Information Security

⌘K
  2. Home
  4. Docs
  6. Information Security
  8. User Authentication
  10. User Authentication Principles

User Authentication Principles

User authentication is the process of verifying the identity of a user, device, or system before granting access to resources.

  • It ensures that only authorized entities can access sensitive data or services.

Types of Authentication:

Authentication methods can be categorized based on the strength and reliability of the identity verification process. Below are detailed explanations of the key types:

Types of Authentication

1.) Non-repudiable Authentication:

Non-repudiable authentication is a type of authentication where the proof of identity cannot be denied or disputed by the user. This means that once authentication is completed, the user cannot later claim that they did not perform the authenticated action.

  • It relies on authentication factors that are uniquely and permanently linked to the individual.
  • The strongest form of non-repudiable authentication involves biometric characteristics, which are extremely difficult to forge or replicate.
  • Examples include iris scans, hand geometry, and retina images.
  • These biometric factors provide definitive and highly reliable identity verification, ensuring accountability and trust in secure systems.

2.) Repudiable Authentication:

Repudiable authentication is based on less reliable factors, which can be denied, lost, or compromised. It does not offer the same level of assurance as non-repudiable methods.

  • This includes authentication methods based on knowledge or possession.
  • Examples include passwords, PINs, smart cards, or security tokens.
  • These credentials can be forgotten, stolen, copied, or shared, making them more vulnerable to misuse.
  • Because users could plausibly deny having used these credentials, repudiable authentication is weaker in terms of accountability.

Phases of Authentication:

Phases of Authentication

1.) Identification Phase:

  • In the identification phase, the user initiates the authentication process by providing a unique identifier—typically a user ID or username—to the security system.
  • Essentially, this phase allows the system to recognize which user is attempting to gain access, but it does not yet confirm whether the user is actually who they claim to be.

2.) Verification Phase:

  • During this phase, the user must present evidence, known as a credential, to prove their identity. This credential could be a password, smart card, fingerprint, facial scan, or other forms of authentication.
  • The system then validates the provided credential by comparing it with the previously stored authentication information linked to the user ID. If the verification is successful, the user is authenticated and granted access to the system.

Authentication Factors:

Authentication systems rely on one or more factors to verify the identity of a user. These factors fall into distinct categories, each representing a different method of proving one’s identity. The use of multiple factors is often referred to as multi-factor authentication (MFA) and greatly enhances security.

Authentication Factors

1.) Something You Know (Knowledge-Based Factor):

  • This factor relies on information that only the user should know. The system verifies identity by prompting the user to enter known information.
  • Examples include passwords, PINs (Personal Identification Numbers), and answers to security questions.

For instance, when logging into an account, a user may be asked to enter a password that only they should know.

2.) Something You Have (Possession-Based Factor):

  • This factor involves a physical object in the user’s possession that proves their identity. The system confirms access by validating that the user has this specific item.
  • Examples include smart cards, hardware tokens, security keys (like YubiKeys), or ID badges.

3.) Something You Are (Inherence-Based Factor – Biometric):

  • This factor uses physical or biological characteristics that are unique to each individual. It is typically classified as static biometrics, meaning the trait does not change significantly over time.
  • Examples include fingerprint scans, retina or iris recognition, and facial recognition.

For example, a smartphone may authenticate the user using their fingerprint or facial features.

4.) Something You Do (Behavior-Based Factor – Dynamic Biometrics):

  • This factor is based on the way an individual performs a specific action, also known as dynamic biometrics. These behaviors are unique and can be used to confirm identity.
  • Examples include voice recognition, typing rhythm, and signature or handwriting analysis.

Authentication vs. Authorization:

1.) Authentication (AuthN):

  • It is the process of verifying the identity of a user, device, or system. It involves checking whether someone or something is truly who or what it claims to be.
  • This process is typically carried out using credentials such as usernames and passwords, biometric scans, smart cards, or tokens. In simple terms, authentication answers the question: “Who are you?”

2.) Authorization (AuthZ):

  • It occurs after authentication and is the process of determining what actions, resources, or services an authenticated user is permitted to access.
  • For example, while authentication confirms your identity, authorization determines whether you have permission to view a file, access a system, or perform a specific task. In essence, authorization answers the question: “What can you access?”

How can we help?

Leave a Reply

Your email address will not be published. Required fields are marked *