|
authentication
of identity
Identification-and-authentication
(I&A) is a core requirement of all security regimes. "Who
are you?" and "Can you prove it?" must be answered
in ways that allow legitimate persons in and keep intruders
out (and do so without undue disruption of legitimate activities).
One need not use
computers to experience I&A -- protocols for proving identity
are a ubiquitous feature of every adult's life. Think "Can
I see your driver's license?" from the last time you
used a credit card or wrote a personal check. Even simple
devices like mechanical locks can be thought of as performing
a kind of primitive I&A -- authenticating the right of
entry to a physical space based on the possession of a physical
key.
Physical proximity
makes authentication easier, and not just because it allows
the use of simple tokens like identification cards or keys.
Consider how often you verify someone's identity simply because
they are familar to you (or, failing that, because they just
"look right"). Information systems applications
require authentication of physically dispersed persons over
a network -- sometimes referred to as e-authentication --
and so present greater challenges.
In computer contexts,
a user's identification is typically translated as a unique
"user-ID." (It is unique to that particular system
anyway. A social security number or employee number is another
form of user-ID, unique within its particular context.) Verification
that one really is the holder of that user-ID, rather than
an imposter, is accomplished via three basic approaches:
- something the
person knows, like a user-ID and password;
- something the
person possesses, like a smart card; or
- something the
person "is," like a fingerprint.
These methods may
be used individually or combined.
User-ID/password
combinations are the classic knowledge-based authentication
scheme, and subject to a variety of well-understood limitations.
Such information can be forgotten by the legitimate user,
and obtained by theft or guesswork by illegitimate ones. (More
on passwords.)
Physical tokens
eliminate the need to remember things -- and the security
problem that occurs when people write down the things they
cannot remember. But tokens can be lost by their legitimate
holders, and, as with passwords, make their way into the hands
of illegitimate ones. (More on tokens.)
The last of these
are generically labeled "biometric" methods. They
include measurements of face, eye (retina or iris), finger
(fingertip, thumb, finger length or pattern), palm (print
or topography), hand geometry and just about any other subset
of the body you could envision. Voice (voiceprints) and analysis
of handwritten signatures are also possible. Even measurement
of one's odor. (More on biometrics.)
Combinations of
these methods can add to security if authentication requires
meeting multiple tests of identity -- for example, requiring
both knowledge of a password and possession of a
physical token. This is the method used for automated teller
machine (ATM) access. Alternatively, combined methods can
reduce security, but add to user convenience, if authentication
requires meeting only one of the available identity tests.
(Consider mechanical combination locks that can also be opened
with a key. Or a computer system where access could be gained
by knowing a password or having a physical token.)
All "solutions"
to authentication present tradeoffs among security level achieved,
acquisition and maintenance costs, and the implicit costs
of user inconvenience. The most important tradeoff is between
acceptance errors (the wrong person is let in) and rejection
errors (the right person is kept out). The stricter the authentication
test(s), the more errors of the latter kind and the fewer
of the former.
See also:
|
