Who Goes There? Authentication Through the Lens of Privacy (2003) / Chapter Skim
Currently Skimming:
5 Authentication Technologies
5 Authentication Technologies
Pages 104-137
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 104... ...
Throughout, this chapter also touches on the privacy implications of specific technologies in the context of authentication systems, as appropriate. TECHNOLOGICAL FLAVORS OF AUTHENTICATION "Individual authentication" is defined in Chapter 1 as the process of establishing an understood level of confidence that an identifier refers to a specific individual.
|
From page 105... ...
This lack of explicit, secure, two-way authentication can subvert many types of individual authentication mechanisms. If a presenter provides an identifier and authenticator to the wrong verifier, both security and privacy are adversely affected.
|
From page 106... ...
In this latter context, the technical term for the security service being provided is "data origin authentication." Continuous authentication is generally a result of a transition from initial, individual authentication to data origin authentication. It is the source (origin)
|
From page 107... ...
The object is issued to an identified individual and retained by the individual, so that possession of the object serves to identify the individual. In the last class are biometric authentication technologies, which measure physical and behavioral characteristics of an individual.
|
From page 108... ...
Finding 5.1: Static passwords are the most commonly used form of user authentication, but they are also the source of many system security weaknesses, especially because they are often used inappropriately. Recommendation 5.1: Users should be educated with respect to the weaknesses of static passwords.
|
From page 109... ...
More secure authentication technologies can be based on password technology at some levels. For example, schemes such as encrypted key exchange (EKE)
|
From page 110... ...
These schemes employ sophisticated cryptographic mechanisms and protocols to counter many of the attacks that are effective against static passwords. They typically provide one-way, initial authentication, which may transition to two-way, data-origin and peer-entity authentication for subsequent communication.
|
From page 111... ...
generally do not offer readers as standard equipment, so there are cost barriers to the use of such cards for individual authentication in home or corporate environments. This is a good example of trade-offs among competing goals of security, user convenience, and cost.
|
From page 112... ...
Thus, for example, the identifier and password provided by a user for initial authentication may be transformed into a cookie to facilitate continuous authentication of the HTTP session. Sometimes a cookie is a bigger secret than an individual could remember.
|
From page 113... ...
The costs for these cards is somewhat higher than those for magnetic-stripe cards, and smart card readers are more expensive as well, but smart storage cards offer more data storage than magnetic-stripe cards do, and they resist wear better.l° Universal Serial Bus (USB) storage tokens are another hardware storage token format.
|
From page 114... ...
The term "software token" has been coined to refer to the use of secrets stored on a computer and employed in conjunction with an authentication protocol. Software tokens are not as secure as hardware storage tokens, since the secrets used by the software are held in files in a computer on a long-term basis.
|
From page 115... ...
As typically employed in a user-to-system authentication exchange, this is an example of a one-way initial authentication scheme, but New York, ACM Press; O Goldreich and H
|
From page 116... ...
are qualitatively different from all of the previous token types. They can be much more secure than hardware storage tokens or software tokens, because they can maintain secret values within the card and never export them (i.e., transmit secrets off the card)
|
From page 120... ...
can extract secret values stored on smart cards.l5 Processor tokens are noticeably more expensive than magnetic-stripe cards or other storage tokens. The cost of readers varies, depending on which token technology is employed.
|
From page 121... ...
The scoring aspect of biometrics is a major departure from other classes of individual authentication technologies, which provide a simple, binary determination of whether an authentication attempt was successful. The scoring aspect of biometric authentication technologies means that they exhibit Type I (false negative)
|
From page 122... ...
Although all biometric measures change over time, an individual cannot forget his or her biometric values, unlike passwords and PINs, nor can they be lost, like hardware tokens. Thus, life-cycle costs can, in principle, be lower for biometric authentication technologies, primarily because of reduced helpdesk costs.
|
From page 123... ...
Biometric authentication offers only one-way initial authentication. As noted above, biometric authentication does not provide direct protection for secrets, so it does not provide a basis for bootstrapping from initial to continuous authentication, nor does it support two-way authentication, unlike many of the "something you have" technologies described above.
|
From page 124... ...
The assumption underlying the perceived security benefits of multifactor authentication is that the failure modes for different factors are largely independent. So, for example, a hardware token might be lost or stolen, but the PIN required for use with the token would not be lost or stolen at the same time.
|
From page 125... ...
Some types of authentication technologies require some degree of centralization for example, to help amortize the costs associated with deployment to gain security benefits. Kerberos and public key infrastructure (PKI)
|
From page 126... ...
, as with any authentication system the privacy implications will ultimately depend on choices made at the design, implementation, and use stages.21 Detailed analysis of a particular product is beyond the scope of this report. Public key infrastructure has often been touted as a universal authentication technology, one that might have national or even global scope.
|
From page 127... ...
2. Client queries the Initial Ticket Service of the Kerberos key distribution center (KDC)
|
From page 128... ...
(See Box 5.6 for a brief description of public key cryptography.) Since each public key certificate carries a clearly visible identifier for the person represented by the certificate, it is easy to link different uses of the same certificate to that person's identity.
|
From page 130... ...
30 WHO GOES THERE? centralized fashion24 25 that supports this notion of multiple identities for an individual and thus supports privacy.
|
From page 131... ...
seem to derive from the scope of the public key infrastructures. Recommendation 5.3: Public key infrastructures should be limited in scope in order to simplify their deployment and to limit adverse privacy effects.
|
From page 132... ...
SECURITY CONSIDERATIONS FOR INDIVIDUAL AUTHENTICATION TECHNOLOGIES Authentication technologies are often characterized by the security that they offer, specifically in terms of resistance to various types of attack. Many authentication technologies rely on the use of secret values such as passwords, PINs, cryptographic keys, and so on.
|
From page 133... ...
Verification of the credential, and thus authentication of the individual possessing the credential, would be based on successful validation of the digital signature associated with the data. Careful use of public key cryptography can make the digital signature highly secure, protecting against modification of the signed data or creation of new, fake signed data.
|
From page 134... ...
It is critical that later instances of the biometric capture process ensure that it is a real person whose biometric features are being captured this may mean requiring biometric sensors to be continuously monitored by humans. Biometric authentication systems may be fooled by fake body parts or photographs created to mimic the body parts of real individuals.30 They also may be attacked by capturing the digitized representation of a biometric feature for an individual and injecting it into the system, claiming that the data are a real scan of some biometric feature.
|
From page 135... ...
If the system makes use of hardware tokens, provisions will have to be made to replace lost or stolen tokens. Users and system administrators must be trained to work with an authentication technology and with that technology's interaction with varying operating systems and applications.
|
From page 136... ...
Thus, there can be no single right answer to the question of how much authentication technology should cost. CONCLUDING REMARKS The preceding chapters describe three different conceptual types of authentication (identity, attribute, and individual)
|
From page 137... ...
In general, decentralized systems tend to be more preserving of privacy, but the core authentication technologies that make up authentication systems tend to be privacy-neutral. What matters most in terms of privacy are design, implementation, and policy choices, as described elsewhere in this report.
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.