Authentication

From CryptoDox, The Online Encyclopedia on Cryptography and Information Security

Jump to: navigation, search

Authentication is the process of identifying an individual, usually based on a username and password. Authentication is different from authorization; which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual.

How do we authenticate?

There are several mechanisms available to carry out the process of authentication. Some of them are:

  • Password-based authentication: A combination of a username and password is the simplest mechanism to authenticate,
  • Public-key encryption: This can also be used for authentication using Digital Signatures.
  • Kerberos: In the Needham and Schroeder protocol used in Kerberos, the secret information used for verification is never transmitted in the clear and is never seen by a recipient. Instead, an "authentication server" creates a collection of "session secrets" that are used by the sender and receiver for authentication of messages during a particular interaction. Session information is good only between session participants, and can be timestamped to protect against replaying of messages.
  • biometric authentication

Two-factor authentication is any authentication protocol that requires two independent ways to establish identity and privileges. Common forms of 2-factor authentication include:

  • using a ATM card and a memorized PIN to get money out of an ATM machine (2 different mechanisms)
  • Connecting to the bank using https, and the bank sending a password using a cell phone text message to send a new password (using the same mechanism twice -- passwords -- but over 2 different media: the internet and the telephone network).

Books of Interest

External Links

| TheLadders |