Authentication
Authentication is the process of verifying the identity of a user or a device before granting access to resources. This is the first step of establishing trust between two parties. An oversimplified authentication process looks like Figure 14.2:
Figure 14.2 – Oversimplified interaction of authentication
The client (a user, a device, or a system) initiates the authentication with the target system, and it provides credentials to claim who it is. The system receives the credentials and starts the verification process. The system acknowledges a positive result if it can identify the client, otherwise, a rejection is sent back to the entity.
This interaction is merely conceptual as actual authentication has a lot of aspects to consider. Firstly, the transport layer needs to be secured to ensure there is no eavesdropping, also known as man-in-the-middle (MitM) attacks.
MitM attack
A MitM attack is a cyberattack where an attacker...
