Authentication Systems

Descripción

Mapa Mental sobre Authentication Systems, creado por Davide Cometa el 18/11/2017.
Davide Cometa
Mapa Mental por Davide Cometa, actualizado hace más de 1 año
Davide Cometa
Creado por Davide Cometa hace alrededor de 7 años
31
0

Resumen del Recurso

Authentication Systems

Nota:

  • Authentication of a human, a software or an hardware system against a relaying party.
  1. Authentication mechanisms based on
    1. Knowledge
      1. Ownership
        1. Inherence
          1. Different mechanism of authentication can be combined to obtain higher levels of authentication

            Nota:

            • Multi-factor authN: more factors are combined (do not use the same factor twice e.g. two passwords).
            1. One-factor authN
              1. Two-factor authN
                1. Three-factor authN
              2. Password-based Authentication
                1. One problem is the storage of the password on the server side
                  1. in clear -> anyone can access it
                    1. encrypted -> the key should be saved
                      1. Hashed -> unprotected digests are subject to dictionary attacks
                        1. Hashed with salt -> unpredictable digests are stored. Dictionary attacks and rainbow tables are made impossible
                      2. Challenge-Response Authentication
                        1. Symmetric CRA
                          1. Asymmetric CRA
                          2. One-time password Authentication

                            Nota:

                            • a simple authentication technique where the password is used only once as authentication information to verify the identity
                            1. Synchronous

                              Nota:

                              • password depends on time
                              1. RSA SecurID

                                Nota:

                                • It is a proprietary solution intrinsically connected with the producer.
                              2. Asynchronous
                                1. S/KEY
                                2. Event-based OTP
                                  1. OOB OTP

                                    Nota:

                                    • A sort of Password-based authN that increments security by using an out of band OTP exchange (SMS, PSTN are deprecated)
                                    1. Different solutions that are not interoperetable is not good. A common standard has been developed
                                      1. OATH
                                        1. HMAC OTP
                                          1. TOTP
                                            1. OCRA
                                              1. PSKC
                                                1. DSKPP
                                            2. Biometric Authentication
                                              1. Captcha
                                                1. Biometric Techniques
                                                  1. API/SPI standardized by CDSA
                                                    1. FIDO
                                                  2. Zero Knowledge Password Proof
                                                    1. SSO - Single Sign-On
                                                      1. Fictious

                                                        Nota:

                                                        • Different services require different authentication passwords that are provided by a manager that asks for a global password (like the password wallet, that automatically manages pwds and authNs).
                                                        1. Integral
                                                          1. Multi-application

                                                            Nota:

                                                            • asymmetric challenge-response systems. All the services are able to recognize the same user credential.
                                                            1. Kerberos
                                                            2. Multi-domain

                                                              Nota:

                                                              • A service accepts the credential of a service in another domain (like the access with google account on different websites).
                                                          Mostrar resumen completo Ocultar resumen completo

                                                          Similar

                                                          Italiano - Vocabulario Básico
                                                          maya velasquez
                                                          Consejos para Estudiar y Citas
                                                          maya velasquez
                                                          Banderas
                                                          Diego Santos
                                                          Oposiciones / Derecho: La Constitución Española - Antecedentes
                                                          maya velasquez
                                                          Criterios generales de evaluación de la Selectividad: Comentarios de Texto
                                                          maya velasquez
                                                          Anatomía cabeza
                                                          maca.s
                                                          Verbos irregulares
                                                          crisferroeldeluna
                                                          Examen de Lengua Castellana de Selectividad
                                                          maya velasquez
                                                          Los agentes de la economía
                                                          María Eugenia Méndez Piamba
                                                          Los tipos de Emprendedores Existentes
                                                          Laura -
                                                          EXAMEN DE SIMULACIÓN PAA VERBAL PARTE 2
                                                          CAROLINA SABORI