Free Essay

The Security Authentication Process

In: Computers and Technology

Submitted By ajohnson1527
Words 1415
Pages 6
The Security Authentication Process
Simply put, authentication is the process by which a subject’s (or user’s) identity is verified (Conklin, White, Williams, Davis, & Cothren, 2012). An example of authentication most people are familiar with is their e-mail login. For instance, Gmail requires a person’s Gmail address and individual password to access his or her Gmail account. However, there are numerous types of authentication outside the common username and password. Furthermore, authentication is used in numerous areas of a system to re-verify a user’s identity when he or she is accessing a new area of the system, accessing encrypted data types, and securing the preservation of a system. This paper evaluates the different authentication types, their applications, and additional security measures for securing a system and its data.
Types of Authentication
According to Whitman and Mattford (2010), there are four types of authentication mechanisms, which are: * Something a person knows (passwords or passphrases) * Something a person has (such as cryptographic tokens or smartcards) * Something a person is (a fingerprint, retina or iris scan, or hand topography or geometry * Something a person produces (such as voice or pattern recognition)
The level of access control associated with a system and the data contained on the system is determined by legislation (varies geographically) governing data, and control policies developed and implemented by the entity who owns or controls the data. Passwords and passphrases, or something a person knows, are potentially the most commonly recognized forms of authentication. Specific examples of password and passphrase authentications include a Personal Identification Number (PIN) used at a bank ATM or a password safeguarding an e-mail account. However, stronger authentication is required for some data types, which includes the addition of secondary authentication mechanisms. A bank ATM does not simply allow a person to retrieve cash by entering a PIN. Customers are required to insert their bank card at the ATM, which prompts for the PIN associated with the customer’s card after insertion. The bank card acts as the second item from the list above and is classified as something a person has. Another example of something a person has is using a Common Access Card (CAC) or smartcard to access a system and the data contained therein. Applebee’s Neighborhood Bar and Grill requires employees to carry a smartcard to gain access to their Point-of-Sale (POS) systems. The card has a magnetic strip with an employee’s information programmed into it. Simply sliding the card through a card reader provides Applebee’s employees with access to the POS system where they can do number of tasks such as clock in and out for shifts and place orders for guests. The third type of authentication mechanism from the list is something a person is. For example, a system manufacturer may provide consumers with the option to equip their systems with biometric recognition software and hardware to prevent unauthorized access to a system and its data. This hardware may be used to recognize items such as finger, thumb, or palm prints, facial recognition, or retina or iris scans, which help to verify or authenticate a person’s identity. Types of biometric software includes Verisoft Access Manager, DigitalPersona, and HP Protect Tools, and the hardware used to verify biometrics includes cameras for facial recognition of scanners for recognizing items such as a thumb or finger prints. Something someone produces is the fourth and final type of authentication method from the list above. Examples of things a person produces for authentication are signatures or patterns and speech or audible sounds. Android powered devices such as smartphones and tablets offer a great example of pattern recognition for authenticating a user, which comes in the form of a pattern lock. The user is shown a twelve-dot matrix in which he or she can draw a pattern by connecting the dots. If the person attempting to unlock the device does not draw the approved pattern he or she is denied access to the device. Voice recognition software is another method for verifying a user’s identity through something he or she produces. An example is a person stating their name when prompted by a system to verify his or her identity for the system.
The Authentication Process
The authentication process seems fairly easy to explain using a Personal Computer (PC). When a person sets up a PC for the first time they set up a user profile. A person selects his or her user profile to access their personal profile and data on a system. The user is given the option to set up password protection for his or her profile (something a person knows). To sign on to the PC a user selects his or her profile and enters the password associated with the profile. An invalid password entry restricts access to the selected user profile.
An alternative to using a password is biometrics. Facial recognition software is one example of biometrics. Software installed on a system can control a camera to scan and authenticate a person’s face using various facial features such as a person’s jaw line, upper eye socket outlines, proportion of features such as distance and size of nose, mouth, etc. (FindBiometrics, 2014). Fingerprint, thumb, and palm readers are also good examples of biometric devices. These scan the features of a person’s features to verify their identity. These are excellent sources for authentication because each person’s hand feature is unique to them.
The use of two or more is known as strong authentication (Whitman & Mattford, 2010). Using smartcards in conjunction with PIN is an excellent example of strong authentication. Military and corporate systems are examples of places where strong authentication can prove useful for safeguarding IT systems and the data stored on them. Google uses a secondary authentication method to authenticate users in which a verification code is sent to a user’s phone as a text message. This is similar to having a token without the need to purchase and carry an additional product with a single function.
Securing Data
The authentication process is the first step in securing and preserving data. Using a password deters unauthorized access, but it is not an impenetrable means of security. Administrators can schedule system backups to further safeguard and preserve the integrity of a system and its data from damage or loss resulting from unauthorized access and even hardware or software failure. These backups allow for the restoration of a system in the event an attack is successful and data become damaged or lost. Several factors require consideration regarding backups, which include frequency of backups, extent of data that is backed up, process followed to backup data, verification of data backup creation, retention of data backups, storage of backups, and number of backups (Conklin, White, Williams, Davis, & Cothren, 2012). Creating and implementing a solid backup plan help reduce the amount of damage caused if authentication security measures fail or hardware or software failure results in data corruption.
Conclusion
Authentication is the process in which a user’s identity is verified (Conklin, White, Williams, Davis, & Cothren, 2012). Authentication is used every day in many ways. Signing on to a PC, work station, mobile phone, tablet, or even accessing a bank ATM all require authentication using one, or a combination, of the four authentication types. A PC may require a password whereas access to a work station may require an employee to use biometric authentication methods such as facial recognition software or print scanners to scan a user’s finger or thumbprint. A more advanced means of authentication in a workplace may require the use of a smartcard and PIN to gain access to a system. Financial institutions use ATM cards with PIN to aid in the prevention of unauthorized use of a customer’s card. Regardless of use, authentication is the first line of defense for safeguarding data. Following authentication is the use of backups for securing data. Backups reduce the damage caused in the event of unauthorized access and hardware or software failure. Organizations can benefit from solid backup policies and procedures coupled with strong authentication mechanisms to secure the data of a system from unauthorized access and unexpected hardware or software failures.

References
Conklin, A. W., White, G., Williams, D., Davis, R., & Cothren, C. (2012). Principles of Computer Security: CompTIA Security+ and Beyond. McGraw-Hill.
FindBiometrics. (2014). Facial Recognition. Retrieved from findbiometrics.com: http://findbiometrics.com/solutions/facial-recognition/
Whitman, M. P., & Mattford, H. M. (2010). Management of Information Security. Mason: Cengage Learning.

Similar Documents

Premium Essay

Security Authentication

...Security Authentication Process CMGT/400 February 9, 2013 Anthony Seymour Security Authentication Process Like most people who are computer users, you do not simply turn on your computer and start accessing programs. There are systems put in place by the user, or the administrator of the network to ensure that the properly authorized people gain access to their information. Specific profiles are created to differentiate amongst the users that allow each unique user to create, delete, and print or any other process they have access to. The process needs to be thoroughly planned out, and there also has to be a determination how whether it will be managed locally, or by third party software. This management of access controls actually comes in four different steps. The steps are: Identification, Authentication, Authorization, and finally, Accountability. No administrator worth his salt will incorporate any sort of security authentication process without these four basic steps. A properly configure authentication process will protect your network from such threats as password cracking tools, brute force attacks, the abuse of system rights and outright impersonation of authenticated users. Identification is the first of the four steps of the security process. Anyone that wishes to gain access to a system is referred to as a supplicant, and the tool that they use to gain entry to the system is referred to as an Identifier. This identifier can be a myriad of different......

Words: 1640 - Pages: 7

Free Essay

Authentication

...When it came to writing the report it was definitely a long and tedious process. The way I attacked it was that I chose a topic, which was assisting in the redesign of a community association web site. Once that was determined I made sure to give myself plenty of time to get the report done. I took it one day at a time and made sure that everything I wrote was thorough and to the point. I broke down the information I gathered in to different sections such as what were the needs, requirements, what was a plausible idea and what options were just not obtainable. I completed one section at a time, and then I went through an found supporting references for specific items in my report. I organized the information in a way that flowed and made the report easy to read, I wanted to make sure that it went in order and the audience was aware of what was happening and that they were well informed of the information I was putting forth. I did my audience analysis after I completed my proposal. There was no real reason why I did it this way it just made sense to me to put my thoughts on paper and then decide what kind of audience I was addressing. What I have learned from developing these reports is that it actually takes a lot longer then I thought it would take. I thought I would be able to sit down one day and put everything together in that one sitting. Was I wrong and I’m glad that I realized that early on, because if I had put this off to the last minute I would be suffering....

Words: 795 - Pages: 4

Free Essay

Sql Server Authentication

...Windows Authentication on Microsoft SQL Server Introduction Microsoft SQL Server offers two types of security authentication: SQL Server authentication and Windows authentication. SQL Server authentication authenticates the user to the database using a database user name and password. Windows authentication is also referred to as "Windows Integrated Security" or a "trusted connection" because it relies on the user being authenticated, or “trusted,” by the operating system. Windows authentication is the authentication mode recommended by Microsoft. Windows authentication takes advantage of Windows user security and account mechanisms. By allowing Microsoft SQL Server to share the user name and password used for Windows, users with a valid Windows account can log into Microsoft SQL Server without supplying a user name and password. In addition to a single login within a Windows domain, Windows authentication provides a more secure mechanism for logging into Microsoft SQL Server. Standard Windows security mechanisms also provide the added advantages of auditing, password aging, minimum password length, and account lockout after multiple invalid login requests. The DataDirect Connect® for JDBC® SQL Server driver is the only JDBC driver for Microsoft SQL Server that provides two methods for supporting Windows authentication, a Pure Java (Type 4) implementation and a Windows-specific (Type 2) implementation. The Windows-specific implementation requires minimal configuration to......

Words: 2311 - Pages: 10

Premium Essay

Ssl Authentication

...SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser; or a mail server and a mail client (e.g., Outlook). SSL allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely. Normally, data sent between browsers and web servers is sent in plain text—leaving you vulnerable to eavesdropping. If an attacker is able to intercept all data being sent between a browser and a web server they can see and use that information. More specifically, SSL is a security protocol. Protocols describe how algorithms should be used; in this case, the SSL protocol determines variables of the encryption for both the link and the data being transmitted. SSL secures millions of peoples’ data on the Internet every day, especially during online transactions or when transmitting confidential information. Internet users have come to associate their online security with the lock icon that comes with an SSL-secured website or green address bar that comes with an extended validation SSL-secured website. SSL-secured websites also begin with https rather than http. All browsers have the capability to interact with secured web servers using the SSL protocol. However, the browser and the server need what is called an SSL Certificate to be able to establish a secure connection. SSL Certificates have a key pair: a public......

Words: 999 - Pages: 4

Premium Essay

Security

...have a total of 5,000 employees who use desktops, laptops, and wireless devices. All offices deal with several sensitive applications. Management from each office shares application information hosted at the corporate office. Instructions: Based on the security objectives in the following table, design an enterprise encryption strategy—a public key infrastructure (PKI) that supports internal employees, external business partners, and clients. Include the design and reasoning for using the selected encryption strategy. |Security Objective |Description | |Privacy or confidentiality |Keeping information secret from all but those who are authorized to see it | |Integrity |Ensuring information has not been altered by unauthorized or unknown means | |Entity authentication or |Corroborating the identity of an entity, for example a person, a computer terminal,| |identification |or a credit card | |Message authentication |Corroborating the source of information, also known as data origin authentication | |Signature |Binding information to an entity | |Authorization |Providing conveyance, to another entity, of official sanction to do or be......

Words: 343 - Pages: 2

Premium Essay

Security

...Michigan Technological University Information Security Plan The Information Security Plan establishes and states the policies governing Michigan Tech’s IT standards and practices. These policies define the University’s objectives for managing operations and controlling activities. These top-level policies represent the plans or protocols for achieving and maintaining internal control over information systems as well as compliance with the requirements imposed on the University. INFORMATION SECURITY PLAN Approval by Information Security Board of Review Members Information Security Plan Rev: 3 – 10/13/2011 Page 1 Information Security Plan Table of Contents 1 2 3 4 5 6 7 8 EXECUTIVE SUMMARY ................................................................................................................. 4 PURPOSE............................................................................................................................................. 4 SCOPE .................................................................................................................................................. 5 DEFINITIONS ..................................................................................................................................... 5 IT GOVERNANCE COMMITMENTS & RESPONSIBILITIES .................................................. 6 UNIVERSITY POLICY STATEMENT .........................................................................................

Words: 10423 - Pages: 42

Premium Essay

User Authentication: Doing Us a Disservice

...ANTIA, GODWIN COURSEWORK ASSINGMENT 2013 USER AUTHENTICATION: DOING US A DISSERVICE INTRODUCTION: Several Years ago the growth of internet wasn’t rapidly and there were few limited online application. Today, almost everything that can be done offline has an online counterpart. This goes from simple email, access to paying your bill online (Roger ,M.and Carlos,C., 2007). Therefore, authentication is a process in which a user is asked to identify itself by providing certain details. Authentication has become the most integral part of all web based application nowadays. The most used form of authentication is the password and pin approach. Internet usage and online application are experiencing spectacular growth worldwide; there are over a billion internet users at present which utilises the use of the internet. Authentication is necessary in our everyday business because it will cut down the rate of identity theft and also stabilize confidentiality. User authentication faces a major problem as many security geniuses came out to proof that no single security completely protects users from theft. This essay will describe the limitations that can occur in practice of authenticating a user. It will help improve the reader’s knowledge on issue with authentication process, which is done according to the level of authentication. It will review the state of practice of a user authentication; also evaluate the authentication process with three website such as Facebook, Barclays......

Words: 3317 - Pages: 14

Premium Essay

Security Authentication

...Securing and Protecting Information Authentication is a very common aspect of today's technology world. Anyone that uses a computer or mobile device has most likely used some form of it when logging into school accounts, shopping online, using social media, or accessing systems at work. What most individuals do not realize is that there are differing forms of authentication and ways it is used. Additionally, most people will not have any idea what is going on behind the scenes during authentication. He or she only knows that a login ID and password are required to gain access to the system. What is Authentication? The authentication process and other considerations affect the entire design and development for information systems. This and other preventative measures are used for securing data over a variety of systems. In order to learn about the authentication process, first it must be understood what security authentication is. The commonly accepted definition of security authentication is, according to “The business Of Authentication” (n.d.) “…the process of determining if a user or identity is who they claim to be. Authentication is accomplished using something the user knows (e.g. password), something the user has (e.g. security token) or something of the user (e.g. biometric) (para. 1). The important terms here are something the user has and something the user knows. In early authentication processes like automated teller machines (ATM), this idea was......

Words: 1455 - Pages: 6

Premium Essay

Security Risk Assessment Process

...Security Risk Assessment P1. Operational risk assessment is the process of determining what threats and vulnerability’s affect an organizations critical business processes. Operation risk assessment is a life cycle process that needs to be conducted often to determine if there are new threats and vulnerability’s to the organization. Without conducting a routine risk assessment an organization is left with exposure to hazards and accidents which lead to a loss. An operational risk assessment consist of risk identification, risk analysis and risk evaluation. The assessment is used to create a risk management policy which gives the best courses of action to mitigate from any threat and vulnerability’s. A risk is the possibility of a loss from exposure to a hazard by conducting an operational risk assessment the end result is to reduce the amount of risk to a project, equipment and personnel. Management are the ones who use risk management to minimize loss which reduces monetary loss and time for the organization. P4. The information assurance control procedures are the identification of assets, the classification of assets. The goals are to protect the confidentiality, integrity of availability of information by providing control measures. They are important because a company assets need to controlled due to so many exposures. The control procedures are used as a set of process and guidelines to ensure that an asset is classified correctly and given the correct level of......

Words: 1525 - Pages: 7

Free Essay

Viewing Business Process Security from Different Presepctives

...Viewing Business-Process Security from Different Perspectives Author(s): Gaby Herrmann and Günther Pernul Source: International Journal of Electronic Commerce, Vol. 3, No. 3, Developing the Business Components of the Digital Economy (Spring, 1999), pp. 89-103 Published by: M.E. Sharpe, Inc. Stable URL: http://www.jstor.org/stable/27750897 . Accessed: 31/01/2015 04:15 Your use of the JSTOR archive indicates your acceptance of the Terms & Conditions of Use, available at . http://www.jstor.org/page/info/about/policies/terms.jsp . Viewing Business-Process Security fromDifferent Perspectives Gaby Herrmann and G?nther Pernul are crucial success factors inelectronic commerce. ABSTRACT: Security and integrity a framework that includes the securityand integrity This paper offers requirementsof business processes in businessprocess execution. An themodeling and refinement securityand integrity of requirements. High-level security of requirements business processes are viewed fromfivedifferent perspectives. The tasks involved in the different perspectives are described, and the modeling of security re quirements isoutlined by focusingon the example of the legal binding of contracts. KEYWORDS binding, important part of the framework is AND PHRASES: Business process, business-process reengineering, legal semantics. security of markets in recent years, many enterprises Because of the globalization have located their offices and production sites all...

Words: 6003 - Pages: 25

Premium Essay

User Authentication for Network Environment

... CHAPTER ONE INTRODUCTION 1. BACKGROUND OF THE STUDY User authentication for network or internet based environment posed a challenging task for system and network administrator. This statement is true and is still very much applicable till these days as it is a well known fact that authentication is being widely incorporated as part of access control for most systems. Authentication has been the catalyst for business organization in information protection and security. Implementation of access control policies, standards or procedures involves the identification of appropriate authentication mechanism whereby the criticality of the information being protected are being used as justification for having a more refined authentication mechanism as compared to a more simple approach. Without the appropriate authentication mechanism in place, attacker could easily gain access to systems or applications by utilizing personal information, gained through various means, including but not limited to social engineering. Conventional textual passwords are the most common mechanism used in authentication. This method requires a user to enter their username and password, either in alphabet or numeric, or more commonly, a mixture of both forms as authentication tokens to gain access to systems or applications. Two recent surveys have shown that users choose short, simple passwords that are easily guessable, for example, “password”, personal names of family members,......

Words: 17307 - Pages: 70

Free Essay

Hybrid Security Approach for Nodes Authentication in Wireless Sensor Network Using Cellular Automata

...Applications of WSN . . . . . . . . . . . . . . . . . . . . . . . . . Security Threats in WSN . . . . . . . . . . . . . . . . . . . . . . 4 Cellular Automata 4.1 Reversible Cellular Automata 5 Deployment issues in WSN with specific focus on authentication 5.1 5.2 Authentication of Cluster Head and Base Station . . . . . . . . . Authentication of Nodes . . . . . . . . . . . . . . . . . . . . . . . 12 13 13 14 15 15 15 16 6 Schemes as well as Supporting claims 6.1 6.2 6.3 Cloning attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . Replay Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Man-in-the-middle . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Conclusion List of Figures 1 2 3 4 5 Wireless sensor Network . . . . . . . . . . . . . . . . . . . . . . . Components of Sensor Nodes . . . . . . . . . . . . . . . . . . . . WSN with three types of sensor nodes . . . . . . . . . . . . . . . Elementary CA . . . . . . . . . . . . . . . . . . . . . . . . . . . . Reversible Cellular Automata . . . . . . . . . . . . . . . . . . . . 1 5 6 7 10 11 The Term Paper Based on ”Hybrid security approach for nodes authentication in wireless sensor network using cellular automata” by Herve Kabamba Mbikayi November 11, 2014 Abstract Author Mbikayi had proposed in this paper a computationally efficient security scheme for identifying network members in wireless sensor networks. The authentication process is done by first identifying the base station as being the......

Words: 4368 - Pages: 18

Free Essay

Biometric Authentication System

...Biometric Authentication System for Information Security Objective To explain about biometric system that can be used by the organization. By understand the biometric differences; organization can decide which technique is the most suitable for the business. Methodology The method used to know about biometric is scientific literature which will develop quantitative identification as the measurement for the authentication. Outcome To give better understanding about biometric system, biometric techniques as well as the advantages and disadvantages of biometric use in organization. Conclusion Organization can understand better value of biometric system and what is needed to implement the biometric system into the company. Keywords Biometrics CHAPTER I INTRODUCTION 1.1 Background Since January 2008, the technology had developed rapidly causing the world advancing towards a new era. A survey on 2008 had estimated about 541.7 million computers are connected in more than 250 countries on every continent even Antarctica. The internet is not a single network but it is a worldwide network that connected every individual computer hosts to network connection, in a variety ways. Thus, individuals and organizations can reach the internet without regard to national or geographic boundaries or time of day. However, along with the advantages and easy access to get information, there are also many risks such as the valuable information will be lost, stolen, changed or......

Words: 5215 - Pages: 21

Premium Essay

Security

...Department of Commerce An Introduction to Computer Security: The NIST Handbook Special Publication 800-12 User Issues Assurance Contingency Planning I&A Training Personnel Access Controls Audit Planning Risk Management Crypto Physical Security Policy Support & Operations Program Management Threats Table of Contents I. INTRODUCTION AND OVERVIEW Chapter 1 INTRODUCTION 1.1 1.2 1.3 1.4 1.5 Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Important Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Legal Foundation for Federal Computer Security Programs . 3 3 4 5 7 Chapter 2 ELEMENTS OF COMPUTER SECURITY 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 Computer Security Supports the Mission of the Organization. 9 Computer Security is an Integral Element of Sound Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Computer Security Should Be Cost-Effective. . . . . . . . . . . . . . . . 11 Computer Security Responsibilities and Accountability Should Be Made Explicit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Systems Owners Have Security Responsibilities Outside Their Own......

Words: 93588 - Pages: 375

Premium Essay

It Security

...Information Security Policy University of Phoenix IT/244 Intro to IT Security Instructor’s Name: Mark Cherry Date: 03/11/2012 * Table of Contents 1. Executive Summary 1 2. Introduction 1 3. Disaster Recovery Plan 1 3.1. Key elements of the Disaster Recovery Plan 1 3.2. Disaster Recovery Test Plan 1 4. Physical Security Policy 1 4.1. Security of the facilities 1 4.1.1. Physical entry controls 1 4.1.2. Security offices, rooms and facilities 1 4.1.3. Isolated delivery and loading areas 2 4.2. Security of the information systems 2 4.2.1. Workplace protection 2 4.2.2. Unused ports and cabling 2 4.2.3. Network/server equipment 2 4.2.4. Equipment maintenance 2 4.2.5. Security of laptops/roaming equipment 2 5. Access Control Policy 2 6. Network Security Policy 3 7. References 3 Executive Summary This plan seeks to provide the best security available while keeping cost at a minimum. The security plan will implement the best software available along with other security measures to keep all information as secure as possible. The plan should be able to provide top notch security measures with the least amount of monitoring and maintenance. The plan should be fully active and available in the least amount of time with the least amount of disruption from day to day business. Project constraints will be mostly likely be in the cost sector, this may delay certain implantation of security measures but should not delay......

Words: 2076 - Pages: 9