Message authentication is the verification of the identity of the messageÆs sender (Henry, 38). Authentication is part of the ôWeb of trustö in that it ensures that users are who they say they are and that only people authorized to perform functions in a system are permitted to do so (ôAuthenticationö). The types of attacks that are addressed by message authentication are those that involve unauthorized people attempting to access information that they are not authorized to access. For example, a bank customer who attempts to access another customerÆs account from his home computer is trespassing on that customerÆs private financial territory and has no right look at the data.
Authentication is often accomplished via encryption, which enciphers a digital message ùchanges it from plain text to cipher textùso that only the intended recipient can read it (Henry, 38). In private key cryptography, the sender and the receiver both use the same key; in public key cryptography, two different keys are usedùone public, one private (Henry, 38).
Unsound security practices in software systems include lack of password protection or passwords that can be easily figured out; lack of virus, spam, and privacy protection; putting secure data on a nonsecure server; and using systems with a single point of failure (Curtin).
Common vulnerabilities in cryptographic protocols include encrypyting with a breakable key and incorporating cryptographic algorithms that have errors in them; in either case, the key can be broken and the message can be intercepted by someone who is not authorized to read it.
Authentication. Wikipedia. Retrieved on February 27, 2006 from: http://en.wikipedia.org/wiki/Authenticate
Curtin, M. (1997). Introduction to Network Security. Retrieved on February 27, 2006 from: http://www.interhack.net/pubs/network-security/
Henry, S.E. (1997). ôMessage Authentication.ö Sun Expert Ma
...