Unit 5: Identification and Authentication
As users or systems attempt to access secured data, their identities must be verified. The fundamentals of system access consist of both identification and authentication. A user identifies with a username and an authentication method to prove their identity. Authentication methods can be simple or more complex, depending on the desired level of security. Today, banks are requiring two-factor authentication, or two ways to authenticate a member's identity. With so many passwords to remember, users want the technology to log in with one password and to authenticate across all systems, or the capability of a single sign-on. This unit will discuss identification, types of authentication, human authentication factors, authentication forms, authentication protocols, methods for single sign-on (SSO), and public-key infrastructure (PKI).
Completing this unit should take you approximately 7 hours.
5.1: IdentificationAlthough they work together, there are differences between identification, authentication, and authorization. When logging into an application a username is commonly used for identification. Authentication means to prove the user’s identity, most commonly via a password. Once a user is authenticated, authorization or access to the system is provided. This section describes these three terms and how together they provide for confidentiality in systems.
5.2: Authentication TypesNow that you understand the principal of authentication, you will learn about some types of authentication to include passwords, tokens, and biometrics. As discussed in the previous section, authentication means to prove a user’s identity. Applications often require passwords to prove identity, but users do not always keep their passwords secure, and even if they do passwords can be cracked. Tokens may come with an increase in cost as they have to be issued, but you are probably familiar with tokens that are typically used as chips in bank cards. Biometrics are even more secure, but are also more expensive to use and sometimes present privacy or ethical issues. Biometrics are something you are and can include various metrics such as fingerprints or iris scans. Your organization may need secure ways to provide authentication, and your understanding of these methods will provide you with the knowledge to recommend a particular method of authentication based on the level of security needed and the desired cost.
5.3: Human Authentication Factors
You now understand the methods of authentication using passwords, tokens, and biometrics. In the previous section you learned that biometric authentication factors are something you are, but human authentication factors can also be something you know or something you have. A pin number or a password can be something you know, while something you have could be a token. When discussing authentication in this section you will learn about the terms something you are, something you know, and something you have in more detail. You should be able to categorize authentication factors by authentication type.
5.4: Authentication Forms
The methods of authentication you have learned used one authentication factor. Authentication can be provided by more than one factor, and today many online applications are requiring multifactor authentication. For instance, most financial institutions are requiring two-factor authentication. When logging into a bank account with a username and password, the application may also require the user to provide a one-time pin that is received via email, text, or phone call. Multifactor authentication increases security that provides for system confidentiality. These methods of authentication are multifactor, two-factor, and mutual authentication and will be described in this section.
5.5: Authentication Protocols: RADIUS, TACACS+, PAP, CHAP, MS-CHAP, and EAPAuthentication types that humans can provide has been discussed, and now we go a step further to describe what a system does with the authentication data received. Authentication protocols receive the authentication data and transfers this data between systems or entities. If a user enters a username and password, the authentication protocol transfers the username and password to the system where user is requesting access. There are different types of authentication protocols and each one has a different method of, and different level of security. This section describes some older and some more advanced types of authentication protocols to include remote authentication dial-in user service (RADIUS), terminal access controller access control system (TACACS+), Diameter, password authentication protocol (PAP), challenge handshake authentication protocol (CHAP), Microsoft CHAP (MS-CHAP), and extensible authentication protocol (EAP).
5.6: Single Sign-On (SSO)As humans log into many systems with varying password requirements, trying to remember multiple passwords can be difficult and leads to password vulnerability. Out of necessity, users will writing passwords down because they cannot remember all of their username and password combinations. This is a common issue for organizations and the security professional may be asked to provide a solution to this problem. Single sign-on (SSO) helps to alleviate the problem of memorizing multiple passwords. SSO is when a user logs into a system with one set of credentials and then is allowed access to multiple applications on that system. This section explains some SSO methods as well as the benefits and the weaknesses that are presented when using these methods.
5.7: Public-Key Infrastructure (PKI)The last topic in this unit is public key infrastructure (PKI). This type of authentication is a cryptographic technique that uses public keys, digital certificates, and asymmetric encryption. Although the cost to implement PKI may be higher than other authentication methods, the system provides for secure data transmission as well as non-repudiation. In this section, you will learn the PKI process and about the role of the certificate authority (CA) and the registration authority (RA). This section will also describe how public and private keys are used together as well as digital certificates. As a security administrator, it is important to understand the benefits of using PKI and digital certificates, and how PKI could be more costly yet beneficial to an organization.
Unit 5 Assessment
- Receive a grade