Authentication using external authentication servers is commonly used to provide network access, including wired and wireless deployments. Both authentication server and authenticating client need to know whether the connecting peer is trustworthy or not. If the authentication server or client is compromised i.e., it is no longer a trusted entity, which could create harm to the network by allowing malicious server to authenticate the client or malicious client (attacker) to access the network. Lightweight Directory Access Protocol (LDAP) is an extensible protocol, whose specification is defined in RFC4510, and protocol details are defined in RFC4511. Currently LDAP does not include any capabilities to exchange trust information between LDAP client and LDAP server to prove to either server or client that the peer was not tampered. The techniques presented herein describe method to have trustworthiness between LDAP client and LDAP server by having attestation information in all LDAP messages. This method incorporates attestation information to LDAP messages exchanged between LDAP client and LDAP server. In other words, LDAP messages between LDAP client and LDAP server are extended with extensions that carry Proof of Integrity and intent to validate Proof of Integrity.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
M M, NIRANJAN, "TRUSTWORTHINESS FOR LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL", Technical Disclosure Commons, (March 15, 2022)