Authentication – Part I, the Achille’s heel.
November 5, 2008 3 Comments
Most practitioners will agree that state of the art encryption systems (including quantum encryption) provide an adequate level of protection of the information trusted to them. In fact, other than the existence of programming errors in the encryption functions, the only hope an attacker has to gain access to encrypted information, is to fool the authentication measures and impersonate a legitimate user.
The fact that there is no bullet proof authentication system (still an open problem) is indeed the Achille’s heel of modern data security systems.
In a broad sense Authentication has been associated with identification, however a more stringent criterion can be applied if we define it as:
Authentication, the process of verifying that the user has the credentials that authorize him/her to access certain service.
The difference between Identification and Authorization is important and has been analyzed at length by Jim Harper in his book Identity Crisis.
Traditionally, user authentication is based on one or more of the following:
- Something you know, for example a password or PIN number
- Something you have, for example, a smart card or an ATM card
- Something that is physically connected to the user such as biometrics, voice, handwriting, etc.
A fourth factor to be considered is Somebody you know, which has been recently added to the list of factors for electronic authentication, although it has always been a very common form of identification within social networks.
You can hear about this subject at Steve Gibson’s podcast