Data Protection and Security

   

VII

Identification and Entity Authentication

    
       

VII.I

Introduction

    
   
 

There are two types of authentication:

  • entity authentication is to allow one party (the verifier) to gain assurance that the identity of another (the claimant) is as declared, thereby preventing impersonation.[more]
  

 

 
 

Sessions: [1]

    
       

VII.II

Passwords

    
   
 

The phrase password-based authentication refers to the procedure that involves a secret quantity (the password) that you state to prove you know it. [more]

  

 

 
  Sessions: [1] [2] [3] [4] [5]    
       

VII.III

Authentication Protocols

    
   
 

In the previous section, we have seen that transmission of cleartext password poses eavesdropping risks and a common attack is “listen to the channel, steal the password and replay it later”. [more]

  

 

 
  Sessions: [1] [2] [3] [4] [5] [6] [7] [8] [9]    
       

VII.IV

Biometrics and Smartcards

    
   
 

Biometric devices measure physical characteristics of users and match them against the user profile. [more]

  

 

 
  Sessions: [1] [2]    
       

VII.V

Phishing Attacks

    
   
 

In a recent article, Bruce Schneier has claimed that multifactor authentication technology most banks do offer to customers nowadays is too late and too little. [more]

  

 

 
  Sessions: [1]    
       

VII.VI

Summary

    
   
 

One of the essential security services is authentication. In this chapter, we first explore password-based authentication and see its drawbacks in section 2. [more]

  

 

 
  Sessions: [1]    
       
       
 
  proceed to first section »