Authentication Concepts Q1-2023

  • Authentication allows entities to prove their identity by using credentials known to another entity.
  • Identification occurs when a user professes or claims an identity, such as with a username.
  • Authentication occurs when an entity provides proof of an identity (such as a password) and the proof is verified by a second entity.

•Authorization provides access to resources based on a provenidentity.

Four Factors Of Authentication

  • Something you know (such as username and password)
  • Something you have (such as smart card, CAC, PIV or a token)
  • Something you are (using biometric)
  • Where you are – location§
  • The something you know factor typically refers to a shared secret suchas password, a username and password or even a personalidentification number (PIN). This is the least secure form ofauthentication.

Factors Of Authentication

  • Passwords should be strong and changed often.This can be a combination of special characters.
  • Self service password systems automatepassword recovery
  • Account lockout policies lock out an account after an incorrect password is entered too many times
  • Smart cards are credit-card-size cards that have embedded certificates used for authentication.They require a PKI to issue certificates

Integrity

Provides assurance  that data has  not been modifiedtampered with or corrupted through unauthorized or unintended  changes.  Data  can  be  a  message,  a  file, or data  within  a  database.  Hashing  is  one method  of ensuring that integrity has not been lost.

A  hash  is  simply  a  string (number/alphabet) created  by  executing  a hashing algorithm againstdata such as a file or message. As long as the datanever changes, the resulting hash will always be thesame.

Non-Repudiation

Prevents entities from denying they took an action. Digital signatures and audit logs  provide  non-repudiation

Availability

Ensures that data and services are available when needed. A common goal is to remove Single Points of Failure (SPOF). Methods used to increase or maintain availability include fault tolerance, backups, virtualization, cloud computing, HVAC systems, generators. Hot, cold and warm sites are also use to ensure availability.

Confidentiality, Integrity and Availabilityare  not treated equally  in all  situations.Organizations  may prioritize  differently depending on their  goals and cost involved.

error: Content is protected !!