IDENTIFICATION & AUTHENTICATION

IDENTIFICATION

• An assertion of who we are • examples :• Who we claim to be as a person• Who a system claims to be over a network• Who the originating party of an email claims

METHODS OF IDENTIFICATION

• Full names• Account numbers• IDs• Usernames• Fingerprints• DNA samples• etc

IDENTIFICATION

Who we claim who we are, in many cases, be an information

is subject to change. Thus, an unsubstantiated claim

of identity is not reliable information on its own.

IDENTITY VERIFICATION

• establish a mapping from a person’s/system’s identity to their real life identity• Example :• Show of IDs or other form of identification

FALSIFYING IDENTIFICATION

• Methods of identification are subject to change. As such, they are also subject to falsification.

• Identity theft is a major concern today occurring due to lack of authentication requirements for many activities in which we engage.

AUTHENTICATION

• Set of methods use to establish a claim of identity as being true.

• FACTORS• Something you know• Something you are• Something you have• Something you do• Where you are

SOMETHING YOU KNOW

• Any information that a person can remember to claim to authenticate who he/she is• Examples :• Passwords, PINs, passphrases

• Weak factor since when exposed, this can nullify the uniqueness of our authentication method

SOMETHING YOU ARE

• Based on relatively unique physical attributes of an individual often referred to as BIOMETRICS• Examples :• Height, weight, color, fingerprints, retina,

SOMETHING YOU HAVE

• Based on possession of an item or device also extending into some logical concepts• Examples :• ATMs, SSS Card, software based security token

SOMETHING YOU DO

• Variation of something you are based on actions or behaviors of an individual• Examples :• Handwriting, delay between keystrokes as he types a

passphrase

WHERE YOU ARE

• Geographically based authentication factor

MULTIFACTOR AUTHENTICATION

• The use of two or more factors in determining the identify of a person as true.• Example :• ATM for something you have while PIN for something you

know

MUTUAL AUTHENTICATION

• Refers to an authentication mechanism in which both parties authenticate each other.

• Problems without mutual authentication : IMPERSONATION ATTACK where an attacker inserts himself between the client and the server impersonating the client to the server and the server to the client

• Can be used in combination with multifactor authentication

PASSWORDS

• One example of a single factor authentication• Passwords must be strong/complex to prevent

BRUTE FORCE CRACKING trying every possible combination of characters that the password can be composed of until we tried it all.• Practice good password hygiene. Passwords

should not be just anywhere for people to snoop around.• Passwords should not be similar to other user

accounts you have to avoid MANUAL SYNCHRONIZATION OF PASSWORD

BIOMETRICS

• refers to or metrics related to human characteristics and traits is used in computer science as a form of identification and access control

• BIOMETRIC IDENTIFIERS are the distinctive, measurable characteristics used to label and describe individuals

CATEGORIES OF BIOMETRICS

• PHYSIOLOGICAL• Anything related to the shape of the body. • Examples:• fingerprint, palm veins, face recognition, DNA, palm print,

hand geometry, iris recognition, retina and odor/scent. • BEHAVIORAL• related to the pattern of behavior of a person,• Examples : typing rhythm, voice

FACTORS ASSESSING SUITABILITY OF A BIOMETRICS FOR AUTHENTICATION

• Universality• Uniqueness• Permanence• Collectability• Performance• Acceptability• Circumvention

FACTORS ASSESSING SUITABILITY OF A BIOMETRICS FOR AUTHENTICATION

• UNIVERSALITY• Find a biometric characteristics in the majority of the

people we expect to enroll in the system.

• ENROLLMENT – recording a biometric characteristic from the user.

• UNIQUENESS• Measure of how unique a particular characteristic is

among individuals.

FACTORS ASSESSING SUITABILITY OF A BIOMETRICS FOR AUTHENTICATION

• PERMANENCE• Biometric characteristic tested how well it would resists

change over time and with advancing age.

• COLLECTABILITY• How easy to acquire a characteristic which we can later

authenticate the user.

• PERFORMANCE• Set of metrics of how well a given system functions • Factors to consider : speed, accuracy and error rate

MEASURING PERFORMANCE OF A BIOMETRIC SYSTEM

• FALSE ACCEPTANCE RATE• Occurs when we accept a user whom we should actually

have rejected also referred as FALSE POSITIVE• FALSE REJECTION RATE• Problem of rejecting a legitimate user when we should

have accepted referred to as FALSE NEGATIVE.• EQUAL ERROR RATE• Balance between the two error types. It is the

intersection of False Acceptance Rate and False Rejection Rate.

• Used as a measure of the accuracy of biometric system

ISSUES ON BIOMETRIC SYSTEM

• Some might be falsified• Privacy in the use of biometrics