Definition
Authentication is the procedure a user must follow
to gain access to the resources of a system or computer network. This
procedures involves identification (telling the system who the user is)
and authentication (proving that the user is who he/she claims to be).
Authentication in itself does not check the user’s rights to access;
these rights are confirmed in the authorization process.
As a rule, the security system of data networks, to
grant access to network services, require three processes: (1)
authentication, (2) authorization, and (3) accounting.
-
Authentication: It is the procedure whereby the
user unmistakably identifies himself/herself, that is, without doubt
or error that he/she is indeed who he/she claims to be.
-
Authorization: It is the procedure whereby the
data network authorizes the identified user to gain access to
certain network resources.
-
Accounting: It is the procedure whereby the
network registers each and every access to the resources made by the
user, whether authorized or not.
These three processes are known in English by the
acronym AAA, that is, Authentication, Authorization and Accounting.
Types of authentication Authentication can be carried out using one or
several of the following methods:
-
Authentication by proprietary knowledge: based on
information that only the users knows.
-
Authentication by personal belonging: based on
something that the user has.
-
Authentication by biological characteristics:
based on some physical feature of the user.
On the basis of the above, it can be inferred that
authentication involves both physical and logical aspects related to
the access, use and modification of the resources of the network or
system. Physical authentication Physical authentication is based on
some physical object that the user has or one of the user’s biological
characteristics, in which case some type of biometric mechanism is
used. The information taken in the authentication procedure is
transferred to the authorization procedure carried out by persons,
electronic security devices or cybersecurity systems. Logical
authentication Logical authentication can be used to identify persons
or systems and is based on information that only the user knows.
Authentication and authorization are carried out by specialized
software.
If two or more authentication methods are combined,
it is called multi-factor authentication, which is a safer
authentication. For example, there is double authentication if the
user must present two types of identification, a physical one (a card)
and the other something that the user has to memorize such as a
security password or a personal identification number (PIN), as in the
case of a bank card that is used on an automatic teller machine (ATM).
Some systems, however, use triple authentication (with three factors):
a physical object, a password, and some biometric information such as
a fingerprint.
Claudia Patricia Santiago Cely
Julio Garavito Colombian School of Engineering
Additional Information: This document is part of
the material of the distance course "Security of Information
networks" that is now being offered by
the Regional Training Center and Node of the Center of Excellence
of the ITU: Julio Garavito Colombian School of Engineering
(Escuela Colombiana de Ingeniería “Julio Garavito”). CITEL/OAS
offered 17
complete fellowships of the registration fee of US$ 200.
|
|