CHAPTER III
REVIEW RESEARCH
1 Authentication
3.1.1 Definition of Authentication
Authentication is the process in order to validate users when entering the system, the name and
password of a user in check through a process that check directly to the list of those who are
granted the right to enter the system. This authorization is set up by administrators, webmasters or
site owners (or their supreme rights holder designated in the system. For this process to each user
will be given a check of the data such as names, passwords and other things that are not
coveredpossibilities such as hours of use, the permitted location.
On the Apache server there are several methods used in mengimplemtasikan authentication
mechanism. In principle, this mechanism is divided into two types, namely:
1. HTTP basic authentication
base64-encoding using a simple technique which is applied for a username and password before the
data is transferred to the server. This type of authentication used to restrict access to web pages
based on:
host name of the browser;
password entered by the user
2.Otentikasi basic password-based
if for the first time a user tries to access a protected directory, then he must first write down the
name and password into a form that appears in the form of pop-up window. If the user name and
password are allowed to access, then the browser has access to this directory for the remainder of a
browsing session.
3. Host-based basic authentication
Another basic type of authentication is based on the client host access restrictions. Host can be
either a domain name like f117.bopmber.org or IP address such as 172.20.172.10.
3.1.2 Authentication Function
There are two basic levels that can be used to implement the authentication mechanism or a digital
signature. First, by using certain functions that can generate value that can be worn as a mark of
authentication. Second, by using a specific authentication protocol. This function can be
categorized into three terms, namely:
1.Message encryption, the ciphertext of the message as the value for authentication.
2.Cryptographic checksum, a function of the input message and a key that will produce the specified
value is used for authentication.
3.Hash function, a function that will map the message to the specified value is used for
authentication.
3.1.2.1 Message encryption
Actual message encryption can also provide authentication functions. Analysis of message
authentication function is different between models of conventional encryption and public key
encryption model.
Conventional 1.Enkripsi
In conventional encryption, a message is transmitted as ciphertext from the sender to the
destination with a key known to both the user. If no other users who know the key is used, it can be
assumed that the user can not know the plaintext that was sent. We also need to be sure that the
message we received was from user A, that is, if we decrypt the message we receive, we also must
make sure that no ciphertext is changed by another user. In this case, confidentiality is very
important keys to unauthorized persons can not send false messages to us.
2. Public Key Encryption
Authentication by using public key authentication is more complex than using conventional
encryption methods.This is because public key is given to many parties, so there is the possibility of
another party sends a false message to us using the public key belongs to us.
To provide authentication, we need to add specific functionality into a lgoritma our encryption. User
A, in the encrypt messages, but to use the public key that we have, also have to use A's private
key in the encryption itself.User B, in decrypt the message, in addition to using his private key,
must also use the public key belongs to A in order to change the ciphertext she receives a
plaintext. This adds the function of authentication because only A that can make the ciphertext to
be sent to B, because only having a private key to encrypt the message.
3.1.2.2 Cryptographic Checksum
Cryptographic Checksum is an authentication technique that uses a secret key to form a small data
blocks that remain are applied to a message. This technique is also called Message Authentication
Mode (MAC). This technique assumes two users (eg A and B) who share a secret key K. When user
A wants to send a message to B, then he should calculate the cryptographic checksum of the
message with the function: CK (M). Message and the checksum result then sent to B. User B as the
recipient of the message also perform the same calculations terhadapat message received with the
same key. If the calculation results with the same user B cryptographic checksum that is sent by A,
then the message can be assumed to be authentic. If we assume that only the recipient and the
sender knows the secret key is used and the results of checksum calculation of the same, then we
can conclude:
Recipients are convinced that the message received has not changed. If the enemy has changed the
received message but does not change the cryptographic checksum, the checksum calculation is
performed by the receiver of the message will be different with the checksum sent by the sender of
the message. Because the enemy does not know the secret key is used to calculate the checksum,
then the enemy can not change the checksum according to the message dirubahnya.
Recipients must be convinced that the message received is from the correct sender. Because no
other user who knows the secret key is used, then no other user can give the right message with the
checksum.
If a message sent consists of a sequence of numbers (as used in X.25, HDLC, TCP and ISO
transport protocol), then the receiver can be assured with the correct sequence of messages,
because the enemy did not succeed in changing the sequence number in the message.
Cryptographic Checksum A function similar to the encryption function that we have learned
previously.The fundamental difference is the algorithm checksumstidak need to be reversed as the
decryption function. The process described above has demonstrated an authentication process, but
not provide confidentiality, since messages are transmitted in real.
Confidentiality can be provided by encrypting the message, both before and after the cryptographic
checksum calculation algorithms.In this case, it takes two different keys and each of the key must
be known to both sender and receiver.In the first case, the checksum is calculated first and then
combined with the message and continue with the encryption of messages that have been merged
with the checksum calculation.In the second case, the message is encrypted first and then do the
checksum calculation.After the encryption and checksum calculation is done, then the ciphertext
and the checksum are combined as a single message to be sent.
3.1.2.3 Hash Functions
One variation of authentication techniques are widely used today is a hash function.Just as in the
MAC we have learned previously, the hash function receives a message M as input and produces a
fixed-size hash code H (M), or often referred to as the essence of the message.Hash code is a
function terhadapa all the bits of the message and have the capability of fault detection.A change in
any bits in the message will produce different hash code
3.1.3 Method of Authentication
Authentication aimed to prove who you really are, do you really who you claim as he (Who You
claim to be).There are many ways to prove who you are.Authentication methods can be seen in the
three categories of methods:
Something you know
This is the most common authentication method. This method relies on the confidentiality of
information, for example, is the password and PIN. This method assumes that no one who knew the
secret unless you are one.
Something you have
This method is usually an additional factor to create a more secure authentication.This method
relies on items that are unique, for example is a magnetic card / smartcard, hardware tokens, USB
tokens and so on. This method assumes that no one who has the goods unless
you are a.
Something you are
This is the method most often used because of technological and human factors as well.In this way
the uniqueness menghandalkan parts of your body that can not exist in others such as finger prints,
voice or fingerprint retina.This method assumes that the parts of your body such as fingerprints and
retinal prints, not be the same with others.
Which is still widely used is the air-password system.To avoid password theft and illegal use of the
system, it would be wise if our network system equipped with a disposable password. The way the
application of single-use password system that is by way of:
1. Using an encrypted stamp system. In this way, the new password is sent after the first modified
based on the current time.
2. Using a challenge-response system (CR), where we give depends password challenge from the
server. Analogy we can prepare a list of answers / different response to the question / challenge
provided by the server. To memorize so many passwords is not easy, so it will be easier if it is
memorized rules to change the challenge given the response (so no random). Misalnnya our rule is:
"kapitalkan fifth letter and remove the four letters", then the password that we give is to challenge
the system MxyPtlk1W2 Mxyzptlk1W2.
The process involves authentication procedures challenge / response that occurs at the start of an
authentication. When a user wants to ask the right of access to the system then the system will
send a challenge to the user then the user sends the corresponding code. The system will compare
the code sent by the user with the existing code in the database. If there is a match then the system
will provide access rights in accordance with the rights owned by the user in question. For example,
when a Web administrator wants to access the IIS (Internet Information Service) on Windows NT
then the process of challenge / response occurs for the system to provide appropriate access
rights. Another example in UNIX systems that use a one-time password, a user who wants to
connect a terminal (telnet) into the system must enter a password before the system gives access
rights to the terminal. The process of challenge / response that occurs here is the user contacts the
server via telnet port (21), then the server form the hash and the key challenge. The user then
replied that key challenge with a one-time password accordingly. Furthermore, the response /
answer from the user will be compared with existing databases within the system, before it was
decided to grant access or not.
3.2 Lightweight Directory Access Protocol
Lightweight Directory Access Protocol (LDAP) is the development of technology to speed access to
information from a directory. Includes implementations of many orintasi network for middleware
class. LDAP enhance and develop the architecture for sentraliasi storage and information
management needs. And availability for distributed systems and services.
People and businesses increased confidence in the computer network system to support distributed
applications. Distributed applications is the interaction with computers in a local area network
(LAN) with the same company intranet or from any place via the internet. To improve its function, it
takes the correct and consistent regulation in the system. Including ease of use and effective
administration in finance in a distributed application information. Such as services, resources, users
and other objects that access the application.
Much information can be shared from some applications but it also must be protected. As a step to
keep the modification of the user who is not authorized or private information that must be
protected. Depicts the variation of user's information, applications, files, printers and any resources
(resources) that can be accessed through the network. In particular stored in a database, or
sometimes referred to as a directory.
LDAP is an open industry standard which is structured to bring together the various needs of the
network. Defined as the standard method for accessing and updating information in a
directory. Making it profitable to accept the directory access method on the internet, and
determining strategy of the company intranet.
A directory is a collection of structured information such as objects that includes detailed
information of each object. Telephone Directory instance and a city library card catalog. For the
telephone directory there is a list of objects that people like their names arranged in alphabetical,
and in detail will be no address and telephone number. While the books in the library catalog will be
arranged based on pengaran or title, and information about the ISBN (International Standard Book
Numbering) and so on.
In computer terminology, the directory is a specialized database or a data storage area, store type
and information related to its object. Parts of the directory may contain a collection of information
about the printer such as per minute printing speed, printing support documents and so on.
A directory is often described a specialized database that has the characteristics of the collective
state is generally a relational database (a database relation). One special characteristic of that
directory is accessible either read or look for when going process of updating or writing.
3.2.1 Mode-based LDAP Server and Client
LDAP-based client / server model in distributed computing. And compiled as a lightweight protocol
for accessing information in X.500 directory services.Comparison between the X.500 DAP
(Directory Access Protocol) is:
LDAP runs over TCP / IP (Transmission Control Protocol / Internet Protocol) better than the OSI
protocol stack (Open Source Initiative).
LDAP function model is simpler thus easier at the time of implementation.
LDAP uses strings to represent data better than the syntax of complex structures such as the ASN
(Abstract Syntax Notation).
Thus seen that the directory is usually accessed through a client server model for communication
processes. An application that wants to read or write the information you want in a directory, can
not be accessed directly to the directory.Function calls or Application Programming Interface (API)
occurs because a message is sent to a process other. So that the process at that time to access
information from the directory for the benefit of an application request. And results from reading or
writing it will give a reply of the request an application.
In keeping with technological developments, LDAP can not be separated ahead of developments in
technology. Some approaches that occur in an LDAP implementation will be the future is the
development of Native LDAP Server and LDAP Interface.
This is used for the security of Registry data that stores information relating to the security of a
data problem. In connection with the implementation of LDAP, the vendors do not want to fall
behind in their implementation of IBM (International Business Machine) has been developed in
several products.
SAMBA 3.2
Samba is a set of applications that aims to make computers with Linux operating system, BSD (or
other UNIX) can act as file and print server based on the SMB protocol (session message
block). Such a network that is common on Windows workgroup or Windows NT Domain. Samba also
comes with several programs that help the operating system Linux (and UNIX) can access the
resources that exist on an existing Windows network. That said, Samba is the bridge between
Windows and UNIX.
Samba consists of two programs running in the background: DBMS and nmbd.Can be briefly
mentioned that the DBMS is a file server that will generate a new process for each client who is
active duty while nmbd convert computer names (NetBIOS) into IP addresses as well as monitor the
share on the network. Work DBMS itself is regulated through the configuration file / etc / samba /
smb.conf. By making the appropriate configuration file, Samba can be used as file servers, print
servers, domain controllers, and many other functions.