Taxonomies of User-Authenticated Methods in Computer Networks ...

collarlimabeansΑσφάλεια

23 Φεβ 2014 (πριν από 3 χρόνια και 1 μήνα)

60 εμφανίσεις

Taxonomies of User
-
Authenticated
Methods

in Computer Networks


Göran Pulkkis, Arcada Polytechnic, Finland

Kaj J. Grahn, Arcada Polytechnic, Finland

Jonny Karlsson, Arcada Polytechnic, Finland

Presented By,

T.R.Santhosh

4/28/2008

2

Outline


Definitions


Classifications of user
-
authentication methods
based on five different taxonomies.


User identification
-
based taxonomy.


Authentication methodology
-
based taxonomy.


Authentication quality
-
based taxonomy.


Authentication complexity
-
based taxonomy.


Authentication scope
-
based taxonomy.


Elements of User Authentication Methods.



User identification.


Authentication protocol.


Registration of legitimate users
.


4/28/2008

3

Definitions


Authentication:


User authentication is a process where a computer, computer
program, or another user attempts to confirm that a user trying to
set up a communication, is the person he or she claims to be.


Identification:


Identification is a way of providing a user with a unique identifier
for an automated system. During the authentication process, the
system validates the authenticity of the claimed user identity by
comparing identification data with data stored in a user registry.


Authorization:


Authorization is a process of assigning rights to an authenticated
user to perform certain actions in the system.

4/28/2008

4

User Identification
-
Based
Taxonomy


This

taxonomy of user authentication is based on how a user
identifies himself or herself.


This classification has four main branches, as shown in
Figure


4/28/2008

5

User Identification
-
Based
Taxonomy Contd.,


The three first branches represent well
-
known user identification methods:


“something you know”


knowledge
-
based user
authentication


“something you have”


token
-
based user
authentication


“something you are”


biometric
-
user
authentication


The fourth branch, recognition
-
based user
authentication, is a method in which the network
authentication system discovers a unique user
feature like the MAC address of the user
computer.

4/28/2008

6

Authentication Methodology
-
Based Taxonomy


The taxonomy of user authentication based on the
authentication methodology has branches for:


cryptographic authentication.


non
-
cryptographic authentication.


open access
.


4/28/2008

7

Authentication Quality
-
Based
Taxonomy


From the quality point
-
of
-
view,
user authentication can be
classified in the following
categories:


Insecure authentication
=
unacceptable security risks


Weak authentication
=
significant security risks


Strong authentication
=
small security risks.


4/28/2008

8

Authentication Complexity
-
Based Taxonomy


An authentication complexity based
taxonomy classifies authentication methods
as:


Single
-
factor authentication.


Multiple
-
factor authentication.


Multiple
-
factor authentication
means that a
user is identified by more than one method.


Token
-
based authentication
is the best
-
known
example of two
-
factor authentication, since
token use is authorized by a PIN or by a
passphrase or even biometrically.

4/28/2008

9

Authentication Scope
-
Based
Taxonomy


An authentication scope
-
based taxonomy
classifies authentication methods as,


Service bound methods.


Single sign
-
on
(SSO) methods.


Service
-
bound authentication gives a
legitimate user access to one service or to
one computer or to one network.


A SSO authentication opens user access to
a set of services and/or computers and/or
networks in which this user has been
registered.

4/28/2008

10

Elements of an User
-
Authentication Method


A user authentication method consists
of three key elements:


User identification.


Authentication protocol.


Registration of legitimate users.

4/28/2008

11

User Identification



User Passwords


A user password is a character string known only by the user.
Security risks are related to password quality and password
privacy. Improved password security is achieved by password
renewal policies.


Best password security is achieved by
one
-
time passwords
.


Exclusive User Ownership of a Token


Exclusive user ownership of a token means exclusive access to
a private key in public key cryptography or exclusive access to a
generator of successive access codes (timed token or
authenticator).


Security risks with tokens generating access
-
code sequences
are related to secrecy of the seed of generation algorithms.


Biometric User Identification

4/28/2008

12

Authentication Protocols


Extensible Authentication Protocol (EAP)


EAP handles the transportation of authentication messages between a
client and an
Authentication, Authorization, and Accounting
(AAA) server
over the link layer.


4/28/2008

13

Registration of Legitimate Users


Registration in a File System


Registration in a Directory System


Registration in a Data Base


4/28/2008

14

Conclusion



Secure user
-
authentication mechanisms
are cornerstones in the design and
implementation of computer networks or
network services containing important and
confidential information.


User
-
authentication needs are dependent
on several factors, such as the size of the
network, number of users, and the needed
security level.


When planning a taxonomy, it is important
to consider user perspectives, expectations,
sources of information, and uses of
information.

4/28/2008

15

References



Enterprise Information Systems
Assurance and System Security


Merrill Warkentin


Rayford Vaughn