Handshake procedure, About the technologies of the...

Handshake Procedure

In order to authenticate users, the handshake procedure (Handshaking, acknowledgment), built on the "question-answer" principle, is widely used. It assumes that the right answers to questions are given only by those users for whom these questions are intended. To authenticate the user, the system successively assigns to him a number of randomly selected questions to which he must respond. Recognition is considered positive if the user has correctly answered all questions.

In the handshake procedure, a one-way functional transformation can be used in the form of a random, user-specific function F (X). The user also needs to calculate the function given for him F * (X) and enter the value into the system. The values ​​of F (X) and F * (X) are compared by the system, and if they match, the user gets access. To increase security, the function of handshakes should be changed at regular intervals. It is important that this method does not transmit any confidential information to the user and the system.

About Secure Channel Technologies

Such technologies are widely used in virtual private networks, which require additional measures to protect the transmitted information. The requirement of confidentiality is especially important, because packets transmitted over a public network are vulnerable to interception when passing through each of the nodes (servers) on the way from source to destination. Secure channel technology includes three main components [20]: mutual authentication of subscribers when establishing a connection; protection of messages transmitted through the channel from unauthorized access; confirmation of the integrity of messages arriving on the channel.

The network protocols provide different technologies for a secure channel. For example, the new version of the IP protocol provides for all three components of the technology at the network level, and the PPTP tunneling protocol protects the data at the link layer.

Depending on the location of the protected channel software, there are two schemes of its formation [20].

Scheme with end nodes (Figure 12.2, a). In this scheme, the protected channel is generated by software installed on two remote computers . Computers belong to two different local networks of the same organization and are connected through a public network. The advantage of this scheme is full channel security along the entire path and the possibility of using any protocols for creating secure channels, if only the same protocol is supported at the end points of the channel. The disadvantages are as follows. Vulnerable to attackers are usually packet-switched networks, rather than telephone network channels or dedicated channels through which local networks are connected to a territorial network. Therefore, protection of access channels to the public network can be considered redundant. To provide secure channel services on each computer, it is required to install and configure separately

Methods of creating a secure channel: with the end nodes interacting through the final network (a), with protection between the border access devices (0)/p></p>
<p> <i> Fig. 12.2. </I> <strong> Methods for creating a secure channel: with the end nodes interacting through the final network (a); with protection between border access devices for access control (</strong> <i> <strong> b) </strong> </i> </p>

<p> and administer software protection tools. Connecting each new computer to a secure channel requires performing these time-consuming works again. </p>

<p> <i> <strong> The scheme with the equipment of the service provider </strong> </i> of the public network, located on the border between the private and public networks (see Figure 12.2, <i> b). </i> In this scheme, a protected channel is routed only within a public packet-switched network, i. E. clients and servers are not involved in creating a secure channel. The channel can be routed between the remote access server of the service provider of the public network and the edge router of the corporate network. In this case, the channel is managed centrally by the administrator of the corporate network and the administrator of the network of the service provider. This approach makes it easy to form new secure communication channels between computers regardless of their location, since the software of the end nodes remains unchanged. The implementation of this scheme is more complicated - we need a standard protocol for the formation of a protected channel; It requires installation of software that supports such a protocol for all service providers; it is necessary to support the protocol by the manufacturers of border communication equipment. In addition, access channels to the public network are not protected and the service consumer is completely dependent on the reliability of the service provider. Nevertheless, experts predict that it is the second scheme in the near future that will become the main one in the construction of protected channels [20]. </p>

thematic pictures

Also We Can Offer!

Other services that we offer

If you don’t see the necessary subject, paper type, or topic in our list of available services and examples, don’t worry! We have a number of other academic disciplines to suit the needs of anyone who visits this website looking for help.

How to ...

We made your life easier with putting together a big number of articles and guidelines on how to plan and write different types of assignments (Essay, Research Paper, Dissertation etc)