Authentication - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

Authentication

Description:

Digital Signatures: An electronic signature that cannot be forged. ... The authentication tool should be capable of evolving as technology and threat changes. ... – PowerPoint PPT presentation

Number of Views:72
Avg rating:3.0/5.0
Slides: 18
Provided by: aria92
Category:

less

Transcript and Presenter's Notes

Title: Authentication


1
Authentication
2
User Authentication - Defined
  • The rapid spread of e-Business has necessitated
    the securing of transactions
  • Authentication is a fundamental security
    function. During authentication, credentials
    presented by an individual are validated and
    associated with the person's identity.This
    binding between credentials and identity is
    typically done for the purpose of granting (or
    denying) authorization to perform some restricted
    operation, like accessing secured files or
    executing sensitive transactions
  • User authentication is commonly defined as the
    process of identifying an individual, usually
    based on a uusername and passwords
  • In security systems, authentication is distinct
    from authorization, which is the process of
    giving individuals access to system objects based
    on their identity. Authentication merely ensures
    that the individual is who he or she claims to
    be, but says nothing about the access rights of
    the individual. The process of identifying an
    individual, usually based on a username and
    password

3
Strong User Authentication - Defined
  • When a traditional business becomes an
    e-Business, the access paths to corporate data
    expand, and the need for an overall security
    methodology increases greatly. A key part of this
    methodology is authentication. Old authentication
    methods such as passwords will no longer suffice
    due to their inherent weaknesses as well as the
    growing sophistication of the tools and people
    attempting unauthorized access. Today, strong
    user authenticationusing at least two methods of
    identifying an individualis critical to
    maintaining control over access to data
  • Essentially, Strong Authentication controls
    access and gives non-repudiation, or conclusive
    tracing of an action to an individual

4
Existing User Authentication Techniques
The broad categories of user authentication,
their methods and properties are shown in the
following table
5
Single Factor Authentication - Defined
  • Single factor authentication has been
    traditionally established by one of these
    elements
  • Something you haveincluding keys or token cards
  • Something you knowincluding passwords
  • Something you areincluding fingerprints,
    voiceprints or retinal scans (iris)

6
Single Factor Authentication - Products
  • Passwords are the most basic and most common
    method of single factor authentication
  • Other stronger forms of single factor
    authentication include
  • Password Authentication Protocol (PAP)
  • Challenge Handshake Authentication Protocol
    (CHAP)
  • Secure Socket Layer (SSL)
  • Digital Signatures
  • Kerberos
  • Firewall
  • Virtual Private Networks (VPNs)

7
Single Factor Authentication Products Defined
  • Password Authentication Protocol The most basic
    access control protocol for logging onto a
    network. A table of usernames and passwords is
    stored on a serverwhen users log on, their
    usernames and passwords are sent to the server
    for verification
  • Challenge Handshake Authentication Protocol
    Similar to PAP, CHAP also uses a randomly
    generated challenge and requires a matching
    response that depends on a cryptographic hash of
    the challenge and a secret key
  • Secure Sockets Layer The leading security
    protocol on the Internet. When an SSL session is
    initiated, the browser sends its public key to
    the server so that the server can securely send a
    secret key to the browser. The browser and server
    exchange data via secret key encryption during
    that session. Originally developed by Netscape,
    SSL has since been merged with other protocols
    and authentication methods by the Internet
    Engineering Task Force (IETF) into a new protocol
    known as Transport Layer Security (TLS)

8
Single Factor Authentication Products Defined
  • Digital Signatures An electronic signature that
    cannot be forged. It is a computed digest of the
    text that is encrypted and sent with the text
    message. The recipient decrypts the signature and
    recomputes the digest from the received text. If
    the digests match, the message is authenticated
    and proved intact from the sender
  • Kerberos An MIT-developed user authentication
    system. While it does not provide authorization
    to services or databases, Kerberos does establish
    identity at logon, which is used throughout the
    session
  • Firewall A security barrier set up between a
    company's internal systems and externally facing
    systems that filters out unwanted data packets.
    It can be implemented in a single router, or it
    may use a combination of technologies in routers
    and hosts
  • Virtual Private Networks VPNs use encryption in
    the lower protocol layers to provide a secure
    connection through an otherwise insecure network,
    typically the Internet. VPNs are generally
    cheaper than real private networks using private
    lines, but do require that the same encryption
    system be at both ends. Encryption may be
    performed by firewall software or by routers

9
Single Factor Authentication Drawbacks
  • Individually, any one of these approaches has its
    limitations. "Something you have" can be stolen,
    while "Something you know" can be guessed, shared
    or lost to other methods. "Something you are" is
    generally the strongest approach, but can be
    costly to implement and remains vulnerable to
    attack

10
Two Factor Authentication - Defined
  • Given the limitations of single-factor
    authentication, the logical alternative is
    two-factor authentication, in which two of the
    methods are applied in tandem. A perfect example
    is the system employed to authenticate automated
    teller machine (ATM) users, which blends a
    magnetic-strip card (what you have) with a
    multi-digit PIN (what you know)
  • Any one type of authentication may authorize
    access, but using two types moves toward the
    control concept of non-repudiation not only can
    you prove your identity and gain access to a
    resource, but you cannot deny accessing the
    resource at a later time. We define "strong user
    authentication" as the two-factor method
    described above

11
Need for Strong Authentication
  • There are three essential reasons why an
    organization my decide to use strong
    authentication
  • The cost associated with loss of unauthorized
    data is usually the most compelling reason to use
    strong authentication. Strong authentication
    should be used in the case of high risk data
    while it may not pay to use strong authentication
    for low risk data
  • A corporation could be held liable for an attack
    by a hacker. The loss of money and public
    confidence in this scenario will be great. Use
    of strong authentication techniques greatly
    minimizes this risk
  • The authentication tool should be capable of
    evolving as technology and threat changes.
    Therefore, in investing in a strong
    authentication tool it is essential to acquire
    one that can change as technology advances

12
Strong Authentication Smart Cards
  • Smart cards are one way to provide strong
    authentication of users. The card itself is the
    item that the user must possess. The second
    factor may be a PIN, a password, or even a
    thumbprint. Various existing systems have used
    all of these
  • Authentication becomes even more rigorous by
    requiring a functional correlation between the
    two factors. The contents of the smart card
    cannot be accessed unless the value of the second
    factor is read by the smart card from the reading
    device. Specifically, when a user presents a
    smart card to a reading device such as a
    computer, the computer reads the PIN (or other
    second factor) and writes it to the smart card.
    Only if the PIN matches will the smart card allow
    the other information it contains to be accessed
    by the computer
  • The most important information passed by the
    smart card to the computer is, of course, the
    identity of the user. When the computer receives
    that identity, the authentication is complete

13
Strong Authentication Digital Certificates
  • One of the core enabling security technologies is
    public key infrastructure (PKI). PKI is based on
    certificates provided to individuals through a
    registration process. The validity of stored
    information is consistently validated and
    supported by the infrastructure
  • One of the biggest obstacles to e-commerce
    expansion is how to prove the identity of an
    individual over networks and electronic
    services.  Electronic service providers and
    financial institutions are embracing strong
    authentication and PKI technology as a key
    enabler
  • Certificates allow individual users, workstations
    and servers to identify themselves to each other,
    by digital signing of e-mail messages, software
    source files, secure Web communications, and Web
    site. This key enabling technology allows for
    strong authentication

14
Strong Authentication Biometrics
  • Automated biometrics in general, and fingerprint
    technology in particular, can provide a much more
    accurate and reliable user authentication method
  • Biometrics is a rapidly advancing field that is
    concerned with identifying a person based on his
    or her physiological or behavioral
    characteristics. Examples of automated biometrics
    include fingerprint, face, iris scan, and speech
    recognition (voice print)
  • As a biometric property is an intrinsic property
    of an individual, it is difficult to duplicate
    and nearly impossible to share
  • Finally, a biometric property of an individual
    can be lost only in case of serious accident

15
Authentication Selection process
  • In selecting a method of authentication an
    organization has to bear in mind the following
    four aspects
  • the desired level of security (of importance in
    case of a dispute, based on the value of the data
    to be protected)
  • the complexity of the used techniques (necessary
    computer power, speed, maturity of technology,
    scalability of technology)
  • the practicality of the used methods (cumbersome
    update, key distribution)
  • the assumption underlying the solution
  • failure rates

16
User Authentication - Summary
  • The security of e-Business depends upon the
    ability to both prevent malicious attacks and
    track unintentionally unauthorized acts
  • Many e-Business leaders assume that their systems
    are secure because they are using a security
    product such as firewalls within their
    infrastructure. This is a false sense of security
  • Information security is only as strong as its
    weakest link. Implementing simple security or no
    authentication, may provide hackers a weak
    "backdoor" from which to compromise network
    defenses
  • User authentication,especially strong user
    authentication, in combination with the other
    technologies, can help create user
    accountability, confidentiality and a reliable
    audit trail, and help ensure the security of
    e-Business

17
eds.com
Contact information for Global Information
Assurance Services Katherine Hollis
703-736-4156
Write a Comment
User Comments (0)
About PowerShow.com