AUTHENTICATION REQUIREMENTS

While communicating across a network, following attacks can be identified:

• Disclosure: Release of message content to any person or process not poccessing the appropriate cryptographic key.

• Traffic analysis: Discovery of the pattern of traffic between parties. In a connection-oriented application, the frequency and duration of connections could be determined. In either a connection-oriented or connection-less environment, the number and length of messages between parties could be determined. 

•  Masquerade: Insertion of messages into the network from a fraudulent source. This includes the creation of messages by an opponent that are purported to come from an authorized entity. Also included are fraudulent acknowledgments of message receipt or non-receipt by someone other than the message recipient.

• Content Modification: Changes to the contents of a message, including insertion, deletion, transposition, or modification. 

• Sequence modification: Any modification to a sequence of messages between parties, including insertion, deletion, and reordering. 

• Timing modification: Delay or replay of messages. In a connection-orientated application, an entire session or sequence of messages could be a replay of some previous valid session, or individual messages in the sequence could be delayed or replayed. 

• Repudiation: Denial of receipt of message by destination or denial of transmission of message by source.

Measures to deal with first two attacks are:

• Are in the realm of confidentiality, and are addressed with encryption.

Measures to deal with third to sixth attacks:

• Message authentication is a procedure to verify that received messages come from the alleged source and have not been altered. Message authentication may also verify sequencing and timeliness.

Measures to deal with  with seventh attack:

• A digital signature is an authentication technique that also includes measures to counter repudiation by either source or destination.