1 / 15

Presented By, T.R.Santhosh

Taxonomies of User-Authenticated Methods in Computer Networks Göran Pulkkis, Arcada Polytechnic, Finland Kaj J. Grahn, Arcada Polytechnic, Finland Jonny Karlsson, Arcada Polytechnic, Finland. Presented By, T.R.Santhosh. Outline. Definitions

baruch
Download Presentation

Presented By, T.R.Santhosh

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Taxonomies of User-Authenticated Methodsin Computer NetworksGöran Pulkkis, Arcada Polytechnic, FinlandKaj J. Grahn, Arcada Polytechnic, FinlandJonny Karlsson, Arcada Polytechnic, Finland Presented By, T.R.Santhosh

  2. Outline • Definitions • Classifications of user-authentication methods based on five different taxonomies. • User identification-based taxonomy. • Authentication methodology-based taxonomy. • Authentication quality-based taxonomy. • Authentication complexity-based taxonomy. • Authentication scope-based taxonomy. • Elements of User Authentication Methods. • User identification. • Authentication protocol. • Registration of legitimate users.

  3. Definitions • Authentication: • User authentication is a process where a computer, computer program, or another user attempts to confirm that a user trying to set up a communication, is the person he or she claims to be. • Identification: • Identification is a way of providing a user with a unique identifier for an automated system. During the authentication process, the system validates the authenticity of the claimed user identity by comparing identification data with data stored in a user registry. • Authorization: • Authorization is a process of assigning rights to an authenticated user to perform certain actions in the system.

  4. User Identification-Based Taxonomy • Thistaxonomy of user authentication is based on how a user identifies himself or herself. • This classification has four main branches, as shown in Figure

  5. User Identification-Based Taxonomy Contd., • The three first branches represent well-known user identification methods: • “something you know” — knowledge-based user authentication • “something you have” — token-based user authentication • “something you are” — biometric-user authentication • The fourth branch, recognition-based user authentication, is a method in which the network authentication system discovers a unique user feature like the MAC address of the user computer.

  6. Authentication Methodology-Based Taxonomy • The taxonomy of user authentication based on the authentication methodology has branches for: • cryptographic authentication. • non-cryptographic authentication. • open access.

  7. Authentication Quality-Based Taxonomy • From the quality point-of-view, user authentication can be classified in the following categories: • Insecure authentication = unacceptable security risks • Weak authentication = significant security risks • Strong authentication = small security risks.

  8. Authentication Complexity-Based Taxonomy • An authentication complexity based taxonomy classifies authentication methods as: • Single-factor authentication. • Multiple-factor authentication. • Multiple-factor authentication means that a user is identified by more than one method. • Token-based authentication is the best-known example of two-factor authentication, since token use is authorized by a PIN or by a passphrase or even biometrically.

  9. Authentication Scope-Based Taxonomy • An authentication scope-based taxonomy classifies authentication methods as, • Service bound methods. • Single sign-on (SSO) methods. • Service-bound authentication gives a legitimate user access to one service or to one computer or to one network. • A SSO authentication opens user access to a set of services and/or computers and/or networks in which this user has been registered.

  10. Elements of an User-Authentication Method • A user authentication method consists of three key elements: • User identification. • Authentication protocol. • Registration of legitimate users.

  11. User Identification • User Passwords • A user password is a character string known only by the user. Security risks are related to password quality and password privacy. Improved password security is achieved by password renewal policies. • Best password security is achieved by one-time passwords. • Exclusive User Ownership of a Token • Exclusive user ownership of a token means exclusive access to a private key in public key cryptography or exclusive access to a generator of successive access codes (timed token or authenticator). • Security risks with tokens generating access-code sequences are related to secrecy of the seed of generation algorithms. • Biometric User Identification

  12. Authentication Protocols • Extensible Authentication Protocol (EAP) • EAP handles the transportation of authentication messages between a client and an Authentication, Authorization, and Accounting (AAA) server over the link layer.

  13. Registration of Legitimate Users • Registration in a File System • Registration in a Directory System • Registration in a Data Base

  14. Conclusion • Secure user-authentication mechanisms are cornerstones in the design and implementation of computer networks or network services containing important and confidential information. • User-authentication needs are dependent on several factors, such as the size of the network, number of users, and the needed security level. • When planning a taxonomy, it is important to consider user perspectives, expectations, sources of information, and uses of information.

  15. References • Enterprise Information Systems Assurance and System Security • Merrill Warkentin • Rayford Vaughn

More Related