Remote user Authentication principles

-

 

User Authentication

User Authentication:

User Authentication as we are all know that" Uses Authentication" means verifying whether he/ she is a correct / Authorized user) this is to be identified before communicating with him.  THIS processes is called " User Authentication" . 


 Remote user Authentication principles :

(1) It is the Fundamental security building block.

(2) It is the Basic of access control && User accountability.

(3) It is the process of verifying an identity claimed by / For a system entity.

Note: Generally, System may Require many kinds of Credentials like passwords &, we are keeping these passwords as secret only these passwords are known By authorized Systems.


mainly there are a steps that are present in the process, of Authentication. They are:

1) Identification - Specify identifier

2) Verification - Bind entity / person and identification.


(1) Identification Step:

Presenting an identifier to the Security System.

There are 4 general means of authenticating a users identity, which can be used alone, in combination.


1. something the individual Knows:

password


Examples include like a password, a personal identification. Number (PIN), answers to a pre-arranged set of Questions. All these are comes under this particular.


2. Something the individual possesses:

Cryptographic keys


Examples include like Cryptographic keys, electronic key cards, Smart cards & physical Keys this is referred to as a token.


3. something the individual Uses [static Biometrics]:

retina & Face scanner

Examples Include recognition by Finger print, retina & Face .


4. Something the individual uses [Dynamic Biometrics]: 

 typing rhythm


Examples Include Recognitions By Voice, pattern, hand writing characteristics, and typing rhythm.


5. Verification step:

Presenting / Generating Authentication information. that corporate the binding Between the entity and the Identification.


Note: that means Normally, to Verification step, the System Receiving the information Like credentials From individual then the system checking whether the Credentials provided by the individual are valid / Not. * If the credentials provided by the individual are Valid then we can say that the Authentication is Successful otherwise Not.


There are 2 types of Authentication's. They are: 

(1) Mutual Authentication

(2) One-way Authentication


(1) Mutual Authentication :

      Mutual Authentication



It is used when two sides of a communication. channels Verify each others identify, instead of only one Side Verification. It is Also called As "two-way Authentication" the process Goes in both Directions.


Note: In mutual Authentication, there is a chance for Replay Attack


The various Replay attacks are listed below:

i . Simple Relay:

The opponent simply copies a message and Replays it later.


ii. Repetition that can be logged:

An opponent can Replay a time stamped that cannot msg within the valid time Window.


iii. Repetition that can't be Detected:

This situation could Arise because the original message could have been supreme & those Did not Arrive at its Destination only the Relay message Arrives


 Iv. Backward Replay without modification:

This is a replay Back to the msg sender. This attack es possible. If symmetrical encryption is used & the Sender cannot easily recognize the Difference Blog message sent & called on the Bases of content. message Received.


Note: To avoid this Replay attack, there are 2 Approaches:

they are:

(1) Time stamp

(2) challenge & Response.


(1) Time Stamp:

It is the 1st Approach to avoid the Replay attack. In this time stamp approach, party 'A' accepts a message as Fresh only, if the msg contains a time stamp in that, as 'A' will have a knowledge of the current time.


(2) Challenge/Response:

It is the and Approach. In this party 'A' expecting a Fresh msg from Party 'B'.

* First, B sends a B notice [challenge] to Party 'A', after that, the party 'B' receives the subsequent msg [Response] from party 'A', which contains the correct" Nonce Valve.


Note: Nonce is a private Number which used in a communication. The Above are the a approaches used. for the Avoiding Replay Attack.


2. One-way Communication:

    One-way Communication



One application for which encryption is growing in. popularity is Electronic mall [Email]. The very mature of electronic mall & its chief benefit, es that it is not necessary for the sender & Receiver to be online at the same time. Instead, the email message is Featured to the Receivers electronic mall Box, where it is buffered Until the Receiver is available to read it. 

*The envelopes / header of the e-mail message most be in the clear, so that the message can be handled by the store-and Forward e-mail protocol, such as the simple mail transfer Protocol (SMTP)



Comments

Post a Comment

Popular posts from this blog

React-JS

-
Image
Understanding React.js: The Backbone of Modern Web Development In the fast-evolving world of web development, React.js has emerged as a powerhouse framework that developers and companies are increasingly adopting to build dynamic and responsive web applications. Developed and maintained by Facebook, React.js offers a robust solution for creating user interfaces efficiently. Whether you're a seasoned developer or a newcomer to the field, understanding React.js is essential to staying relevant and competitive. This blog delves into the intricacies of React.js, its advantages, core concepts, and why it has become a go-to choice for modern web development. What is React.js? React.js, often referred to simply as React, is an open-source JavaScript library used for building user interfaces, particularly for single-page applications where you want a seamless user experience without reloading the entire page. It allows developers to create reusable UI components, which can manage their own...
Read more

E-Learning

-
Image
  Introduction to E-Learning: E-Learning, or electronic learning, refers to the use of digital resources and technology to facilitate education and training. It encompasses a wide range of learning activities conducted through the internet, from formal online courses and virtual classrooms to informal learning through educational apps and websites. E-Learning has revolutionized the way we access education, making it more flexible, accessible, and personalized. With the increasing integration of technology into our daily lives, E-Learning has become an essential part of modern education. Benefits of E-Learning: Flexibility and Convenience: One of the primary advantages of E-Learning is its flexibility. Learners can access courses and study materials at any time and from anywhere, making it ideal for those with busy schedules or other commitments. This flexibility allows students to balance their studies with work, family, and other responsibilities. Accessibility: E-Learning break...
Read more