strong authentication for information security
DESCRIPTION
Strong authentication for information security - http://www.ifour-consultancy.comTRANSCRIPT
STRONGAUTHENTICATION
• Strong authentication is an authentication that combines at least two authentication factors of different types to enhance the security of the verification of the identity.
• The most common example is using the credit card (something you have) with a PIN code (something you know).
• Accessing an email account with username and password is not strong authentication: the username is your identity and the password is the sole authentication factor (something you know).
INTRODUCTION
http://www.ifour-consultancy.com Offshore software development company India
http://www.ifour-consultancy.com Offshore software development company India
NEED FOR STRONG AUTHENTICATION
There are three essential reasons why an organization may decide to us strong authentication :
The cost associated with loss of unauthorized data
A corporation could be held liable for an attack by a hacker
Authentication tool should be capable of evolving as technology and threat changes
http://www.ifour-consultancy.com Offshore software development company India
AUTHENTICATION - SMART CARDS
The card itself is the item that the user must possess.
The second factor may be a PIN, a password, or even a thumbprint
The most important information passed by the smart card to the
computer is the identity of the user.
When the computer receives that identity,
the authentication is completehttp://www.ifour-consultancy.com Offshore software development company India
AUTHENTICATION – DIGITAL CERTIFICATES
PKI is based on certificates provided to individuals through a registration process. The validity of stored information is consistently validated and supported by the infrastructure
Certificates allow individual users, workstations and servers to identify themselves to each other, by digital signing of e-mail messages, software source files, secure Web communications, and Web site
http://www.ifour-consultancy.com Offshore software development company India
http://www.ifour-consultancy.com Offshore software development company India
AUTHENTICATION - BIOMETRICS
Automated biometrics in general, and fingerprint technology in particular, can provide a much more accurate and reliable user authentication method
As a biometric property is an intrinsic property of an individual, it is difficult to duplicate and nearly impossible to share
http://www.ifour-consultancy.com Offshore software development company India
ONE-TIME PASSWORD (OTP)
http://www.ifour-consultancy.com Offshore software development company India
OUT OF BANDOut-of-band refers to utilizing two separate networks or channels,
one of which being different from the primary network or channel, simultaneously used to communicate between two parties or devices for identifying a user
Disadvantage - Similar to e-mail or SMS OTPs, this requirement introduces a time lag and requires that the user be at the location of the registered phone number
http://www.ifour-consultancy.com Offshore software development company India
SPLIT AUTHENTICATION
http://www.ifour-consultancy.com Offshore software development company India
PROBLEMS TO STRONG AUTHENTICATION
• Authentication has to be done multiple times for which the cost effectiveness is not much when the data protected is not very critical.
• This factor of cost effectiveness makes it unacceptable in certain organizations and it is not accepted when the data to be protected is not crucial or critical.
http://www.ifour-consultancy.com Offshore software development company India
CONCLUSION
The growth of the Internet, the increase in users requiring access to networks, and the move to remote working has fundamentally changed the requirements for authentication over the last few years. However, users are still lagging behind developments and relying on single static passwords, which are wholly inadequate.
It is time for companies to improve their authentication procedures, if they want to remain secure and avoid potential business disruption, financial loss, and reputation damage.
http://www.ifour-consultancy.com Offshore software development company India
REFERENCES
http://ict.govt.nz/guidance-and-resources/standards-compliance/authentication-standards/guidance-multi-factor-authentication/3-factors-authenticati/
http://pciguru.wordpress.com/2010/05/01/one-two-and-three-factor-authentication/
http://www.checkpoint.com/securitycafe/readingroom/general/truth_authentication.html
http://www.technologyevaluation.com/search/for/disadvantages-of-multi-factor-authentication-approach.html
Symbiosis studentsAmrita SinhaShanta MonicaChandani GanganiyaRuchita Upadhyay
http://www.ifour-consultancy.com Offshore software development company India
http://www.ifour-consultancy.com Offshore software development company India