Authentication Systems

Description

Mind Map on Authentication Systems, created by Davide Cometa on 18/11/2017.
Davide Cometa
Mind Map by Davide Cometa, updated more than 1 year ago
Davide Cometa
Created by Davide Cometa about 7 years ago
31
0

Resource summary

Authentication Systems

Annotations:

  • Authentication of a human, a software or an hardware system against a relaying party.
  1. Authentication mechanisms based on
    1. Knowledge
      1. Ownership
        1. Inherence
          1. Different mechanism of authentication can be combined to obtain higher levels of authentication

            Annotations:

            • Multi-factor authN: more factors are combined (do not use the same factor twice e.g. two passwords).
            1. One-factor authN
              1. Two-factor authN
                1. Three-factor authN
              2. Password-based Authentication
                1. One problem is the storage of the password on the server side
                  1. in clear -> anyone can access it
                    1. encrypted -> the key should be saved
                      1. Hashed -> unprotected digests are subject to dictionary attacks
                        1. Hashed with salt -> unpredictable digests are stored. Dictionary attacks and rainbow tables are made impossible
                      2. Challenge-Response Authentication
                        1. Symmetric CRA
                          1. Asymmetric CRA
                          2. One-time password Authentication

                            Annotations:

                            • a simple authentication technique where the password is used only once as authentication information to verify the identity
                            1. Synchronous

                              Annotations:

                              • password depends on time
                              1. RSA SecurID

                                Annotations:

                                • It is a proprietary solution intrinsically connected with the producer.
                              2. Asynchronous
                                1. S/KEY
                                2. Event-based OTP
                                  1. OOB OTP

                                    Annotations:

                                    • A sort of Password-based authN that increments security by using an out of band OTP exchange (SMS, PSTN are deprecated)
                                    1. Different solutions that are not interoperetable is not good. A common standard has been developed
                                      1. OATH
                                        1. HMAC OTP
                                          1. TOTP
                                            1. OCRA
                                              1. PSKC
                                                1. DSKPP
                                            2. Biometric Authentication
                                              1. Captcha
                                                1. Biometric Techniques
                                                  1. API/SPI standardized by CDSA
                                                    1. FIDO
                                                  2. Zero Knowledge Password Proof
                                                    1. SSO - Single Sign-On
                                                      1. Fictious

                                                        Annotations:

                                                        • Different services require different authentication passwords that are provided by a manager that asks for a global password (like the password wallet, that automatically manages pwds and authNs).
                                                        1. Integral
                                                          1. Multi-application

                                                            Annotations:

                                                            • asymmetric challenge-response systems. All the services are able to recognize the same user credential.
                                                            1. Kerberos
                                                            2. Multi-domain

                                                              Annotations:

                                                              • A service accepts the credential of a service in another domain (like the access with google account on different websites).
                                                          Show full summary Hide full summary

                                                          Similar

                                                          Chemistry Quiz General -3
                                                          lauren_johncock
                                                          Creando un conjunto de fichas
                                                          PatrickNoonan
                                                          Korean Grammar Basics
                                                          Eunha Seo
                                                          Sociology- Family and Households Flashcards
                                                          Heloise Tudor
                                                          Apresentações em Inglês
                                                          miminoma
                                                          Of Mice and Men - Themes
                                                          Hafsa A
                                                          GoConqr Quick Guide to Getting Started
                                                          Andrea Leyden
                                                          English Language Techniques
                                                          lewis001
                                                          B1.1.1 Diet and Exercise Flash Cards
                                                          Tom.Snow
                                                          A-LEVEL ENGLISH LANGUAGE : Key Theorists
                                                          Eleanor H
                                                          SalesForce ADM 201 Study Quiz
                                                          Brianne Wright