AAA and Network Security for Mobile Access: Radius, Diameter, EAP, PKI and IP Mobility
by Mahsa Nakhjiri, Madjid Nakhjiri
2.2. Classes of Authentication Mechanisms
In earlier sections, we provided a few well-known authentication mechanisms. Since authentication is a very old problem, the list of authentication mechanisms out there can be very long, especially when we consider that people customized many of those of mechanisms for a variety of deployment scenarios and security requirements. For that reason, instead of going on and providing more authentication examples, we provide a classification of authentication mechanisms that is the result of a survey conducted by IAB[V]. The IAB classified the authentication mechanisms into seven different classes, which covers almost all the authentication models "out there". In this classification, the following three fundamental criteria are considered:
Authentication based on something the authenticating party has, such as a physical hardware token or a card.
Authentication based on something the authenticating party knows, such as a secret or a password.
Authentication based on something the authenticating party is, such as a physical characteristic of the link it is attached to.
The seven classes of authentication mechanisms are as follows:
Passwords in the clear: This is the oldest and simplest user authentication method, by which the user supplies a (user name, password) pair along with its authentication request or network access request to the network. The request is processed by a server, which looks up the password in a password file using the user ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access