Upload
brittany-sanders
View
213
Download
0
Embed Size (px)
Citation preview
Taxonomies of User-Authenticated Methods
in Computer Networks
Göran Pulkkis, Arcada Polytechnic, FinlandKaj J. Grahn, Arcada Polytechnic, Finland
Jonny Karlsson, Arcada Polytechnic, Finland
Presented By,
T.R.Santhosh
4/28/2008 2
OutlineDefinitionsClassifications of user-authentication methods
based on five different taxonomies.– User identification-based taxonomy.– Authentication methodology-based taxonomy.– Authentication quality-based taxonomy.– Authentication complexity-based taxonomy.– Authentication scope-based taxonomy.
Elements of User Authentication Methods. – User identification.– Authentication protocol.
– Registration of legitimate users.
4/28/2008 3
Definitions
Authentication:– User authentication is a process where a computer, computer
program, or another user attempts to confirm that a user trying to set up a communication, is the person he or she claims to be.
Identification:– Identification is a way of providing a user with a unique identifier
for an automated system. During the authentication process, the system validates the authenticity of the claimed user identity by comparing identification data with data stored in a user registry.
Authorization:– Authorization is a process of assigning rights to an authenticated
user to perform certain actions in the system.
4/28/2008 4
User Identification-Based Taxonomy This taxonomy of user authentication is based on how a user
identifies himself or herself. This classification has four main branches, as shown in
Figure
4/28/2008 5
User Identification-Based Taxonomy Contd.,The three first branches represent well-
known user identification methods:– “something you know” — knowledge-based user
authentication– “something you have” — token-based user
authentication– “something you are” — biometric-user
authentication– The fourth branch, recognition-based user
authentication, is a method in which the network authentication system discovers a unique user feature like the MAC address of the user computer.
4/28/2008 6
Authentication Methodology-Based TaxonomyThe taxonomy of user authentication based on the
authentication methodology has branches for:– cryptographic authentication.– non-cryptographic authentication.
– open access.
4/28/2008 7
Authentication Quality-Based Taxonomy From the quality point-of-view,
user authentication can be classified in the following categories:
– Insecure authentication = unacceptable security risks
– Weak authentication = significant security risks
– Strong authentication = small security risks.
4/28/2008 8
Authentication Complexity-Based TaxonomyAn authentication complexity based
taxonomy classifies authentication methods as:– Single-factor authentication.– Multiple-factor authentication.
Multiple-factor authentication means that a user is identified by more than one method.– Token-based authentication is the best-known
example of two-factor authentication, since token use is authorized by a PIN or by a passphrase or even biometrically.
4/28/2008 9
Authentication Scope-Based TaxonomyAn authentication scope-based taxonomy
classifies authentication methods as,– Service bound methods.– Single sign-on (SSO) methods.
Service-bound authentication gives a legitimate user access to one service or to one computer or to one network.
A SSO authentication opens user access to a set of services and/or computers and/or networks in which this user has been registered.
4/28/2008 10
Elements of an User-Authentication MethodA user authentication method consists
of three key elements:– User identification.– Authentication protocol.– Registration of legitimate users.
4/28/2008 11
User Identification
User Passwords– A user password is a character string known only by the user.
Security risks are related to password quality and password privacy. Improved password security is achieved by password renewal policies.
– Best password security is achieved by one-time passwords.
Exclusive User Ownership of a Token– Exclusive user ownership of a token means exclusive access to
a private key in public key cryptography or exclusive access to a generator of successive access codes (timed token or authenticator).
– Security risks with tokens generating access-code sequences are related to secrecy of the seed of generation algorithms.
Biometric User Identification
4/28/2008 12
Authentication Protocols
Extensible Authentication Protocol (EAP)– EAP handles the transportation of authentication messages between a
client and an Authentication, Authorization, and Accounting (AAA) server over the link layer.
4/28/2008 13
Registration of Legitimate Users
Registration in a File SystemRegistration in a Directory SystemRegistration in a Data Base
4/28/2008 14
ConclusionSecure user-authentication mechanisms
are cornerstones in the design and implementation of computer networks or network services containing important and confidential information.
User-authentication needs are dependent on several factors, such as the size of the network, number of users, and the needed security level.
When planning a taxonomy, it is important to consider user perspectives, expectations, sources of information, and uses of information.
4/28/2008 15
References
Enterprise Information Systems Assurance and System Security– Merrill Warkentin– Rayford Vaughn