CNT4403 Authentication

Authentication

The process of establishing identity by evaluating the authenticity of credentials. It answers the question, "To whom am I speaking?"

Why Authentication?

Authentication establishes our identity so that we can obtain the set of rights. Vendor/customer are not physically co-located, so we must find other ways of providing identity.

Identity

That which gives an individual access, largely determined by the context and the party evaluating the credential.

Credential

A credential is basically evidence or proof used to show that you are really who you say you are. They usually fall into three main categories: Something you know (passwords), Something you have (smartcards, smartphones), and Something you are (biometrics, fingerprints, face recognition).

Offline Attack

A password attack where an attacker captures an encrypted message and can then attempt to crack the password on their own system without further interaction, allowing for rapid guessing.

One-Time Password (OTP)

A password that is valid for only one login session or transaction. Token devices can generate these using methods like hash chains.

Basic Authentication

A standard web authentication tool where the client's password is sent to the server in a base-64 encoded format, making it vulnerable to interception.

Digest Authentication

A web authentication tool that improves upon Basic by using a challenge-response protocol, preventing cleartext passwords from being transmitted over the network.