"How
do I know who you say you are?".
- Security systems require three separate elements
- identification
- authentication and
- authorisation.
 Authentication
The process through which the identity of a computer or network user
is verified. The system that ensures the user is who they claim to be.
- Three systems can be used for authentication.
Something the user
- Examples
- Password, pass-phrase, personal id number,
personal information (mothers maiden name)
- Weaknesses
- Anyone can enter a password. Can be guessed or
cracked by brute force and dictionary based attacks.
- Examples
- Key, magnetic card, smart card.
- Weakness
- Difficult/expensive to replicate device
Requires contingency procedures (what if the card is not on the
person).
|
| Something
the user is (Biometrics) |
- Physical trait or characteristic
- Examples
- fingerprint, retinal (eye) pattern, hand geometry,
voice recognition.
- Weaknesses
- Errors giving a false positive (validating the
wrong user) and false negative (rejecting the user)
- Permanent physical changes can alter the biometric
or render it unreadable (a cut finger with a plaster).
| Two-factor
authentication |
A combination of methods is generally used where security
is an issue.
- Example
- If you are stopped by police, you hand over your license
(something you have) and the officer checks you against your photo
(something you are)
|