Date security identifcation and authentication
-
Upload
leo-mark-villar -
Category
Technology
-
view
92 -
download
2
Transcript of Date security identifcation and authentication
![Page 1: Date security identifcation and authentication](https://reader035.fdocuments.net/reader035/viewer/2022070514/587d19711a28abae148b7495/html5/thumbnails/1.jpg)
IDENTIFICATION & AUTHENTICATION
![Page 2: Date security identifcation and authentication](https://reader035.fdocuments.net/reader035/viewer/2022070514/587d19711a28abae148b7495/html5/thumbnails/2.jpg)
IDENTIFICATION
• An assertion of who we are • examples :• Who we claim to be as a person• Who a system claims to be over a network• Who the originating party of an email claims
![Page 3: Date security identifcation and authentication](https://reader035.fdocuments.net/reader035/viewer/2022070514/587d19711a28abae148b7495/html5/thumbnails/3.jpg)
METHODS OF IDENTIFICATION
• Full names• Account numbers• IDs• Usernames• Fingerprints• DNA samples• etc
![Page 4: Date security identifcation and authentication](https://reader035.fdocuments.net/reader035/viewer/2022070514/587d19711a28abae148b7495/html5/thumbnails/4.jpg)
IDENTIFICATION
Who we claim who we are, in many cases, be an information
is subject to change. Thus, an unsubstantiated claim
of identity is not reliable information on its own.
![Page 5: Date security identifcation and authentication](https://reader035.fdocuments.net/reader035/viewer/2022070514/587d19711a28abae148b7495/html5/thumbnails/5.jpg)
IDENTITY VERIFICATION
• establish a mapping from a person’s/system’s identity to their real life identity• Example :• Show of IDs or other form of identification
![Page 6: Date security identifcation and authentication](https://reader035.fdocuments.net/reader035/viewer/2022070514/587d19711a28abae148b7495/html5/thumbnails/6.jpg)
FALSIFYING IDENTIFICATION
• Methods of identification are subject to change. As such, they are also subject to falsification.
• Identity theft is a major concern today occurring due to lack of authentication requirements for many activities in which we engage.
![Page 7: Date security identifcation and authentication](https://reader035.fdocuments.net/reader035/viewer/2022070514/587d19711a28abae148b7495/html5/thumbnails/7.jpg)
AUTHENTICATION
• Set of methods use to establish a claim of identity as being true.
• FACTORS• Something you know• Something you are• Something you have• Something you do• Where you are
![Page 8: Date security identifcation and authentication](https://reader035.fdocuments.net/reader035/viewer/2022070514/587d19711a28abae148b7495/html5/thumbnails/8.jpg)
SOMETHING YOU KNOW
• Any information that a person can remember to claim to authenticate who he/she is• Examples :• Passwords, PINs, passphrases
• Weak factor since when exposed, this can nullify the uniqueness of our authentication method
![Page 9: Date security identifcation and authentication](https://reader035.fdocuments.net/reader035/viewer/2022070514/587d19711a28abae148b7495/html5/thumbnails/9.jpg)
SOMETHING YOU ARE
• Based on relatively unique physical attributes of an individual often referred to as BIOMETRICS• Examples :• Height, weight, color, fingerprints, retina,
![Page 10: Date security identifcation and authentication](https://reader035.fdocuments.net/reader035/viewer/2022070514/587d19711a28abae148b7495/html5/thumbnails/10.jpg)
SOMETHING YOU HAVE
• Based on possession of an item or device also extending into some logical concepts• Examples :• ATMs, SSS Card, software based security token
![Page 11: Date security identifcation and authentication](https://reader035.fdocuments.net/reader035/viewer/2022070514/587d19711a28abae148b7495/html5/thumbnails/11.jpg)
SOMETHING YOU DO
• Variation of something you are based on actions or behaviors of an individual• Examples :• Handwriting, delay between keystrokes as he types a
passphrase
![Page 12: Date security identifcation and authentication](https://reader035.fdocuments.net/reader035/viewer/2022070514/587d19711a28abae148b7495/html5/thumbnails/12.jpg)
WHERE YOU ARE
• Geographically based authentication factor
![Page 13: Date security identifcation and authentication](https://reader035.fdocuments.net/reader035/viewer/2022070514/587d19711a28abae148b7495/html5/thumbnails/13.jpg)
MULTIFACTOR AUTHENTICATION
• The use of two or more factors in determining the identify of a person as true.• Example :• ATM for something you have while PIN for something you
know
![Page 14: Date security identifcation and authentication](https://reader035.fdocuments.net/reader035/viewer/2022070514/587d19711a28abae148b7495/html5/thumbnails/14.jpg)
MUTUAL AUTHENTICATION
• Refers to an authentication mechanism in which both parties authenticate each other.
• Problems without mutual authentication : IMPERSONATION ATTACK where an attacker inserts himself between the client and the server impersonating the client to the server and the server to the client
• Can be used in combination with multifactor authentication
![Page 15: Date security identifcation and authentication](https://reader035.fdocuments.net/reader035/viewer/2022070514/587d19711a28abae148b7495/html5/thumbnails/15.jpg)
PASSWORDS
• One example of a single factor authentication• Passwords must be strong/complex to prevent
BRUTE FORCE CRACKING trying every possible combination of characters that the password can be composed of until we tried it all.• Practice good password hygiene. Passwords
should not be just anywhere for people to snoop around.• Passwords should not be similar to other user
accounts you have to avoid MANUAL SYNCHRONIZATION OF PASSWORD
![Page 16: Date security identifcation and authentication](https://reader035.fdocuments.net/reader035/viewer/2022070514/587d19711a28abae148b7495/html5/thumbnails/16.jpg)
BIOMETRICS
• refers to or metrics related to human characteristics and traits is used in computer science as a form of identification and access control
• BIOMETRIC IDENTIFIERS are the distinctive, measurable characteristics used to label and describe individuals
![Page 17: Date security identifcation and authentication](https://reader035.fdocuments.net/reader035/viewer/2022070514/587d19711a28abae148b7495/html5/thumbnails/17.jpg)
CATEGORIES OF BIOMETRICS
• PHYSIOLOGICAL• Anything related to the shape of the body. • Examples:• fingerprint, palm veins, face recognition, DNA, palm print,
hand geometry, iris recognition, retina and odor/scent. • BEHAVIORAL• related to the pattern of behavior of a person,• Examples : typing rhythm, voice
![Page 18: Date security identifcation and authentication](https://reader035.fdocuments.net/reader035/viewer/2022070514/587d19711a28abae148b7495/html5/thumbnails/18.jpg)
FACTORS ASSESSING SUITABILITY OF A BIOMETRICS FOR AUTHENTICATION
• Universality• Uniqueness• Permanence• Collectability• Performance• Acceptability• Circumvention
![Page 19: Date security identifcation and authentication](https://reader035.fdocuments.net/reader035/viewer/2022070514/587d19711a28abae148b7495/html5/thumbnails/19.jpg)
FACTORS ASSESSING SUITABILITY OF A BIOMETRICS FOR AUTHENTICATION
• UNIVERSALITY• Find a biometric characteristics in the majority of the
people we expect to enroll in the system.
• ENROLLMENT – recording a biometric characteristic from the user.
• UNIQUENESS• Measure of how unique a particular characteristic is
among individuals.
![Page 20: Date security identifcation and authentication](https://reader035.fdocuments.net/reader035/viewer/2022070514/587d19711a28abae148b7495/html5/thumbnails/20.jpg)
FACTORS ASSESSING SUITABILITY OF A BIOMETRICS FOR AUTHENTICATION
• PERMANENCE• Biometric characteristic tested how well it would resists
change over time and with advancing age.
• COLLECTABILITY• How easy to acquire a characteristic which we can later
authenticate the user.
• PERFORMANCE• Set of metrics of how well a given system functions • Factors to consider : speed, accuracy and error rate
![Page 21: Date security identifcation and authentication](https://reader035.fdocuments.net/reader035/viewer/2022070514/587d19711a28abae148b7495/html5/thumbnails/21.jpg)
MEASURING PERFORMANCE OF A BIOMETRIC SYSTEM
• FALSE ACCEPTANCE RATE• Occurs when we accept a user whom we should actually
have rejected also referred as FALSE POSITIVE• FALSE REJECTION RATE• Problem of rejecting a legitimate user when we should
have accepted referred to as FALSE NEGATIVE.• EQUAL ERROR RATE• Balance between the two error types. It is the
intersection of False Acceptance Rate and False Rejection Rate.
• Used as a measure of the accuracy of biometric system
![Page 22: Date security identifcation and authentication](https://reader035.fdocuments.net/reader035/viewer/2022070514/587d19711a28abae148b7495/html5/thumbnails/22.jpg)
ISSUES ON BIOMETRIC SYSTEM
• Some might be falsified• Privacy in the use of biometrics