol for an open network-computing environment. It describes the weaknesses and limitations in Kerberos protocol and shows how the new protocol overcomes these weaknesses and limitations. We also demonstrate how the new protocol provides an additional service, privacy, beside the authentication service in less number of messages than the previous authentication protocols.

Published

2004

31. A secure public wireless LAN access technique that supports walk-up users

Author

H. Luo and P. Henry

Subjects

Challenge-Handshake Authentication Protocol, Wi-Fi array, Computer access control, Computer science, Email authentication, Shared secret, Computer security, computer.software_genre, Encryption, Authentication server, Wireless LAN controller, NTLMSSP, Public-key cryptography, Generic Bootstrapping Architecture, Lightweight Extensible Authentication Protocol, Message authentication code, Data Authentication Algorithm, Password, Authentication, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Authorization, Mutual authentication, Multi-factor authentication, Chip Authentication Program, NT LAN Manager, Network Access Control, Authentication protocol, Protected Extensible Authentication Protocol, Challenge–response authentication, business, computer, Computer network

Abstract

Next-generation wireless LAN security techniques will be based on 802.1x and 802.11i/WPA standards, which mandate mutual authentication and air traffic encryption using per-user per-session keys. These requirements seem to be incompatible with supporting walk-up users (first-time users or one-time users), an important business strategy for public wireless LAN operators. This is because mutual authentication often requires a user to share a secret with an authentication server, but a walk-up user does not have a shared secret established in the public wireless LAN operator's authentication database yet. This paper proposes a secure public wireless LAN access technique to solve the above problem. It supports mutual authentication and air traffic encryption using per-user per-session keys for both registered users and walk-up users. Its authentication process consists of 802.1x/PEAP authentication and browser-based authentication. A registered user passing the 802.1x/PEAP authentication will skip the browser-based authentication. A walk-up user can pass the 802.1x/PEAP authentication using a wild-card username and password, but must then go through the browser-based authentication by either subscribing the public wireless LAN service or paying for it online. As soon as the 802.1x/PEAP authentication is passed, a per-user per-session key is generated and is used to encrypt the user's air traffic based on 802.11i/WPA The system architecture of a public wireless LAN employing this technique is also described.

Published

2004

32. Security algorithms in wireless LAN: proprietary or nonproprietary

Author

A. Bakirdan, I.K. Jalozie, and Jihad Qaddour

Subjects

Authentication, Computer science, business.industry, Cryptography, Computer security, computer.software_genre, Encryption, NT LAN Manager, Certified Wireless Network Administrator, Network Access Control, Authentication protocol, Lightweight Extensible Authentication Protocol, Wireless lan, Message authentication code, IEEE 802.11e-2005, Challenge–response authentication, business, Key management, computer, Data Authentication Algorithm, Computer network

Abstract

Wireless LANs in business and for personal use are becoming common. However, many issues are impeding further adoption of the technology by end-users, in particular the inability or difficulty in providing adequate security between the networks and users. The two issues limiting wider acceptance are Authentication and Encryption. The IEEE 802.1x standard provides a framework for authentication of LAN users, while at the same time providing a base for sophisticated key management procedures. This paper aims to document these issues by comparing proprietary and nonproprietary Authentication and Encryption measures and listing the advantages and disadvantages of each type.

Published

2004

33. Secure wireless LAN service at a COOP cafeteria

Author

Michio Nakanishi and Hideo Masuda

Subjects

Challenge-Handshake Authentication Protocol, Wi-Fi array, Inter-Access Point Protocol, Transparent LAN Service, business.industry, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Tunneling protocol, computer.software_genre, Wireless LAN controller, NT LAN Manager, Authentication protocol, Operating system, business, computer, Computer network

Abstract

This paper presents an integrated method to achieve authorized access for wireless LAN service in a COOP cafeteria. The key issues of our method are user authentication and user tracking. We adopt PPPoE (point-to-point protocol over Ethernet), PPTP (point-to-point tunneling protocol), and MPPE (Microsoft point-to-point encryption) for the user authentication and security, and implement IDENT mechanism for the user tracking. Moreover, we integrate transparent proxy service. Our system consists of inexpensive HUBs, ordinary wireless stations, a mid-class PC as PPPoE/PPTP server, and the account database system of the student computer lab, and is working successfully from the view point of performance both for LAN sockets and wireless LAN environment in our university. The evaluation with IEEE802.11b, which means 11M bps at maximum, showed the total performance of PPPoE with 128bit-MPPE is about 75% of the one without MPPE.

Published

2004

34. Introducing Windows Authentication

Author

Jan De Clercq

Subjects

ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Authentication, NT LAN Manager, Security service, Computer science, Authentication protocol, Identity (object-oriented programming), Strong authentication, Resource (Windows), Computer security, computer.software_genre, Credential, computer

Abstract

Publisher Summary This chapter focuses on the most fundamental security service of any operating system that is authentication. Before an entity is given access to a resource on a Windows system, the operating system must validate the entity's identity and check whether it can access that particular resource. The first process is known as authentication. The primary purpose of authentication is to prove and validate an entity's identity; it answers the question: to whom or what is the system talking? In order to authenticate, a user shares a set of “credentials” with the authentication authority. The authentication authority stores its copy of the credentials in a secured database. The chapter starts off with a general explanation of authentication infrastructure terminology. It also looks at the Windows authentication architecture and more detailed Windows authentication topics such as the NT LAN manager authentication protocol, the secondary logon feature, credential caching, and strong authentication options for Windows.

Published

2004

35. Management and Control Protocols

Author

Joy Rahman, Charles Pursell, and Juanita Ellis

Subjects

Structure of Management Information, Computer science, business.industry, Common Management Information Protocol, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Simple Network Management Protocol, Computer security, computer.software_genre, Application layer, Network management application, Network management, NT LAN Manager, business, computer, Network management station, Computer network

Abstract

This chapter describes management and control protocols. A typical network management system is called a manager/agent model and consists of a manager, a managed system of database of information, and the network protocol. The manager provides the interface between the human network manager and the devices being managed. The network management protocol provides a way for the manager, the managed objects, and their agents to communicate. To structure the communications process, the protocol defines specific messages, referred to as commands, responses, and notifications. The Simple Network Management Protocol (SNMP) is based on the manager/agent model, and its primary purpose is to allow the manager and the agents to communicate. This protocol provides the structure for commands from the manager, notifies the manager of significant events from the agent, and responds to either the manager or agent. An SNMP context is a collection of management information accessible by an SNMP entity. SNMP has a very straightforward architecture. The manager/agent applications reside at the Application Layer and below the Application Layer is the Presentation Layer. Policy-Based Network Management (PBNM), which automates the control of the network infrastructure by storing policies on and distributing policies from servers, is also elaborated.

Published

2003

36. Strong User Authentication in IEEE802.11 Wireless LAN

Author

Jae-Cheol Ryou and Jong-Hu Lee

Subjects

Challenge-Handshake Authentication Protocol, Wi-Fi array, Computer science, Email authentication, Authentication server, Computer security, computer.software_genre, Wireless LAN controller, Generic Bootstrapping Architecture, Lightweight Extensible Authentication Protocol, Wireless lan, Data Authentication Algorithm, Authentication, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Mutual authentication, Multi-factor authentication, Chip Authentication Program, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, NT LAN Manager, Authentication protocol, Network Access Control, Extensible Authentication Protocol, Challenge–response authentication, business, computer, Computer network

Abstract

The authentication of the existing wireless LAN standard IEEE802.11b is not user authentication but it is device authentication also this have many vulnerabilities. As a result to complement the weak of IEEE802.11b authentication, the IEEE802.1x had developed in the sense of providing strong user authentication with appropriate mechanism. But this new mechanism do not perform AP (Access Point) authentication and there are also some weak points. For that reason in this paper we propose strong user authentication mechanism in IEEE802.11 wireless LAN environment. This mechanism is based on existing 802.1x and through TLS the user authentication is performed in all of wireless LAN components.

Published

2003

37. Design of an integrated services LAN architecture

Author

D. Jacobson, S. Gaitonde, and R. Ahuja

Subjects

Integrated services, Computer science, Transparent LAN Service, computer.internet_protocol, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Local area network, Wireless LAN controller, NT LAN Manager, Internet protocol suite, End system, business, Token ring, computer, Computer network

Abstract

The focus of this work is on the design of a protocol to provide for the transfer of heterogeneous traffic comprising real time voice, data and video on a token ring local area network (LAN). The rationale behind an integrated services LAN, the related protocol engineering design issues, and the hardware and software design of an end system on the LAN which employs the protocol are detailed. The protocol and the end system are implemented using low-cost off the-shelf components. >

Published

2002

38. Distributed remote LAN administration tool for Windows NT and 2000-based LANs: preliminary work

Author

J. Hamann, S. Muknahallipatna, and J.J. Kane

Subjects

Unix, Windows NT, Network Access Protection, Windows Vista, Computer science, business.industry, Windows CE, Server Message Block, computer.software_genre, NT LAN Manager, Internet Authentication Service, Remote administration, Next-Generation Secure Computing Base, Microsoft Windows, Operating system, Group Policy, Desktop Window Manager, business, computer, Computer network

Abstract

In recent years, a large number of businesses and universities have installed local area networks (LAN) based on the Windows NT domain model as their primary computing environment. The system administrators of these new computing environments are finding that the simple remote administration capabilities available in UNIX based LAN are not available. The Windows NT operating system, out of the box, does not provide a simple solution to perform remote administration. The remote administration can be achieved, if an administrator has the expertise in writing Windows scripts using the Windows Resource Kit or writing commands in the Perl language. The majority of current system administrators do not have time to acquire such knowledge. In this paper, we present the preliminary work done in developing a distributed remote LAN administration tool for Windows NT and 2000 based LAN developed for the system administrators at the University of Wyoming. The distributed remote administration tool is being developed with an object-oriented architecture and a graphical user interface.

Published

2002

39. Enterprise Security Scenarios

Author

Charles Carrington, Timothy Speed, Juanita Ellis, and Steffano Korper

Subjects

Engineering, Windows NT, business.industry, Server Message Block, Directory, Computer security, computer.software_genre, World Wide Web, NT LAN Manager, Internet Authentication Service, Lightweight Directory Access Protocol, Directory service, Group Policy, business, computer

Abstract

As soon as a new technology is discovered, the hackers invent a mechanism to expose it. Lightweight Directory Access Protocol (LDAP) based directories, if not implemented properly, provide malicious hackers with a boatload of potentially sensitive information. The most difficult phase of a directory service implementation is the design stage. Critical choices made during this stage remain with the organization for a long time. Poor implementation can also lead to default settings and security exposures. This chapter discusses the LDAP as a solution to this problem of security. It considers a scenario where it is needed to expose part of the directory within the DMZ for the corporate enterprise. Another situation is considered in which there are several different authentication mechanisms such as web services (Web pages), instant messaging servers, specialized accounting or ERP system, and Groupware and messaging services. Each system manages the authentication and the binding process by using its own internal processes. This chapter further discusses Microsoft Windows NT 4.0, which offers some solutions to managing logins into various subsystems. The Windows NT Challenge/ Response is one of those solutions. A Windows NT authentication process, Challenge/ Response can occur when a user or service tries to access any resource stored on another Windows NT machine across a network.

Published

2002

40. Distributed security services in Microsoft Windows NT 5.0 — Kerberos and the active directory

Author

Glenn D. Pittaway

Subjects

Computer Networks and Communications, Computer science, Generic Security Service Algorithm for Secret Key Transaction, Distributed Component Object Model, Server Message Block, computer.software_genre, AuthIP, World Wide Web, NT LAN Manager, Internet Authentication Service, Windows Server, Lightweight Directory Access Protocol, Operating system, LAN Manager, Group Policy, Safety, Risk, Reliability and Quality, computer, Software

Abstract

With the introduction of the Active Directory and the implementation of support for industry standard user authentication protocols such as Kerberos Windows NT version 5.0 promises to offers a scaleable security solution for the enterprise desktop and server environment. In this article we focus on these two major changes to the NT operating system.

Published

1999

41. Extensible authentication protocol (EAP) and IEEE 802.1x: tutorial and empirical experience

Author

Yu-Ping Wang and Jyh-Cheng Chen

Subjects

Challenge-Handshake Authentication Protocol, Authentication, Computer Networks and Communications, business.industry, Computer science, Inter-Access Point Protocol, Wireless LAN controller, Computer Science Applications, Supplicant, NT LAN Manager, Authentication protocol, Lightweight Extensible Authentication Protocol, Wireless lan, Protected Extensible Authentication Protocol, IEEE 802.11e-2005, Electrical and Electronic Engineering, Extensible Authentication Protocol, IEEE 802.1X, business, Computer network, IEEE 802.11s, IEEE 802.11r-2008

Abstract

This article presents the technical details of the Extensible Authentication Protocol (EAP) and IEEE 802.1x by using WIRE1x, an open-source implementation of IEEE 802.1x client (supplicant) and various EAP-based authentication mechanisms. By using a real implementation, 802.1x and EAP should be easily understood.

Published

2005

42. Vendors push wireless LAN security

Author

L.D. Paulson

Subjects

Wi-Fi array, General Computer Science, Computer science, Wireless WAN, Computer security, computer.software_genre, Wireless LAN controller, law.invention, NT LAN Manager, law, Certified Wireless Network Administrator, Network Access Control, Wi-Fi, Fixed wireless, computer

Published

2003

43. LAN management in an IBM framework

Author

R.D. Martin and M. Willett

Subjects

IBM PC Network, Computer Networks and Communications, Computer science, Transparent LAN Service, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Local area network, computer.software_genre, Wireless LAN controller, Network management, NT LAN Manager, Hardware and Architecture, Operating system, LAN Manager, IBM, business, computer, Software, Information Systems, Computer network

Abstract

The IBM framework for network management consists of entry points and service points reporting to a focal point on the behalf of targets, such as the collection of devices connected to a LAN. The NetView Program provides the focal-point function; the NetView/PC Program provides the service-point function. The LAN Manager provides the LAN-specific application operating at the service point, providing a local operator interface for LAN management as well as management-related communication with the focal point. LAN gateways provide entry-point function, reporting to the focal point. The LAN Manager capitalizes on the monitoring and reporting protocols that are inherent in the LAN architecture to provide enhanced management control; it is the common service-point application for both the IBM Token-Ring Network and the IBM PC Network. This management structure provides end-to-end network management through high visibility of the entire network. >

Published

1988

44. Pre-authenticated signaling in wireless LANs using 802.1X access control

Author

Artur Hecker and Houda Labiod

Subjects

Challenge-Handshake Authentication Protocol, Wi-Fi array, Computer access control, Computer science, Access control, Wireless LAN controller, law.invention, Cracking of wireless networks, Distributed System Security Architecture, law, Wireless lan, Lightweight Extensible Authentication Protocol, Message authentication code, Wi-Fi, Authentication, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, CAPWAP, Signaling protocol, Wireless Transport Layer Security, NT LAN Manager, Authentication protocol, Network Access Control, Protected Extensible Authentication Protocol, Extensible Authentication Protocol, business, Computer network

Abstract

In this paper, we propose a generalization of the 802.1X architecture using an extensible authentication protocol (EAP) for more general signaling data transport purposes. We develop EAP/SIG, an effective and easy-to-implement generic signaling protocol for future wireless LANs. We discuss the advantages of this approach and show how it can be implemented.