Upload
leo-mark-villar
View
92
Download
2
Embed Size (px)
Citation preview
IDENTIFICATION & AUTHENTICATION
IDENTIFICATION
• An assertion of who we are • examples :• Who we claim to be as a person• Who a system claims to be over a network• Who the originating party of an email claims
METHODS OF IDENTIFICATION
• Full names• Account numbers• IDs• Usernames• Fingerprints• DNA samples• etc
IDENTIFICATION
Who we claim who we are, in many cases, be an information
is subject to change. Thus, an unsubstantiated claim
of identity is not reliable information on its own.
IDENTITY VERIFICATION
• establish a mapping from a person’s/system’s identity to their real life identity• Example :• Show of IDs or other form of identification
FALSIFYING IDENTIFICATION
• Methods of identification are subject to change. As such, they are also subject to falsification.
• Identity theft is a major concern today occurring due to lack of authentication requirements for many activities in which we engage.
AUTHENTICATION
• Set of methods use to establish a claim of identity as being true.
• FACTORS• Something you know• Something you are• Something you have• Something you do• Where you are
SOMETHING YOU KNOW
• Any information that a person can remember to claim to authenticate who he/she is• Examples :• Passwords, PINs, passphrases
• Weak factor since when exposed, this can nullify the uniqueness of our authentication method
SOMETHING YOU ARE
• Based on relatively unique physical attributes of an individual often referred to as BIOMETRICS• Examples :• Height, weight, color, fingerprints, retina,
SOMETHING YOU HAVE
• Based on possession of an item or device also extending into some logical concepts• Examples :• ATMs, SSS Card, software based security token
SOMETHING YOU DO
• Variation of something you are based on actions or behaviors of an individual• Examples :• Handwriting, delay between keystrokes as he types a
passphrase
WHERE YOU ARE
• Geographically based authentication factor
MULTIFACTOR AUTHENTICATION
• The use of two or more factors in determining the identify of a person as true.• Example :• ATM for something you have while PIN for something you
know
MUTUAL AUTHENTICATION
• Refers to an authentication mechanism in which both parties authenticate each other.
• Problems without mutual authentication : IMPERSONATION ATTACK where an attacker inserts himself between the client and the server impersonating the client to the server and the server to the client
• Can be used in combination with multifactor authentication
PASSWORDS
• One example of a single factor authentication• Passwords must be strong/complex to prevent
BRUTE FORCE CRACKING trying every possible combination of characters that the password can be composed of until we tried it all.• Practice good password hygiene. Passwords
should not be just anywhere for people to snoop around.• Passwords should not be similar to other user
accounts you have to avoid MANUAL SYNCHRONIZATION OF PASSWORD
BIOMETRICS
• refers to or metrics related to human characteristics and traits is used in computer science as a form of identification and access control
• BIOMETRIC IDENTIFIERS are the distinctive, measurable characteristics used to label and describe individuals
CATEGORIES OF BIOMETRICS
• PHYSIOLOGICAL• Anything related to the shape of the body. • Examples:• fingerprint, palm veins, face recognition, DNA, palm print,
hand geometry, iris recognition, retina and odor/scent. • BEHAVIORAL• related to the pattern of behavior of a person,• Examples : typing rhythm, voice
FACTORS ASSESSING SUITABILITY OF A BIOMETRICS FOR AUTHENTICATION
• Universality• Uniqueness• Permanence• Collectability• Performance• Acceptability• Circumvention
FACTORS ASSESSING SUITABILITY OF A BIOMETRICS FOR AUTHENTICATION
• UNIVERSALITY• Find a biometric characteristics in the majority of the
people we expect to enroll in the system.
• ENROLLMENT – recording a biometric characteristic from the user.
• UNIQUENESS• Measure of how unique a particular characteristic is
among individuals.
FACTORS ASSESSING SUITABILITY OF A BIOMETRICS FOR AUTHENTICATION
• PERMANENCE• Biometric characteristic tested how well it would resists
change over time and with advancing age.
• COLLECTABILITY• How easy to acquire a characteristic which we can later
authenticate the user.
• PERFORMANCE• Set of metrics of how well a given system functions • Factors to consider : speed, accuracy and error rate
MEASURING PERFORMANCE OF A BIOMETRIC SYSTEM
• FALSE ACCEPTANCE RATE• Occurs when we accept a user whom we should actually
have rejected also referred as FALSE POSITIVE• FALSE REJECTION RATE• Problem of rejecting a legitimate user when we should
have accepted referred to as FALSE NEGATIVE.• EQUAL ERROR RATE• Balance between the two error types. It is the
intersection of False Acceptance Rate and False Rejection Rate.
• Used as a measure of the accuracy of biometric system
ISSUES ON BIOMETRIC SYSTEM
• Some might be falsified• Privacy in the use of biometrics