Talk:Mutual authentication

Latest comment: 1 year ago by Individualiste in topic mTLS

Wiki Education Foundation-supported course assignment

edit

  This article was the subject of a Wiki Education Foundation-supported course assignment, between 19 September 2020 and 19 December 2020. Further details are available on the course page. Student editor(s): Madssnake. Peer reviewers: Jameswang323, Exploredragon, Plusoneplusone, Showtime oski, Hiiisparks, SpongebobSquarepants25, Lolabaylo, HanMiKC, Nicholas100000.

Above undated message substituted from Template:Dashboard.wikiedu.org assignment by PrimeBOT (talk) 01:19, 18 January 2022 (UTC)Reply

MITM attack

edit

There was a sentence saying "This creates an opening for a man-in-the-middle attack, in particular for online banking. " (talking about the lack of usage of client-certificates with SSL/TLS). This isn't correct. This creates at best an opening for impersonation, should someone get hold of the password (if this authentication method is used instead). — Preceding unsigned comment added by BrunoHarbulot (talkcontribs) 13:09, 28 October 2011 (UTC)Reply

DEPROD

edit

The article is poor but as 'mutual authentication' term mentioned in Oracle J2EE 6 & 7 tutorials this should be improved not deleted. As per PROD nominator Watch for use of external links being used for promotion. As Oracle currently seems to have stewardship of the language Java the use of the link into its J2EE 6 tutorial is not particularly promotional. At the time of this deprod the article is poor, and perhaps Two-way authentication is the more common term and perhaps should be the primary article. In fact off the top of my head two-way authentication perhaps might just fall into be mid importance. Wish I could re-wrtie this off the top of my head.Djm-leighpark (talk) 11:12, 3 June 2018 (UTC)Reply

References

edit

Gathering some potential references here. We need to be quite careful as this article has been around for some while and some sites will have duplicated wikipedia content. Mutual Authentication over TLS will likely form a section of the article at some point.Djm-leighpark (talk) 21:26, 3 June 2018 (UTC)Reply

TLS Mutual Authentication

edit

Djm-leighpark (talk) 21:26, 3 June 2018 (UTC)Reply

mTLS

edit

The acronym "mTLS" needs a reference. Otherwise, I think it should be removed. It's not used in any RFC or other standard that I know about. --Viktor Söderqvist (talk) 12:10, 1 June 2020 (UTC)Reply

mTLS is used in Dapr and spiffe. ★NealMcB★ (talk) 14:57, 20 February 2021 (UTC)Reply
I think the section should not be called mTLS. Mutual authentication has existed in SSL/TLS at least since Netscape designed SSL 2 in the mid 1990's and it was never called "mTLS" until recently. This has been called client certificate authentication or mutual authentication in the specification documents and in the RFC and this is also how it was called within the industry.
This being said, I also think it makes sense to point out the fact that some vendors have been calling this feature mTLS since around 2020.
~~ Individualiste (talk) 20:51, 18 April 2023 (UTC)Reply

Mutual Authentication Privacy Project

edit

Hi everyone! I am part of a Wiki education project that aims to fill privacy content gaps (see last yellow box above this talk page's contents), and I will be updating and adding a privacy section to this stub page. Here is my bibliography, and if anyone has any feedback or wants to suggest peer-reviewed article sources for me to use, please reply! I am new learner for this subject, so general articles are best.

Bibiography (in the article reflist now):
edit
  1. Amin, Ruhul, Sk Hafizul Islam, Pandi Vijayakumar, Muhammad Khurram Khan, and Victor Chang. 2017. “A Robust and Efficient Bilinear Pairing Based Mutual Authentication and Session Key Verification over Insecure Communication.” Multimedia Tools and Applications 77(9):11041–66.
  2. Anandhi, S., R. Anitha, and Venkatasamy Sureshkumar. 2020. “An Authentication Protocol to Track an Object with Multiple RFID Tags Using Cloud Computing Environment.” Wireless Personal Communications 113(4):2339–61.
  3. Chen, Chi-Tung, Cheng-Chi Lee, and Iuon-Chang Lin. 2020. “Efficient and Secure Three-Party Mutual Authentication Key Agreement Protocol for WSNs in IoT Environments.” Plos One 15(4).
  4. Chen, Chin-Ling, Mao-Lun Chiang, Hui-Ching Hsieh, Ching-Cheng Liu, and Yong-Yuan Deng. 2020. “A Lightweight Mutual Authentication with Wearable Device in Location-Based Mobile Edge Computing.” Wireless Personal Communications 113(1):575–98.
  5. Chen, Liquan, Sijie Qian, Ming Lim, and Shihui Wang. 2018. “An Enhanced Direct Anonymous Attestation Scheme with Mutual Authentication for Network-Connected UAV Communication Systems.” China Communications 15(5):61–76.
  6. Chen, Yulei and Jianhua Chen. 2020. “A Secure Three-Factor-Based Authentication with Key Agreement Protocol for e-Health Clouds.” The Journal of Supercomputing: An International Journal of High-Performance Computer Design, Analysis, and Use 1–22.
  7. Choudhary, Karanjeet, Gurjot Singh Gaba, Ismail Butun, and Pardeep Kumar. 2020. “MAKE-IT—A Lightweight Mutual Authentication and Key Exchange Protocol for Industrial Internet of Things.” Sensors 20(18):5166.
  8. Dewanta, Favian and Masahiro Mambo. 2019. “A Mutual Authentication Scheme for Secure Fog Computing Service Handover in Vehicular Network Environment.” IEEE Access 7:103095–114.
  9. Guo, Fuchun, Yi Mu, Willy Susilo, and Vijay Varadharajan. 2017. “Privacy-Preserving Mutual Authentication in RFID with Designated Readers.” Wireless Personal Communications 96(3):4819–45.
  10. Hsu, Chien-Lung, Hsiao-Chen Liu, and Ming-Tzu Chou. 2007. “Remote Mutual Authentication Scheme with Key Agreement Using Smart Cards.” International Mathematical Forum 2:1381–97.
  11. Jan, Mian Ahmad, Fazlullah Khan, Muhammad Alam, and Muhammad Usman. 2019. “A Payload-Based Mutual Authentication Scheme for Internet of Things.” Future Generation Computer Systems 92:1028–39.
  12. Karuppiah, Marimuthu and R. Saravanan. 2015. “Cryptanalysis and an Improvement of New Remote Mutual Authentication Scheme Using Smart Cards.” Journal of Discrete Mathematical Sciences and Cryptography 18(5):623–49.
  13. Karuppiah, Marimuthu et al. 2018. “Secure Remote User Mutual Authentication Scheme with Key Agreement for Cloud Environment.” Mobile Networks and Applications 24(3):1046–62.
  14. Liu, Xiaoxue, Wenping Ma, and Hao Cao. 2019. “MBPA: A Medibchain-Based Privacy-Preserving Mutual Authentication in TMIS for Mobile Medical Cloud Architecture.” IEEE Access 7:149282–98.
  15. Liu, Xiaoxue, Wenping Ma, and Hao Cao. 2019. “NPMA: A Novel Privacy-Preserving Mutual Authentication in TMIS for Mobile Edge-Cloud Architecture.” Journal of Medical Systems 43(10).
  16. Lopes, Ana Paula G. and Paulo R. L. Gondim. 2020. “Mutual Authentication Protocol for D2D Communications in a Cloud-Based E-Health System.” Sensors 20(7):2072.
  17. Melki, Reem, Hassan N. Noura, and Ali Chehab. 2019. “Lightweight Multi-Factor Mutual Authentication Protocol for IoT Devices.” International Journal of Information Security 19(6):679–94.
  18. Narwal, Bhawna and Amar Kumar Mohapatra. 2020. “SEEMAKA: Secured Energy-Efficient Mutual Authentication and Key Agreement Scheme for Wireless Body Area Networks.” Wireless Personal Communications 113(4):1985–2008.
  19. Sahoo, Shreeya Swagatika, Sujata Mohanty, and Banshidhar Majhi. 2019. “Improved Biometric-Based Mutual Authentication and Key Agreement Scheme Using ECC.” Wireless Personal Communications 111(2):991–1017.
  20. Sasikaladevi, N. and D. Malathi. 2019. “Energy Efficient Lightweight Mutual Authentication Protocol (REAP) for MBAN Based on Genus-2 Hyper-Elliptic Curve.” Wireless Personal Communications 109(4):2471–88.
  21. Sharma, Mohit Kr and Manisha J. Nene. 2020. “Two‐Factor Authentication Using Biometric Based Quantum Operations.” Security and Privacy 3(3).

Best, Madssnake (talk) 03:12, 18 October 2020 (UTC)Reply

Lead update

edit

Hi, I updated the lead to reflect the current applications of mutual authentication with more emphasis on the IoT. Feel free to look at my sandbox for my full draft. I was not planning on including much about TLS, but feel free to revert back or let me know if I should research more into TLS and mTLS and include that in my article. Madssnake (talk) 06:32, 8 November 2020 (UTC)Reply

Article update

edit

I added my draft to the mainspace, with the following sections added:

  • Process steps and verification
  • Defenses
  • Lightweight schemes vs. secured schemes
  • Password-based schemes
    • Multi-factor authentication
  • Certificated based schemes and system applications
    • Radio networks
    • Cloud based computing
    • Machine to machine verification

I decided to fully remove information about TLS and related protocols because there were no sources to back it up, and mutual authentication is not a default in TLS. Feel free to add it back if you have sources to back it up, and make any other changes to the article that you see fit. Madssnake (talk) 23:28, 5 December 2020 (UTC)Reply

mTLS is increasing in importance (see e.g. Dapr), and IKE and SSH are also important to note (and hopefully properly discussed in their own pages), so I've added that back and expanded on it. They could all probably be better integrated. ★NealMcB★ (talk) 15:37, 20 February 2021 (UTC)Reply
Adding a mTLS section was a good idea. In the the various relating articles you mentioned, I don't believe the concept of mutual authentication is discussed, so it might be good to expand on that in this article. Not sure where to find sources on that though. Madssnake (talk) 20:25, 20 February 2021 (UTC)Reply