11455150
Descripción
Mapa Mental por Davide Cometa, actualizado hace más de 1 año
|
Creado por Davide Cometa
hace más de 6 años
|
|
Authentication Systems
Nota:
- Authentication of a human, a software or an hardware system against a relaying party.
- Authentication mechanisms based on
- Knowledge
- Ownership
- Inherence
- Different mechanism of authentication can be
combined to obtain higher levels of authentication
Nota:
- Multi-factor authN: more factors are combined (do not use the same factor twice e.g. two passwords).
- One-factor authN
- Two-factor authN
- Three-factor authN
- Knowledge
- Password-based Authentication
- One problem is the storage of the
password on the server side
- in clear -> anyone can access it
- encrypted -> the key should be
saved
- Hashed -> unprotected digests are subject to
dictionary attacks
- Hashed with salt -> unpredictable digests are
stored. Dictionary attacks and rainbow tables
are made impossible
- in clear -> anyone can access it
- One problem is the storage of the
password on the server side
- Challenge-Response Authentication
- Symmetric CRA
- Asymmetric CRA
- Symmetric CRA
- One-time password Authentication
Nota:
- a simple authentication technique where the password is used only once as authentication information to verify the identity
- Synchronous
Nota:
- password depends on time
- RSA SecurID
Nota:
- It is a proprietary solution intrinsically connected with the producer.
- Asynchronous
- S/KEY
- S/KEY
- Event-based OTP
- OOB OTP
Nota:
- A sort of Password-based authN that increments security by using an out of band OTP exchange (SMS, PSTN are deprecated)
- Different solutions that are
not interoperetable is not
good. A common standard
has been developed
- OATH
- HMAC OTP
- TOTP
- OCRA
- PSKC
- DSKPP
- HMAC OTP
- OATH
- Biometric Authentication
- Captcha
- Biometric Techniques
- API/SPI standardized by CDSA
- FIDO
- API/SPI standardized by CDSA
- Captcha
- Zero Knowledge Password Proof
- SSO - Single Sign-On
- Fictious
Nota:
- Different services require different authentication passwords that are provided by a manager that asks for a global password (like the password wallet, that automatically manages pwds and authNs).
- Integral
- Multi-application
Nota:
- asymmetric challenge-response systems. All the services are able to recognize the same user credential.
- Kerberos
- Multi-domain
Nota:
- A service accepts the credential of a service in another domain (like the access with google account on different websites).
- Multi-application
- Fictious
¿Quieres crear tus propios Mapas Mentales gratis con GoConqr? Más información.