SlideShare uma empresa Scribd logo

Eds user authenticationuser authentication methods

Transferir como PPT, PDF
L
lapao2014

Eds user authentication user authentication methods

Tecnologia
1 de 17
Authentication
User Authentication - Defined • The rapid spread of e-Business has necessitated the securing of transactions • Authentication is a fundamental security function. During authentication, credentials presented by an individual are validated and associated with the person's identity.This binding between credentials and identity is typically done for the purpose of granting (or denying) authorization to perform some restricted operation, like accessing secured files or executing sensitive transactions • User authentication is commonly defined as the process of identifying an individual, usually based on a uusername and passwords – In security systems, authentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual. The process of identifying an individual, usually based on a username and password
Strong User Authentication - Defined • When a traditional business becomes an e-Business, the access paths to corporate data expand, and the need for an overall security methodology increases greatly. A key part of this methodology is authentication. Old authentication methods such as passwords will no longer suffice due to their inherent weaknesses as well as the growing sophistication of the tools and people attempting unauthorized access. Today, strong user authentication—using at least two methods of identifying an individual—is critical to maintaining control over access to data • Essentially, Strong Authentication controls access and gives non- repudiation, or conclusive tracing of an action to an individual
Existing User Authentication Techniques Method Examples Properties What you know User Ids, PINs Passwords Shared Easy to guess Usually forgotten What you have Cards Badges Keys Shared Can be Duplicated Lost or Stolen What you know and what you have ATM + PIN Shared PIN is weak (written on back, easy to guess or forget) Something unique about user Fingerprint, face, voiceprint, iris scan Not possible to share Repudiation unlikely Forging difficult Cannot be lost or stolen The broad categories of user authentication, their methods and properties are shown in the following table
Single Factor Authentication - Defined • Single factor authentication has been traditionally established by one of these elements: – Something you have—including keys or token cards – Something you know—including passwords – Something you are—including fingerprints, voiceprints or retinal scans (iris)
Single Factor Authentication - Products • Passwords are the most basic and most common method of single factor authentication • Other stronger forms of single factor authentication include: – Password Authentication Protocol (PAP) – Challenge Handshake Authentication Protocol (CHAP) – Secure Socket Layer (SSL) – Digital Signatures – Kerberos – Firewall – Virtual Private Networks (VPNs)
Single Factor Authentication – Products Defined • Password Authentication Protocol: The most basic access control protocol for logging onto a network. A table of usernames and passwords is stored on a server—when users log on, their usernames and passwords are sent to the server for verification • Challenge Handshake Authentication Protocol: Similar to PAP, CHAP also uses a randomly generated challenge and requires a matching response that depends on a cryptographic hash of the challenge and a secret key • Secure Sockets Layer: The leading security protocol on the Internet. When an SSL session is initiated, the browser sends its public key to the server so that the server can securely send a secret key to the browser. The browser and server exchange data via secret key encryption during that session. Originally developed by Netscape, SSL has since been merged with other protocols and authentication methods by the Internet Engineering Task Force (IETF) into a new protocol known as Transport Layer Security (TLS)
Single Factor Authentication – Products Defined • Digital Signatures: An electronic signature that cannot be forged. It is a computed digest of the text that is encrypted and sent with the text message. The recipient decrypts the signature and recomputes the digest from the received text. If the digests match, the message is authenticated and proved intact from the sender • Kerberos: An MIT-developed user authentication system. While it does not provide authorization to services or databases, Kerberos does establish identity at logon, which is used throughout the session • Firewall: A security barrier set up between a company's internal systems and externally facing systems that filters out unwanted data packets. It can be implemented in a single router, or it may use a combination of technologies in routers and hosts • Virtual Private Networks: VPNs use encryption in the lower protocol layers to provide a secure connection through an otherwise insecure network, typically the Internet. VPNs are generally cheaper than real private networks using private lines, but do require that the same encryption system be at both ends. Encryption may be performed by firewall software or by routers
Single Factor Authentication – Drawbacks • Individually, any one of these approaches has its limitations. "Something you have" can be stolen, while "Something you know" can be guessed, shared or lost to other methods. "Something you are" is generally the strongest approach, but can be costly to implement and remains vulnerable to attack
Two Factor Authentication - Defined • Given the limitations of single-factor authentication, the logical alternative is two-factor authentication, in which two of the methods are applied in tandem. A perfect example is the system employed to authenticate automated teller machine (ATM) users, which blends a magnetic-strip card (what you have) with a multi-digit PIN (what you know) • Any one type of authentication may authorize access, but using two types moves toward the control concept of non-repudiation; not only can you prove your identity and gain access to a resource, but you cannot deny accessing the resource at a later time. We define "strong user authentication" as the two-factor method described above
Need for Strong Authentication • There are three essential reasons why an organization my decide to use strong authentication: 1. The cost associated with loss of unauthorized data is usually the most compelling reason to use strong authentication. Strong authentication should be used in the case of high risk data while it may not pay to use strong authentication for low risk data 2. A corporation could be held liable for an attack by a hacker. The loss of money and public confidence in this scenario will be great. Use of strong authentication techniques greatly minimizes this risk 3. The authentication tool should be capable of evolving as technology and threat changes. Therefore, in investing in a strong authentication tool it is essential to acquire one that can change as technology advances
Strong Authentication – Smart Cards • Smart cards are one way to provide strong authentication of users. The card itself is the item that the user must possess. The second factor may be a PIN, a password, or even a thumbprint. Various existing systems have used all of these • Authentication becomes even more rigorous by requiring a functional correlation between the two factors. The contents of the smart card cannot be accessed unless the value of the second factor is read by the smart card from the reading device. Specifically, when a user presents a smart card to a reading device such as a computer, the computer reads the PIN (or other second factor) and writes it to the smart card. Only if the PIN matches will the smart card allow the other information it contains to be accessed by the computer • The most important information passed by the smart card to the computer is, of course, the identity of the user. When the computer receives that identity, the authentication is complete
Strong Authentication – Digital Certificates • One of the core enabling security technologies is public key infrastructure (PKI). PKI is based on certificates provided to individuals through a registration process. The validity of stored information is consistently validated and supported by the infrastructure • One of the biggest obstacles to e-commerce expansion is how to prove the identity of an individual over networks and electronic services. Electronic service providers and financial institutions are embracing strong authentication and PKI technology as a key enabler • Certificates allow individual users, workstations and servers to identify themselves to each other, by digital signing of e-mail messages, software source files, secure Web communications, and Web site. This key enabling technology allows for strong authentication
Strong Authentication – Biometrics • Automated biometrics in general, and fingerprint technology in particular, can provide a much more accurate and reliable user authentication method • Biometrics is a rapidly advancing field that is concerned with identifying a person based on his or her physiological or behavioral characteristics. Examples of automated biometrics include fingerprint, face, iris scan, and speech recognition (voice print) • As a biometric property is an intrinsic property of an individual, it is difficult to duplicate and nearly impossible to share • Finally, a biometric property of an individual can be lost only in case of serious accident
Authentication – Selection process • In selecting a method of authentication an organization has to bear in mind the following four aspects 1. the desired level of security (of importance in case of a dispute, based on the value of the data to be protected) 2. the complexity of the used techniques (necessary computer power, speed, maturity of technology, scalability of technology) 3. the practicality of the used methods (cumbersome update, key distribution) 4. the assumption underlying the solution 5. failure rates
User Authentication - Summary • The security of e-Business depends upon the ability to both prevent malicious attacks and track unintentionally unauthorized acts • Many e-Business leaders assume that their systems are secure because they are using a security product such as firewalls within their infrastructure. This is a false sense of security • Information security is only as strong as its weakest link. Implementing simple security or no authentication, may provide hackers a weak "backdoor" from which to compromise network defenses • User authentication,especially strong user authentication, in combination with the other technologies, can help create user accountability, confidentiality and a reliable audit trail, and help ensure the security of e-Business
eds.com Contact information for Global Information Assurance Services:Contact information for Global Information Assurance Services: Katherine HollisKatherine Hollis 703-736-4156703-736-4156

Recomendados

Electronic Authentication More Than Just A Password
Electronic Authentication More Than Just A PasswordElectronic Authentication More Than Just A Password
Electronic Authentication More Than Just A Password
Nicholas Davis
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)
Ali Raw
 
User Authentication Overview
User Authentication OverviewUser Authentication Overview
User Authentication Overview
Jim Fenton
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise Applications
Ramesh Nagappan
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018
Will Adams
 
Webinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSSWebinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSS
onionid12
 
User Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondUser Authentication: Passwords and Beyond
User Authentication: Passwords and Beyond
Jim Fenton
 
Ynamono Hs Lecture
Ynamono Hs LectureYnamono Hs Lecture
Ynamono Hs Lecture
ynamoto
 

Recomendados

Electronic Authentication More Than Just A Password
Electronic Authentication More Than Just A PasswordElectronic Authentication More Than Just A Password
Electronic Authentication More Than Just A Password
Nicholas Davis
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)
Ali Raw
 
User Authentication Overview
User Authentication OverviewUser Authentication Overview
User Authentication Overview
Jim Fenton
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise Applications
Ramesh Nagappan
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018
Will Adams
 
Webinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSSWebinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSS
onionid12
 
User Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondUser Authentication: Passwords and Beyond
User Authentication: Passwords and Beyond
Jim Fenton
 
Ynamono Hs Lecture
Ynamono Hs LectureYnamono Hs Lecture
Ynamono Hs Lecture
ynamoto
 
Authentication
AuthenticationAuthentication
Authentication
Kusumalatha Karre
 
120 i143
120 i143120 i143
120 i143
Hai Nguyen
 
Ranjith_Bm
Ranjith_BmRanjith_Bm
Ranjith_Bm
branjith
 
Mobile Security for the Enterprise
Mobile Security for the EnterpriseMobile Security for the Enterprise
Mobile Security for the Enterprise
Will Adams
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailar
Hai Nguyen
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guide
Hai Nguyen
 
Identity Assertions Draftv5
Identity Assertions Draftv5Identity Assertions Draftv5
Identity Assertions Draftv5
Salvatore D'Agostino
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_fa
Hai Nguyen
 
Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01
Hai Nguyen
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authentication
Hai Nguyen
 
Authentication using Biometrics
Authentication using BiometricsAuthentication using Biometrics
Authentication using Biometrics
isha ranjan
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
PortalGuard dba PistolStar, Inc.
 
Authentication Technologies
Authentication TechnologiesAuthentication Technologies
Authentication Technologies
Nicholas Davis
 
Cryptography in user authentication
Cryptography in user authenticationCryptography in user authentication
Cryptography in user authentication
Rishikesh Jha
 
2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]
Hai Nguyen
 
19.) security pivot (policy byod nac)
19.) security pivot (policy byod nac)19.) security pivot (policy byod nac)
19.) security pivot (policy byod nac)
Jeff Green
 
Combat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion TechniquesCombat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion Techniques
IBM Security
 
Document authentication system powered by assuretec
Document authentication system powered by assuretecDocument authentication system powered by assuretec
Document authentication system powered by assuretec
Murugan Ramasamy
 
Two Factor Authentication
Two Factor AuthenticationTwo Factor Authentication
Two Factor Authentication
Nikhil Shaw
 
The Road to Identity 2.0
The Road to Identity 2.0The Road to Identity 2.0
The Road to Identity 2.0
Adam Lewis
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
DEEPAK948083
 
Multi Factor Authentication
Multi Factor AuthenticationMulti Factor Authentication
Multi Factor Authentication
Ping Identity
 

Mais conteúdo relacionado

Mais procurados

Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailar
Hai Nguyen
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guide
Hai Nguyen
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_fa
Hai Nguyen
 
Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01
Hai Nguyen
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authentication
Hai Nguyen
 
Authentication using Biometrics
Authentication using BiometricsAuthentication using Biometrics
Authentication using Biometrics
isha ranjan
 
Authentication Technologies
Authentication TechnologiesAuthentication Technologies
Authentication Technologies
Nicholas Davis
 
2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]
Hai Nguyen
 
19.) security pivot (policy byod nac)
19.) security pivot (policy byod nac)19.) security pivot (policy byod nac)
19.) security pivot (policy byod nac)
Jeff Green
 
Combat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion TechniquesCombat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion Techniques
IBM Security
 
The Road to Identity 2.0
The Road to Identity 2.0The Road to Identity 2.0
The Road to Identity 2.0
Adam Lewis
 

Mais procurados (20)

Authentication
AuthenticationAuthentication
Authentication
 
120 i143
120 i143120 i143
120 i143
 
Ranjith_Bm
Ranjith_BmRanjith_Bm
Ranjith_Bm
 
Mobile Security for the Enterprise
Mobile Security for the EnterpriseMobile Security for the Enterprise
Mobile Security for the Enterprise
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailar
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guide
 
Identity Assertions Draftv5
Identity Assertions Draftv5Identity Assertions Draftv5
Identity Assertions Draftv5
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_fa
 
Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authentication
 
Authentication using Biometrics
Authentication using BiometricsAuthentication using Biometrics
Authentication using Biometrics
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
 
Authentication Technologies
Authentication TechnologiesAuthentication Technologies
Authentication Technologies
 
Cryptography in user authentication
Cryptography in user authenticationCryptography in user authentication
Cryptography in user authentication
 
2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]
 
19.) security pivot (policy byod nac)
19.) security pivot (policy byod nac)19.) security pivot (policy byod nac)
19.) security pivot (policy byod nac)
 
Combat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion TechniquesCombat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion Techniques
 
Document authentication system powered by assuretec
Document authentication system powered by assuretecDocument authentication system powered by assuretec
Document authentication system powered by assuretec
 
Two Factor Authentication
Two Factor AuthenticationTwo Factor Authentication
Two Factor Authentication
 
The Road to Identity 2.0
The Road to Identity 2.0The Road to Identity 2.0
The Road to Identity 2.0
 

Semelhante a Eds user authenticationuser authentication methods

MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
DEEPAK948083
 
DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...
DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...
DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...
IJCSIS Research Publications
 
Two-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanTwo-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _Zaman
Asad Zaman
 
protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...
Rishav Gupta
 
Three Step Multifactor Authentication Systems for Modern Security
Three Step Multifactor Authentication Systems for Modern SecurityThree Step Multifactor Authentication Systems for Modern Security
Three Step Multifactor Authentication Systems for Modern Security
ijtsrd
 

Semelhante a Eds user authenticationuser authentication methods (20)

MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
 
Multi Factor Authentication
Multi Factor AuthenticationMulti Factor Authentication
Multi Factor Authentication
 
DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...
DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...
DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...
 
Multi Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect DesignMulti Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect Design
 
Two-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanTwo-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _Zaman
 
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor AuthenticationAddressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
 
Unit-4-User-Authentication.pptx
Unit-4-User-Authentication.pptxUnit-4-User-Authentication.pptx
Unit-4-User-Authentication.pptx
 
protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...
 
#MFSummit2016 Secure: Mind the gap strengthening the information security model
#MFSummit2016 Secure: Mind the gap strengthening the information security model#MFSummit2016 Secure: Mind the gap strengthening the information security model
#MFSummit2016 Secure: Mind the gap strengthening the information security model
 
Cryptography and authentication
Cryptography and authenticationCryptography and authentication
Cryptography and authentication
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
 
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the Cloud
 
unit4.pptx
unit4.pptxunit4.pptx
unit4.pptx
 
Broken Authentication and Authorization(1).pptx
Broken Authentication and Authorization(1).pptxBroken Authentication and Authorization(1).pptx
Broken Authentication and Authorization(1).pptx
 
E-Business security
E-Business security E-Business security
E-Business security
 
Three Step Multifactor Authentication Systems for Modern Security
Three Step Multifactor Authentication Systems for Modern SecurityThree Step Multifactor Authentication Systems for Modern Security
Three Step Multifactor Authentication Systems for Modern Security
 
Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)
 
C02
C02C02
C02
 

Último

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Último (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

Eds user authenticationuser authentication methods

  • 2. User Authentication - Defined • The rapid spread of e-Business has necessitated the securing of transactions • Authentication is a fundamental security function. During authentication, credentials presented by an individual are validated and associated with the person's identity.This binding between credentials and identity is typically done for the purpose of granting (or denying) authorization to perform some restricted operation, like accessing secured files or executing sensitive transactions • User authentication is commonly defined as the process of identifying an individual, usually based on a uusername and passwords – In security systems, authentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual. The process of identifying an individual, usually based on a username and password
  • 3. Strong User Authentication - Defined • When a traditional business becomes an e-Business, the access paths to corporate data expand, and the need for an overall security methodology increases greatly. A key part of this methodology is authentication. Old authentication methods such as passwords will no longer suffice due to their inherent weaknesses as well as the growing sophistication of the tools and people attempting unauthorized access. Today, strong user authentication—using at least two methods of identifying an individual—is critical to maintaining control over access to data • Essentially, Strong Authentication controls access and gives non- repudiation, or conclusive tracing of an action to an individual
  • 4. Existing User Authentication Techniques Method Examples Properties What you know User Ids, PINs Passwords Shared Easy to guess Usually forgotten What you have Cards Badges Keys Shared Can be Duplicated Lost or Stolen What you know and what you have ATM + PIN Shared PIN is weak (written on back, easy to guess or forget) Something unique about user Fingerprint, face, voiceprint, iris scan Not possible to share Repudiation unlikely Forging difficult Cannot be lost or stolen The broad categories of user authentication, their methods and properties are shown in the following table
  • 5. Single Factor Authentication - Defined • Single factor authentication has been traditionally established by one of these elements: – Something you have—including keys or token cards – Something you know—including passwords – Something you are—including fingerprints, voiceprints or retinal scans (iris)
  • 6. Single Factor Authentication - Products • Passwords are the most basic and most common method of single factor authentication • Other stronger forms of single factor authentication include: – Password Authentication Protocol (PAP) – Challenge Handshake Authentication Protocol (CHAP) – Secure Socket Layer (SSL) – Digital Signatures – Kerberos – Firewall – Virtual Private Networks (VPNs)
  • 7. Single Factor Authentication – Products Defined • Password Authentication Protocol: The most basic access control protocol for logging onto a network. A table of usernames and passwords is stored on a server—when users log on, their usernames and passwords are sent to the server for verification • Challenge Handshake Authentication Protocol: Similar to PAP, CHAP also uses a randomly generated challenge and requires a matching response that depends on a cryptographic hash of the challenge and a secret key • Secure Sockets Layer: The leading security protocol on the Internet. When an SSL session is initiated, the browser sends its public key to the server so that the server can securely send a secret key to the browser. The browser and server exchange data via secret key encryption during that session. Originally developed by Netscape, SSL has since been merged with other protocols and authentication methods by the Internet Engineering Task Force (IETF) into a new protocol known as Transport Layer Security (TLS)
  • 8. Single Factor Authentication – Products Defined • Digital Signatures: An electronic signature that cannot be forged. It is a computed digest of the text that is encrypted and sent with the text message. The recipient decrypts the signature and recomputes the digest from the received text. If the digests match, the message is authenticated and proved intact from the sender • Kerberos: An MIT-developed user authentication system. While it does not provide authorization to services or databases, Kerberos does establish identity at logon, which is used throughout the session • Firewall: A security barrier set up between a company's internal systems and externally facing systems that filters out unwanted data packets. It can be implemented in a single router, or it may use a combination of technologies in routers and hosts • Virtual Private Networks: VPNs use encryption in the lower protocol layers to provide a secure connection through an otherwise insecure network, typically the Internet. VPNs are generally cheaper than real private networks using private lines, but do require that the same encryption system be at both ends. Encryption may be performed by firewall software or by routers
  • 9. Single Factor Authentication – Drawbacks • Individually, any one of these approaches has its limitations. "Something you have" can be stolen, while "Something you know" can be guessed, shared or lost to other methods. "Something you are" is generally the strongest approach, but can be costly to implement and remains vulnerable to attack
  • 10. Two Factor Authentication - Defined • Given the limitations of single-factor authentication, the logical alternative is two-factor authentication, in which two of the methods are applied in tandem. A perfect example is the system employed to authenticate automated teller machine (ATM) users, which blends a magnetic-strip card (what you have) with a multi-digit PIN (what you know) • Any one type of authentication may authorize access, but using two types moves toward the control concept of non-repudiation; not only can you prove your identity and gain access to a resource, but you cannot deny accessing the resource at a later time. We define "strong user authentication" as the two-factor method described above
  • 11. Need for Strong Authentication • There are three essential reasons why an organization my decide to use strong authentication: 1. The cost associated with loss of unauthorized data is usually the most compelling reason to use strong authentication. Strong authentication should be used in the case of high risk data while it may not pay to use strong authentication for low risk data 2. A corporation could be held liable for an attack by a hacker. The loss of money and public confidence in this scenario will be great. Use of strong authentication techniques greatly minimizes this risk 3. The authentication tool should be capable of evolving as technology and threat changes. Therefore, in investing in a strong authentication tool it is essential to acquire one that can change as technology advances
  • 12. Strong Authentication – Smart Cards • Smart cards are one way to provide strong authentication of users. The card itself is the item that the user must possess. The second factor may be a PIN, a password, or even a thumbprint. Various existing systems have used all of these • Authentication becomes even more rigorous by requiring a functional correlation between the two factors. The contents of the smart card cannot be accessed unless the value of the second factor is read by the smart card from the reading device. Specifically, when a user presents a smart card to a reading device such as a computer, the computer reads the PIN (or other second factor) and writes it to the smart card. Only if the PIN matches will the smart card allow the other information it contains to be accessed by the computer • The most important information passed by the smart card to the computer is, of course, the identity of the user. When the computer receives that identity, the authentication is complete
  • 13. Strong Authentication – Digital Certificates • One of the core enabling security technologies is public key infrastructure (PKI). PKI is based on certificates provided to individuals through a registration process. The validity of stored information is consistently validated and supported by the infrastructure • One of the biggest obstacles to e-commerce expansion is how to prove the identity of an individual over networks and electronic services. Electronic service providers and financial institutions are embracing strong authentication and PKI technology as a key enabler • Certificates allow individual users, workstations and servers to identify themselves to each other, by digital signing of e-mail messages, software source files, secure Web communications, and Web site. This key enabling technology allows for strong authentication
  • 14. Strong Authentication – Biometrics • Automated biometrics in general, and fingerprint technology in particular, can provide a much more accurate and reliable user authentication method • Biometrics is a rapidly advancing field that is concerned with identifying a person based on his or her physiological or behavioral characteristics. Examples of automated biometrics include fingerprint, face, iris scan, and speech recognition (voice print) • As a biometric property is an intrinsic property of an individual, it is difficult to duplicate and nearly impossible to share • Finally, a biometric property of an individual can be lost only in case of serious accident
  • 15. Authentication – Selection process • In selecting a method of authentication an organization has to bear in mind the following four aspects 1. the desired level of security (of importance in case of a dispute, based on the value of the data to be protected) 2. the complexity of the used techniques (necessary computer power, speed, maturity of technology, scalability of technology) 3. the practicality of the used methods (cumbersome update, key distribution) 4. the assumption underlying the solution 5. failure rates
  • 16. User Authentication - Summary • The security of e-Business depends upon the ability to both prevent malicious attacks and track unintentionally unauthorized acts • Many e-Business leaders assume that their systems are secure because they are using a security product such as firewalls within their infrastructure. This is a false sense of security • Information security is only as strong as its weakest link. Implementing simple security or no authentication, may provide hackers a weak "backdoor" from which to compromise network defenses • User authentication,especially strong user authentication, in combination with the other technologies, can help create user accountability, confidentiality and a reliable audit trail, and help ensure the security of e-Business
  • 17. eds.com Contact information for Global Information Assurance Services:Contact information for Global Information Assurance Services: Katherine HollisKatherine Hollis 703-736-4156703-736-4156