Topic: Mutual Authentication

Message

   What is Mutual authentication?

Def#1:

The process of two principals proving their identities to each other. 

Def#2:

Mutual authentication or two-way authentication refers
to two parties authenticating each other suitably. In technology terms,
it refers to a client or user authenticating themselves to a server and
that server authenticating itself to the user in such a way that both
parties are assured of the others' identity.

Typically, this is done for a client process and a server process without user interaction.

Mutual SSL provides the same things as SSL, with the addition of
authentication and non-repudiation of the client, using digital
signatures. However, due to issues with complexity, cost, logistics,
and effectiveness, most web applications are designed so they do not
require client-side certificates. This creates an opening for a
man-in-the-middle attack, in particular for online banking.

As the Financial Services Technology Consortium put it in its
January 2005 report, "Better institution-to-customer authentication
would prevent attackers from successfully impersonating financial
institutions to steal customers' account credentials; and better
customer-to-institution authentication would prevent attackers from
successfully impersonating customers to financial institutions in order
to perpetrate fraud."

Def#3:

Mutual authentication is when two parties both require proofs of
identity before conducting business. In an e-Commerce transaction, for
example, both the client browser and the web site would prove identity
to the other party when the browser connects.

In the current secure Internet environment, using SSL, it’s common
for only the web server to present a certificate that binds its
identity to the conversation. When everything works properly, this is
handled between the browser and the server, transparent to the browser
user. When there are problems, naive users may go past error messages
and work in an insecure web environment. Mutual authentication would
provide more controls, including authentication of the browser client
to the server.

Mutual authentication will not only prevent hijacking and
man-in-the-middle attacks but may also prevent phishing attempts from
being successful, and other forms of Internet fraud.

Author	Message
surabhi Newbie Joined: 03Apr2007 Online Status: Offline Posts: 1	Topic: Mutual Authentication Posted: 03Apr2007 at 11:46pm
	What is Mutual authentication? Def#1: The process of two principals proving their identities to each other. Def#2: Mutual authentication or two-way authentication refers to two parties authenticating each other suitably. In technology terms, it refers to a client or user authenticating themselves to a server and that server authenticating itself to the user in such a way that both parties are assured of the others' identity. Typically, this is done for a client process and a server process without user interaction. Mutual SSL provides the same things as SSL, with the addition of authentication and non-repudiation of the client, using digital signatures. However, due to issues with complexity, cost, logistics, and effectiveness, most web applications are designed so they do not require client-side certificates. This creates an opening for a man-in-the-middle attack, in particular for online banking. As the Financial Services Technology Consortium put it in its January 2005 report, "Better institution-to-customer authentication would prevent attackers from successfully impersonating financial institutions to steal customers' account credentials; and better customer-to-institution authentication would prevent attackers from successfully impersonating customers to financial institutions in order to perpetrate fraud." Def#3: Mutual authentication is when two parties both require proofs of identity before conducting business. In an e-Commerce transaction, for example, both the client browser and the web site would prove identity to the other party when the browser connects. In the current secure Internet environment, using SSL, it’s common for only the web server to present a certificate that binds its identity to the conversation. When everything works properly, this is handled between the browser and the server, transparent to the browser user. When there are problems, naive users may go past error messages and work in an insecure web environment. Mutual authentication would provide more controls, including authentication of the browser client to the server. Mutual authentication will not only prevent hijacking and man-in-the-middle attacks but may also prevent phishing attempts from being successful, and other forms of Internet fraud. Post Resume: Click here to Upload your Resume & Apply for Jobs

	IP Logged


One Stop Testing Forum : Types Of Software Testing @ OneStopTesting : Functional Testing @ OneStopTesting