CHAPTER III REVIEW RESEARCH 1 Authentication 3.1.1 Definition of Authentication Authentication is the process in order to validate users when entering the system, the name and password of a user in check through a process that check directly to the list of those who are granted the right to enter the system. This authorization is set up by administrators, webmasters or site owners (or their supreme rights holder designated in the system. For this process to each user will be given a check of the data such as names, passwords and other things that are not coveredpossibilities such as hours of use, the permitted location. On the Apache server there are several methods used in mengimplemtasikan authentication mechanism. In principle, this mechanism is divided into two types, namely: 1. HTTP basic authentication base64-encoding using a simple technique which is applied for a username and password before the data is transferred to the server. This type of authentication used to restrict access to web pages based on: host name of the browser; password entered by the user 2.Otentikasi basic password-based if for the first time a user tries to access a protected directory, then he must first write down the name and password into a form that appears in the form of pop-up window. If the user name and password are allowed to access, then the browser has access to this directory for the remainder of a browsing session. 3. Host-based basic authentication Another basic type of authentication is based on the client host access restrictions. Host can be either a domain name like f117.bopmber.org or IP address such as 172.20.172.10. 3.1.2 Authentication Function There are two basic levels that can be used to implement the authentication mechanism or a digital signature. First, by using certain functions that can generate value that can be worn as a mark of authentication. Second, by using a specific authentication protocol. This function can be categorized into three terms, namely: 1.Message encryption, the ciphertext of the message as the value for authentication. 2.Cryptographic checksum, a function of the input message and a key that will produce the specified value is used for authentication. 3.Hash function, a function that will map the message to the specified value is used for authentication. 3.1.2.1 Message encryption Actual message encryption can also provide authentication functions. Analysis of message authentication function is different between models of conventional encryption and public key encryption model. Conventional 1.Enkripsi In conventional encryption, a message is transmitted as ciphertext from the sender to the destination with a key known to both the user. If no other users who know the key is used, it can be assumed that the user can not know the plaintext that was sent. We also need to be sure that the message we received was from user A, that is, if we decrypt the message we receive, we also must make sure that no ciphertext is changed by another user. In this case, confidentiality is very important keys to unauthorized persons can not send false messages to us. 2. Public Key Encryption Authentication by using public key authentication is more complex than using conventional encryption methods.This is because public key is given to many parties, so there is the possibility of another party sends a false message to us using the public key belongs to us. To provide authentication, we need to add specific functionality into a lgoritma our encryption. User A, in the encrypt messages, but to use the public key that we have, also have to use A's private key in the encryption itself.User B, in decrypt the message, in addition to using his private key, must also use the public key belongs to A in order to change the ciphertext she receives a plaintext. This adds the function of authentication because only A that can make the ciphertext to be sent to B, because only having a private key to encrypt the message. 3.1.2.2 Cryptographic Checksum Cryptographic Checksum is an authentication technique that uses a secret key to form a small data blocks that remain are applied to a message. This technique is also called Message Authentication Mode (MAC). This technique assumes two users (eg A and B) who share a secret key K. When user A wants to send a message to B, then he should calculate the cryptographic checksum of the message with the function: CK (M). Message and the checksum result then sent to B. User B as the recipient of the message also perform the same calculations terhadapat message received with the same key. If the calculation results with the same user B cryptographic checksum that is sent by A, then the message can be assumed to be authentic. If we assume that only the recipient and the sender knows the secret key is used and the results of checksum calculation of the same, then we can conclude: Recipients are convinced that the message received has not changed. If the enemy has changed the received message but does not change the cryptographic checksum, the checksum calculation is performed by the receiver of the message will be different with the checksum sent by the sender of the message. Because the enemy does not know the secret key is used to calculate the checksum, then the enemy can not change the checksum according to the message dirubahnya. Recipients must be convinced that the message received is from the correct sender. Because no other user who knows the secret key is used, then no other user can give the right message with the checksum. If a message sent consists of a sequence of numbers (as used in X.25, HDLC, TCP and ISO transport protocol), then the receiver can be assured with the correct sequence of messages, because the enemy did not succeed in changing the sequence number in the message. Cryptographic Checksum A function similar to the encryption function that we have learned previously.The fundamental difference is the algorithm checksumstidak need to be reversed as the decryption function. The process described above has demonstrated an authentication process, but not provide confidentiality, since messages are transmitted in real. Confidentiality can be provided by encrypting the message, both before and after the cryptographic checksum calculation algorithms.In this case, it takes two different keys and each of the key must be known to both sender and receiver.In the first case, the checksum is calculated first and then combined with the message and continue with the encryption of messages that have been merged with the checksum calculation.In the second case, the message is encrypted first and then do the checksum calculation.After the encryption and checksum calculation is done, then the ciphertext and the checksum are combined as a single message to be sent. 3.1.2.3 Hash Functions One variation of authentication techniques are widely used today is a hash function.Just as in the MAC we have learned previously, the hash function receives a message M as input and produces a fixed-size hash code H (M), or often referred to as the essence of the message.Hash code is a function terhadapa all the bits of the message and have the capability of fault detection.A change in any bits in the message will produce different hash code 3.1.3 Method of Authentication Authentication aimed to prove who you really are, do you really who you claim as he (Who You claim to be).There are many ways to prove who you are.Authentication methods can be seen in the three categories of methods: Something you know This is the most common authentication method. This method relies on the confidentiality of information, for example, is the password and PIN. This method assumes that no one who knew the secret unless you are one. Something you have This method is usually an additional factor to create a more secure authentication.This method relies on items that are unique, for example is a magnetic card / smartcard, hardware tokens, USB tokens and so on. This method assumes that no one who has the goods unless you are a. Something you are This is the method most often used because of technological and human factors as well.In this way the uniqueness menghandalkan parts of your body that can not exist in others such as finger prints, voice or fingerprint retina.This method assumes that the parts of your body such as fingerprints and retinal prints, not be the same with others. Which is still widely used is the air-password system.To avoid password theft and illegal use of the system, it would be wise if our network system equipped with a disposable password. The way the application of single-use password system that is by way of: 1. Using an encrypted stamp system. In this way, the new password is sent after the first modified based on the current time. 2. Using a challenge-response system (CR), where we give depends password challenge from the server. Analogy we can prepare a list of answers / different response to the question / challenge provided by the server. To memorize so many passwords is not easy, so it will be easier if it is memorized rules to change the challenge given the response (so no random). Misalnnya our rule is: "kapitalkan fifth letter and remove the four letters", then the password that we give is to challenge the system MxyPtlk1W2 Mxyzptlk1W2. The process involves authentication procedures challenge / response that occurs at the start of an authentication. When a user wants to ask the right of access to the system then the system will send a challenge to the user then the user sends the corresponding code. The system will compare the code sent by the user with the existing code in the database. If there is a match then the system will provide access rights in accordance with the rights owned by the user in question. For example, when a Web administrator wants to access the IIS (Internet Information Service) on Windows NT then the process of challenge / response occurs for the system to provide appropriate access rights. Another example in UNIX systems that use a one-time password, a user who wants to connect a terminal (telnet) into the system must enter a password before the system gives access rights to the terminal. The process of challenge / response that occurs here is the user contacts the server via telnet port (21), then the server form the hash and the key challenge. The user then replied that key challenge with a one-time password accordingly. Furthermore, the response / answer from the user will be compared with existing databases within the system, before it was decided to grant access or not. 3.2 Lightweight Directory Access Protocol Lightweight Directory Access Protocol (LDAP) is the development of technology to speed access to information from a directory. Includes implementations of many orintasi network for middleware class. LDAP enhance and develop the architecture for sentraliasi storage and information management needs. And availability for distributed systems and services. People and businesses increased confidence in the computer network system to support distributed applications. Distributed applications is the interaction with computers in a local area network (LAN) with the same company intranet or from any place via the internet. To improve its function, it takes the correct and consistent regulation in the system. Including ease of use and effective administration in finance in a distributed application information. Such as services, resources, users and other objects that access the application. Much information can be shared from some applications but it also must be protected. As a step to keep the modification of the user who is not authorized or private information that must be protected. Depicts the variation of user's information, applications, files, printers and any resources (resources) that can be accessed through the network. In particular stored in a database, or sometimes referred to as a directory. LDAP is an open industry standard which is structured to bring together the various needs of the network. Defined as the standard method for accessing and updating information in a directory. Making it profitable to accept the directory access method on the internet, and determining strategy of the company intranet. A directory is a collection of structured information such as objects that includes detailed information of each object. Telephone Directory instance and a city library card catalog. For the telephone directory there is a list of objects that people like their names arranged in alphabetical, and in detail will be no address and telephone number. While the books in the library catalog will be arranged based on pengaran or title, and information about the ISBN (International Standard Book Numbering) and so on. In computer terminology, the directory is a specialized database or a data storage area, store type and information related to its object. Parts of the directory may contain a collection of information about the printer such as per minute printing speed, printing support documents and so on. A directory is often described a specialized database that has the characteristics of the collective state is generally a relational database (a database relation). One special characteristic of that directory is accessible either read or look for when going process of updating or writing. 3.2.1 Mode-based LDAP Server and Client LDAP-based client / server model in distributed computing. And compiled as a lightweight protocol for accessing information in X.500 directory services.Comparison between the X.500 DAP (Directory Access Protocol) is: LDAP runs over TCP / IP (Transmission Control Protocol / Internet Protocol) better than the OSI protocol stack (Open Source Initiative). LDAP function model is simpler thus easier at the time of implementation. LDAP uses strings to represent data better than the syntax of complex structures such as the ASN (Abstract Syntax Notation). Thus seen that the directory is usually accessed through a client server model for communication processes. An application that wants to read or write the information you want in a directory, can not be accessed directly to the directory.Function calls or Application Programming Interface (API) occurs because a message is sent to a process other. So that the process at that time to access information from the directory for the benefit of an application request. And results from reading or writing it will give a reply of the request an application. In keeping with technological developments, LDAP can not be separated ahead of developments in technology. Some approaches that occur in an LDAP implementation will be the future is the development of Native LDAP Server and LDAP Interface. This is used for the security of Registry data that stores information relating to the security of a data problem. In connection with the implementation of LDAP, the vendors do not want to fall behind in their implementation of IBM (International Business Machine) has been developed in several products. SAMBA 3.2 Samba is a set of applications that aims to make computers with Linux operating system, BSD (or other UNIX) can act as file and print server based on the SMB protocol (session message block). Such a network that is common on Windows workgroup or Windows NT Domain. Samba also comes with several programs that help the operating system Linux (and UNIX) can access the resources that exist on an existing Windows network. That said, Samba is the bridge between Windows and UNIX. Samba consists of two programs running in the background: DBMS and nmbd.Can be briefly mentioned that the DBMS is a file server that will generate a new process for each client who is active duty while nmbd convert computer names (NetBIOS) into IP addresses as well as monitor the share on the network. Work DBMS itself is regulated through the configuration file / etc / samba / smb.conf. By making the appropriate configuration file, Samba can be used as file servers, print servers, domain controllers, and many other functions.