Sunday, August 25, 2013

Authentication

Identification is usually providing a public piece of information (username, account number) and authentication is providing a private piece of information
(PIN number, passphrase, digital signature). Three important characteristics of
the mechanisms that can be used for authentication are as follows:
•Subject must prove something he knows Example = password
•Subject must prove something he has Example = smart card
•Subject must prove something he is Example = fingerprint
If one mechanism providing one of these characteristics is used, it is referred
to as one-factor; if two mechanisms are being used, it is two-factor; and you
guessed it, an authentication process that requires all three is referred to as
three-factor. For the authentication process to be consideredstrong authentication,
it must be at least two-factor.

User identification values should be unique to ensure accountability of individual activity. They should be nondescriptive of job functions to make them
not as easily guessed and so that attackers will not know what type of account
the credentials are tied to. There should also be secure and documented processes for issuing identification and authentication values and mechanisms to
ensure standardization.
There are several mechanisms that can be used for authentication, each one
with its own strengths and weaknesses. We take a look at the following items:
•Biometrics
•Passwords
•Token devices
•Memory cards
•Smart cards
•Cryptographic keys

No comments:

Post a Comment