Sunday, 20 December 2020

OS: Authentication and Authorization

 

Authentication:

o   Authentication is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicating a person or thing's identity, authentication is the process of verifying that identity. It might involve validating personal identity documents, verifying the authenticity of a website with a digital certificate.

o   In computer science, verifying a user's identity is often required to allow access to confidential data or systems.

o   Authentication can be considered to be of three types:

o   The first type of authentication is accepting proof of identity given by a credible person who has first-hand evidence that the identity is genuine.

o   The second type of authentication is comparing the attributes of the object itself to what is known about objects of that origin.

o   In art and antiques, certificates are of great importance for authenticating an object of interest and value.

o   The third type of authentication relies on documentation or other external affirmations

o   In computer science, a user can be given access to secure systems based on user credentials that imply authenticity. A network administrator can give a user a password, or provide the user with a key card or other access device to allow system access. In this case, authenticity is implied but not guaranteed.

 

Authentication factors:

The ways in which someone may be authenticated fall into three categories:

1.     Something the user knows,

2.     Something the user has, and

3.     Something the user is.

o   Each authentication factor covers a range of elements used to authenticate or verify a person's identity prior to being granted access, approving a transaction request, signing a document or other work product, granting authority to others, and establishing a chain of authority.

 

o   The three factors (classes) and some of elements of each factor are:

 

1.    The knowledge factors:

Something the user knows (e.g., a password, partial password, pass phrase, or personal identification number (PIN), challenge response (the user must answer a question, or pattern), Security question.

2.    The ownership factors:

Something the user has (e.g., wrist band, ID card, security token, implanted device, cell phone with built-in hardware token, software token, or cell phone holding a software token)


1.    The inherence factors:

Something the user is or does (e.g., fingerprint, retinal pattern, DNA sequence (there are assorted definitions of what is sufficient), signature, face, voice, unique bio-electric signals, or other biometric identifier).


o   Single-factor authentication:

As the weakest level of authentication, only a single component from one of the three categories of factors is used to authenticate an individual’s identity. This type of authentication is not recommended for financial or personally relevant transactions that warrant a higher level of security.


o   Multi-factor authentication:

Multi-factor authentication involves two or more authentication factors (something you know, something you have, or something you are). Two-factor authentication is a special case of multi-factor authentication involving exactly two factors.

For example, using a bankcard (something the user has) along with a PIN (something the user knows) provides two-factor authentication.


o   Authentication types:

 

1.    Strong authentication: it is defines as layered authentication approach relying on two or more authenticators to establish the identity of an originator or receiver of information.

2.    Continuous authentication: The authentication systems that have been built based on these behavioral biometric traits are known as active or continuous authentication systems.

3.    Digital authentication: The term digital authentication, also known as electronic authentication, refers to a group of processes where the confidence for user identities is established and presented via electronic methods to an information system. It is also referred to as e-authentication.


Authentication vs. Authorization:


BASIS FOR COMPARISON

AUTHENTICATION

AUTHORIZATION

Basic

Checks the person's identity to grant access to the system.

Checks the person's privileges or permissions to access the resources.

Includes process of

Verifying user credentials.

Validating the user permissions.

Order of the process

Authentication is performed at the very first step.

Authorization is usually performed after authentication.

Examples

In the online banking applications, the identity of the person is first determined with the help of the user ID and password.

In a multi-user system, the administrator decides what privileges or access rights does each user have.


No comments:

Post a Comment