IDENTIFICATION

AND
AUTHENTICATION
Identification is the claim of what some- one or something is.
Authentication establishes whether this claim is true.
EX. Payment cards.
 IDENTIFICATION
 Assertion of who we are.

This may include:

• who we claim to be as a person
• who a system claims to be over the network.

• who the originating party of an e-mail claims to be, or similar transactions.

WHO WE CLAIM TO BE
 Who we claim to be can, in many cases, be an item of information that is subject to
change.
 Unsubstantiated claim of identity is not reliable information on its own.
IDENTITY VERIFICATION

 A step beyond identification .

 E.G. showing a driver’s license, Social Security card, birth certificate, or other similar form of identification.
FALSIFYING IDENTIFICATION

 Methods of identification are subject to change. As such, they are also subject to
falsification
 Identity theft.
AUTHENTICATION

 Set of methods we use to establish a claim of identity as being true.

 Only establishes whether the claim of identity that has been made is correct.
FACTORS
Methods that can be used:
 Something you know (passwords, PINs, passphrases, or any item of information that a person can remember )

 Something you are (based on the relatively unique physical attributes of an individual)

 Something you have (based on the physical possession of an item or a device)

 Something you do (based on the actions or behaviors of an individual )

 Where you are (geographically based authentication factor)

SECURITY
TOKEN
MULTIFACTOR AUTHENTICATION

 Uses one or more of the factors.

 Two-Factor authentication.
MUTUAL AUTHENTICATION

 Authentication mechanism in which both parties authenticate each other.

 Ex. Digital certificates.

MAN-IN-THE-
MIDDLE
ATTACK
PASSWORDS

 Password-cracking utility

 Brute force attack.

 Manual synchronization
BIOMETRICS

• Used in authentication factor.

BIOMETRIC FACTORS SEVEN
CHARACTERISTICS:

Universality
 We should be able to find our chosen biometric characteristic in the majority of
people we expect to enroll in the system.
BIOMETRIC FACTORS SEVEN
CHARACTERISTICS:
 Uniqueness is a measure of how unique a particular characteristic is among individuals.

 Collectability measures how easy it is to acquire a characteristic with which we can later authenticate
a user.
 Performance is a set of metrics that judge how well a given system functions (speed, accuracy, and
error rate).
 Acceptability is a measure of how acceptable the particular characteristic is to the users of the system.
BIOMETRIC FACTORS SEVEN
CHARACTERISTICS:

 Circumvention describes the ease with which a system can be tricked by a falsified
biometric identifier.
 Permanence shows how well a particular characteristic resists change over time and
with advancing age.
MEASURING PERFORMANCE
 False acceptance rate (FAR) occurs when we accept a user whom we should actually have rejected.
This type of issue is also referred to as a false positive.

 False rejection rate (FRR) is the problem of rejecting a legitimate user when we should have
accepted him.
 False negative.
REFERENCE

 Andress, J. 2011. The Basics of Information Security.

THANK YOU