Active TopicsActive Topics  Display List of Forum MembersMemberlist  CalendarCalendar  Search The ForumSearch  HelpHelp
  RegisterRegister  LoginLogin


 One Stop Testing ForumTypes Of Software Testing @ OneStopTestingFunctional Testing @ OneStopTesting

Message Icon Topic: Mutual Authentication

Post Reply Post New Topic
Author Message
surabhi
Newbie
Newbie


Joined: 03Apr2007
Online Status: Offline
Posts: 1
Quote surabhi Replybullet Topic: Mutual Authentication
    Posted: 03Apr2007 at 11:46pm
What is Mutual authentication?

Def#1:
The process of two principals proving their identities to each other.

Def#2:
Mutual authentication or two-way authentication refers to two parties authenticating each other suitably. In technology terms, it refers to a client or user authenticating themselves to a server and that server authenticating itself to the user in such a way that both parties are assured of the others' identity.

Typically, this is done for a client process and a server process without user interaction.

Mutual SSL provides the same things as SSL, with the addition of authentication and non-repudiation of the client, using digital signatures. However, due to issues with complexity, cost, logistics, and effectiveness, most web applications are designed so they do not require client-side certificates. This creates an opening for a man-in-the-middle attack, in particular for online banking.

As the Financial Services Technology Consortium put it in its January 2005 report, "Better institution-to-customer authentication would prevent attackers from successfully impersonating financial institutions to steal customers' account credentials; and better customer-to-institution authentication would prevent attackers from successfully impersonating customers to financial institutions in order to perpetrate fraud."

Def#3:
Mutual authentication is when two parties both require proofs of identity before conducting business. In an e-Commerce transaction, for example, both the client browser and the web site would prove identity to the other party when the browser connects.

In the current secure Internet environment, using SSL, it’s common for only the web server to present a certificate that binds its identity to the conversation. When everything works properly, this is handled between the browser and the server, transparent to the browser user. When there are problems, naive users may go past error messages and work in an insecure web environment. Mutual authentication would provide more controls, including authentication of the browser client to the server.

Mutual authentication will not only prevent hijacking and man-in-the-middle attacks but may also prevent phishing attempts from being successful, and other forms of Internet fraud.




Post Resume: Click here to Upload your Resume & Apply for Jobs

IP IP Logged
Post Reply Post New Topic
Printable version Printable version

Forum Jump
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum



This page was generated in 0.125 seconds.
Vyom is an ISO 9001:2000 Certified Organization

© Vyom Technosoft Pvt. Ltd. All Rights Reserved.

Privacy Policy | Terms and Conditions
Job Interview Questions | Placement Papers | Free SMS | Freshers Jobs | MBA Forum | Learn SAP | Web Hosting