This document provides an overview of various authentication methods and access control techniques. It discusses biometric authentication using fingerprints, iris scans, and other physiological traits. It also covers risks of biometric authentication like environmental factors impacting accuracy. Additional topics summarized include use of tokens, multi-factor authentication, single sign-on, and public key infrastructure for identity verification.
2. TABLE OF CONTENT
S. NO. T O P I C SLIDE NO.
1. AC C E S S C O NT R O L 3 - 4
2. BI O M E T R I C AU T H E NT I C AT I O N 5 - 7
3. P HY S I O LO G I C AL BI O M E T R I C C O NT R O LS 8 - 9
4. R I S K S O F BI O M E T R I C AU T HE NT I C AT I O N 10 - 11
5. U S E O F T O K E NS 12
6. M U LT I - F AC T O R AU T H E NT I C AT I O N 13
7. S I NG LE S I G N- O N 14
8. P U BLI C K E Y I NF R AS T R U C T U R E 15
9. S T R AT E G I C P LANNI NG 16
10. R E F E R E NC E S 17
3. ACCESS CONTROL
• ACCESS CONTROL INCLUDES
• Identification
• Authentication
• Authorization
• Accountability.
• COMMON PRACTICES FOR ACCESS CONTROL
• Based on determined roles as well as responsibilities.
• Principle of least privilege must be followed.
• Access control should be constantly reviewed and audited.
• Logging-Off information.
4. ACCESS CONTROL
• COMMON CONTROL TYPES FOR ACCESS CONTROL
• TECHNICAL CONTROL
• Use of Biometrics
• Access Control Cards
• Username & Password
• Encryption
• ADMINISTRATIVE CONTROL
• These include security awareness trainings, procedures, supervisory
structures, personnel control and testing.
• PHYSICAL CONTROL
• These include computer security, perimeter security, guards and trained
dogs and mantraps.
• Protocols for Remote Access Authentication
• Access Control Lists (ACL)
• Account Restrictions
• Policy Enforcement
5. BIOMETRIC AUTHENTICATION
• Verifies users by identifying and measuring users behavioural and physiological
features.
• Provides stronger access control in contrast to pins/ passwords as they can be
forgotten, lost or shared.
• Biometric measures maximize between-individual random variances while
simultaneously minimizing within-individual variability.
• Different type of biometric authentication includes:
• Face recognition
• Fingerprint scanning
• Iris/ retinal scanning
• Hand geometry
• Vein infrared thermo gram
• Palm print and gait
6. BIOMETRIC AUTHENTICATION
• Voice Identification is also used, however in an ambient setting, as it includes
obstacles like, eavesdropping, manipulation.
• Yet its application for disabled and visually impaired/handicapped users is immeasurable.
• Good biometric systems have low false rejection and false acceptance.
• Unable to achieve 100% accuracy results in bad users experience and is limiting
commercialization of this technology.
• BIOMETRIC BEHAVIOUR ASSOCIATION & BEHAVIOUR MEASURES
• Biometric techniques are costly & complex in contrast to other methods.
• Requires uniqueness of eyes and finger for validation.
• Acceptable standard speed of authentication is not more than 5-Seconds.
• With enrolment time of up to 2-Minutes.
• Throughput of 6-10 per minute.
7. BIOMETRIC AUTHENTICATION
• BIOMETRIC CONTROLS & PSYCHOLOGICAL ANALYSIS
• False Reject Rate (FRR)
• Authorized individuals are erroneously denied access meaning there is a
possibility of the system denying access to an individual who has been
matched to the template.
• False Accept Rate (FAR)
• Unauthorized individuals, without a match template are erroneously
allowed access.
• Cross Error Rate (CER)
• It allows users to compare cross systems and remains the most accurate biometric
system.
8. PHYSIOLOGICAL BIOMETRIC CONTROLS
• FINGERPRINT RECOGNITION
• Cheap, non-intrusive method is used to develop images of ridges, whorls & fingerprint
minutia, which can be static and dynamic.
• Only disadvantage of the sensor wearing off, it is affected by swellings and injuries and is
prone to deception.
• RETINAL SCAN
• Includes recording unique components in the blood vessels of the retina and identifying
patterns on the rear eyeball.
• It has the disadvantages of damaging the eye ball due to the laser and the retina patterns
may change as a result of heart diseases or diabetes.
• IRIS SCAN
• Most accurate among all biometric authentication as iris patterns remain constant
throughout adulthood and vary between two eyes on an individual .
9. PHYSIOLOGICAL BIOMETRIC CONTROLS
• KEYSTROKE & CONTROL DYNAMICS ANALYSIS
• This involves analysing and recognizing an individual’s unique typing rhythm.
It uses flight time and dwell time.
• SIGNATURE DYNAMICS SYSTEMS
• These use user signatures for reference and recognition. They capture the
way the pen is held and the amount of pressure exerted and signing speed.
They have the advantage of being non-intrusive but speed wear and
changing speed can be a barrier.
10. RISK OF BIOMETRIC AUTHENTICATION
• Camera sensitivity, lighting & angle determines accuracy of facial recognition.
• Accessories like glasses and lenses can make a person look different.
• Temperature and problem with finger can temper with finger print scans.
• Apple’s Touch ID, can be bypassed with the use of latex and accurate sensors.
• Several system utilized information such as geo-location.
• Problem with keystroke dynamics is that, people varies in their typing speed, and while
using different keyboards in varying interfaces.
• In addition, right handed individuals type slower with their left hand and vice versa.
• Index finger allows users to type faster because of its consistent use & instinctive ability.
11. RISK OF BIOMETRIC AUTHENTICATION
• Camera sensitivity, lighting & angle determines accuracy of facial recognition.
• Accessories like glasses and lenses can make a person look different.
• Temperature and problem with finger can temper with finger print scans.
• Apple’s Touch ID, can be bypassed with the use of latex and accurate sensors.
• Several system utilized information such as geo-location.
• Problem with keystroke dynamics is that, people varies in their typing speed, and while
using different keyboards in varying interfaces.
• In addition, right handed individuals type slower with their left hand and vice versa.
• Index finger allows users to type faster because of its consistent use & instinctive ability.
12. USE OF TOKENS
• ONE TIME PASSWORD (OTP)
• Provides maximum security, with list of passwords, and uses them in sequence. But hackers could sniff password.
• Users can authenticate with a pin or token, and don’t need to remember or choose password.
• IMPORTANCE
• They have been designed to replace session IDs, reducing server load, rationalizing permission management, and offering
appropriate tools for supporting a cloud-based or distributed infrastructure.
• This process has the advantage of statelessness, the token generated by the server need not be stored anywhere.
• DRAWBACKS OF OTPs
• This has the disadvantage of trust, users will have to deal with the malware through the SMS as encryption on cellular networks is
weak.
• OTP can be inconvenient as the user has to copy the OTP from the device that received it to the login form.
• TIME BASED OTP
• Token are required for every user thus require more investment.
• Users need to carry the token with them at all times as they won’t be allowed to access the system otherwise.
• Users cannot use the system for a long time without the token.
• Connections can be vulnerable to sniffing.
• Users need to ensure the safety of their tokens.
• Security tokens may not be compatible with all severs or applications.
13. MULTI-FACTOR AUTHENTICATION
• MFA also known as two step authentication is an authentication username, password, and additional authentication such as personal
information or a physical token.
• It guarantees that the users are who they are.
• It requires that users identify themselves by presenting a minimum of 2-pieces of evidence through three major categories.
• MFA provides layers of protection to the user by preventing a ripple effect.
• Some companies employ a MFA for every user this with SSO makes it very secure and completely eliminates the need for passwords.
• IMPORTANCE
• MFA offers good end user experience and robust security.
• It has the advantage of increasing the system’s security when needed.
• Due to the magnitude of loss in case of violation MFA requires additional proof.
• MFA AUTHENTICATION CONSIDERATIONS
• Users are locked out of their accounts in case of a single mistake.
• Though used to keep hackers away, hackers can create their own two step authentication to keep users locked out.
14. SINGLE SIGN-ON
• Users can identify themselves to servers only once through this method.
• Users can login multiple times with a single password but compromise in a single authentication can compromise all available resources.
• The following should be considered when implementing SSO.
• Since one authentication regulates access to resources this process should be secure.
• Smart cards and tokens maybe used to strengthen the authentication process.
• Password policies need to be enforced implementing minimum password length, complexity of password, minimum time for renewal, and
maximum frequency of attempts.
• Encryption to protect against sniffing should be used. Logins should be used to detect suspicious login attempts.
• Authentication servers must be used.
• POTENTIAL RISKS
• Authentication and privacy keys are a security concern.
• If the SSO server is unavailable the users cannot access any site.
• SSO is not suitable for multi-user computers if they remain logged at all times.
• They lack back up and better authentication.
• If the password is weak it is easy to identify and hack accounts, once hacked all accounts will be compromised.
15. PUBLIC KEY INFRASTRUCTURE
• PKI is defined as a technology that uses mathematical processes and algorithms to facilitate secure transactions using
data integrity, data confidentiality, and authentication by Kim.
• PKI uses certificates, developed by a trusted certificate authority to prove an individual’s identity.
• The user is authenticated by the certificate authority’s private key.
• This certificate can be used for authentication to access many applications that check the identity through the digital
signature from the CA.
• PKI is valuable to applications that require no pre-registration like online transactions.
• Users only require a certificate from the certificate authority.
• RISKS OF PKI
• There is no governing body to enforce the standards of PKI.
• CAs are trusted third parties but limitations in security procedures over the years.
• It has resulted in less trust in PKI as any compromise in CA can expose the entire PKI security to risks
16. STRATEGIC PLANNING
• Strategic operations define an organization’s strategy or direction and the decisions it takes and the resources it allocates to pursue that
strategy.
• Organizations need to keep in mind the following:
• What the organization is currently doing
• Who they are doing it for
• How will they excel going forward
• Strategic decisions keep in view the next three to five years and consider any potential mishaps. These mishaps may also include
untapped opportunities.
• These decisions are affected by factors that may be out of the organization’s control, e.g. wars, geopolitical shocks etc.
• Organizations’ strategies should also address how they intend to sustain their operations and provide quality products or services to their
customers while including capabilities for future innovations.
• Strategic planning involves the following steps:
• Clarifying Mission & Vision Statements
• Identifying Current & Future Market Position
• Prioritizing
17. REFERENCES
• Alfred, A. (2016). Node.js: Token-Based Authentication Part 3. Defining Routes and Implementing Token-Based Authentication.
• Dasgupta, D., Roy, A., & Nag, A. (January 01, 2017). Multi-Factor Authentication: More secure approach towards authenticating
individuals.
• Dimov, D., & In Tistarelli, M. (2015). Biometric Authentication. Cham (Alemania: Springer.
• Kim, D. (2016). Access control, authentication, and public key infrastructure: Laboratory manual to accompany.
• Kung, S. Y., Mak, M.-W., & Lin, S.-H. (2017). Biometric authentication: A machine learning approach. Upper Saddle River: Prentice Hall.
• Miller, W. (2015). Foundations of iOS Security: Working with Single Sign-on Authentication.
• Roebuck, K. (2017). Security Tokens: High-impact Strategies - What You Need to Know: Definitions, Adoptions, Impact, Benefits, Maturity,
Vendors. Dayboro: Emereo Pub.
• Schmeh, K. (2016). Cryptography and Public Key Infrastructure on the Internet. New York, NY: John Wiley & Sons.
• Sampson, A. (2015). Architecting Microsoft Azure Solutions: Multi-factor Authentication Overview.
• Stanislav, M. (2015). Two-factor authentication. Ely, Cambridgeshire, United Kingdom: It Governance Publishing.