Does symmetric provide authentication?

jet

hello all,
I read serveral books about symmetric algorithm and quite confused coz they say differently about it. Some of them say it provide authentication while others dont. For example, Syngress book says it does not while some other documents say yes
Another question I want to ask is: If you have a question that asks you to select which one of IPSec and SSH is tunelling protocol? which one would you select?
Please clear it up for me
Thank you,

timharpur

Symmetric can be used for authentication, but usually isn't when dealing with internet. With symmetric a single secret key is used for encry/decry, and anyone who has that secret key can use it for both operations... thus if only one person has the secret key (and it hasn't been compromised) then it can be used to authenticate. The problem is that the system you are authenticating with must also have the secret key (it must have been shared somehow with the system in question, which makes it difficult to use with the internet without compromise). With asymmetric encry, two keys are used - one private that is never shared and one public that can be handed out without much concern. To authenticate you use your private key to encry a value and the target system uses your public key to decry the response - if they get the right message back from decry then you would be authenticated as only a value that was encry with the private key can be decry with the public key (and vice versa). Since they used your public key and it worked the value must have been encry with your private key, which only you know (and thus it must be you on the other end of the connection).

When being asked about authentication methods on the exam, it is probably referring to asymetric encryption for the handshake.

Hope this helps.

timharpur

IPSec is an encryption protocol which has a transport and a tunneling mode. IPSec is also commonly used in conjunction with L2TP (another tunneling protocol). SSH is secure shell.

Thus the answer is IPSec.