11455150
Beschreibung
Mindmap von Davide Cometa, aktualisiert more than 1 year ago
|
Erstellt von Davide Cometa
vor etwa 7 Jahre
|
|
Authentication Systems
Anmerkungen:
- Authentication of a human, a software or an hardware system against a relaying party.
- Authentication mechanisms based on
- Knowledge
- Ownership
- Inherence
- Different mechanism of authentication can be
combined to obtain higher levels of authentication
Anmerkungen:
- Multi-factor authN: more factors are combined (do not use the same factor twice e.g. two passwords).
- One-factor authN
- Two-factor authN
- Three-factor authN
- Knowledge
- Password-based Authentication
- One problem is the storage of the
password on the server side
- in clear -> anyone can access it
- encrypted -> the key should be
saved
- Hashed -> unprotected digests are subject to
dictionary attacks
- Hashed with salt -> unpredictable digests are
stored. Dictionary attacks and rainbow tables
are made impossible
- in clear -> anyone can access it
- One problem is the storage of the
password on the server side
- Challenge-Response Authentication
- Symmetric CRA
- Asymmetric CRA
- Symmetric CRA
- One-time password Authentication
Anmerkungen:
- a simple authentication technique where the password is used only once as authentication information to verify the identity
- Synchronous
Anmerkungen:
- password depends on time
- RSA SecurID
Anmerkungen:
- It is a proprietary solution intrinsically connected with the producer.
- Asynchronous
- S/KEY
- S/KEY
- Event-based OTP
- OOB OTP
Anmerkungen:
- A sort of Password-based authN that increments security by using an out of band OTP exchange (SMS, PSTN are deprecated)
- Different solutions that are
not interoperetable is not
good. A common standard
has been developed
- OATH
- HMAC OTP
- TOTP
- OCRA
- PSKC
- DSKPP
- HMAC OTP
- OATH
- Biometric Authentication
- Captcha
- Biometric Techniques
- API/SPI standardized by CDSA
- FIDO
- API/SPI standardized by CDSA
- Captcha
- Zero Knowledge Password Proof
- SSO - Single Sign-On
- Fictious
Anmerkungen:
- Different services require different authentication passwords that are provided by a manager that asks for a global password (like the password wallet, that automatically manages pwds and authNs).
- Integral
- Multi-application
Anmerkungen:
- asymmetric challenge-response systems. All the services are able to recognize the same user credential.
- Kerberos
- Multi-domain
Anmerkungen:
- A service accepts the credential of a service in another domain (like the access with google account on different websites).
- Multi-application
- Fictious
Möchten Sie kostenlos Ihre eigenen Mindmaps mit GoConqr erstellen? Mehr erfahren.