What is Authentication in Network Security

Do you know what is authentication in Network Security ? It is the act of identity verification. The link of definition for Authentication in Network Security is here: Wikipedia.

How can person A be sure that he is communicating with person B?

Three General Ways to authenticate and verify identity

  • Something you know (i.e., Passwords)
  • Something you have (i.e., Tokens)
  • Something you are (i.e., Biometrics)

Something You Know( What is Authentication in Network Security )

What is Authentication in Network Security
Password

Bob asks for a secret that only Alice knows.

Example: Passwords

Pros:

  • Simple to implement
  • Simple for users to understand

Cons:

  • Easy to crack (unless users choose strong ones)
  • Passwords are reused many times
  • Numerous opportunities for the attacker to listen in

One-time Passwords (OTP): different password used each time, but it is difficult for user to remember all of them

A device could be used that could keep track of all the passwords that a user would need to use.

Something you have

What is Authentication in Network Security
OTP Card

OTP Cards: generates a new password each time user logs in.

  • SecureID offered by RSA security

The OTP card is a one Time Password generator. When the code button is pushed, a new dynamic password is displayed on the card.
Smart Card:

  • tamper-resistant
  • In addition, it stores secret information
  • moreover, it can be entered into a card-reader
  • reader must be trusted
  • attacks have been carried out using rogue card readers

ATM Card

  • Not tamper resistant
  • In addition magnetic tape reader can copy contents which can be moved to an empty card
  • Strength of authentication in this case depends on difficulty of forging

Something you ARE ( What is Authentication in Network Security )

Biometrics

What is Authentication in Network Security
Biometrics

Pros: Raises the Bar.

Cons: False Negatives/Positives, Social Acceptance, Key Management.

  • False Positive: User authentication rejected.
  • False Negative: Imposter Accepted.

Cannot revoke the key in case of compromise.



READ MORE

Python-related posts Visit HERE

Data Structures related posts visit HERE

C/C++ related posts Visit HERE

Databases related posts Visit HERE

Algorithms related posts visit HERE

Data Science related posts visit HERE

Share the Knowledge