Authentication Methods & Protocols

Authentication is the process of determining whether a user should be allowed access to a system. A human can be authenticated to a machine based on any of the following methods:

i. Something you know:

• A password is an example of something you know. An ideal password is something that a user knows, something that a computer can verify about what a user knows and something nobody else can guess.
• Passwords are so popular because of the cost and convenience. Passwords are free, while smartcards and biometric devices cost money.
• It is more convenient for an overworked system administrator to reset a password than to provide a new smartcard or issue a user a new thumb.

ii. Something you have:

• Example of something you have is an ATM card or a smartcard. Smartcards or other hardware tokens can be used for authentication which is based on the something you have principle.
• A smartcard is a credit card sized device that includes a small amount of memory and computing resources, so that it is able to store cryptographic keys or other secrets, and perhaps even do some computations on the card.
• A special purpose smartcard reader is used to read the key stored on the card. Then the key can be used to authenticate the user. Since a key is used, and keys are selected at random, password guessing attacks can be eliminated.

iii. Something you are:

• Biometrics is the something you are method of authentication in other words you are your own key. The main force behind biometrics is the replacement for passwords.
• Biometrics should be cheap and reliable which should be universal, permanent, distinguishing, reliable, robust, collectable and user-friendly. They are used for identification or authentication.
• Biometrics is the measurement of physiological or behavioral features that identify a person. Biometrics measures features that cannot be guessed, stolen or shared.
• Biometrics techniques can be divided into two categories: physiological and behavioral.

iv. Two-Factor Authentication:

• In two-factor authentication both something you have (password generator) and something you know (PIN) is used.
• Any authentication method that requires two out of the three ‘somethings’ is known as two-factor authentication.
• Example of a two-factor authentication is a credit card together with a signature.

An authentication protocol is a type of cryptographic protocol with the purpose of authenticating entities wishing to communicate securely. The various methods are:

i. Authentication using symmetric keys-

• Suppose two users share a symmetric key K and this key is only known to both. Authentication can be accomplished by proving knowledge of this shared symmetric key.
• In process of authentication the key K must not be revealed to a third party user.

ii. Authentication using public keys-

• In authentication using public keys, public key operations can be performed by anybody and only a user can use a private key.

iii. Authentication using Session keys-

• Session keys can be used for confidentiality or integrity protection or both. Session keys are used in secure public key authentication protocols.
• This protocol does not provide mutual authentication

iv. Authentication using Timestamps-

• A timestamp T contains the current time which can be used in place of number or bits since a current timestamp ensures freshness.
• The benefit of a timestamp is that there is no wastage of message exchange assuming the time is known to the users.
• Timestamps are used in real-world security protocols such as Kerberos.