Thursday, 28 June 2012

Multi-factor Authentication

There are three regulatory approved factors of authentication, all forms of authentication can be grouped under one of the following:
  • Something you know
  • Something you have
  • Something you are
Two-factor authentication is when two of those three authentication types is used in conjunction with each other. The most commonly seen use of this is debit/credit cards(something you have) with a pin(something you know).

Something you know

The weakest form of the three and the most commonly seen in the form of passwords or pins. One of the most troublesome issues with this form is that there is no regulation around how it is kept secure. A password can be shared or exposed through many methods without the keepers knowledge. Often there are technical constraints imposed on the creators of passwords which limits their entropy and the keeper needs to be able to remember them which makes it easy for them to be guessed.

Something you have

This form of authentication has been around for centuries, most commonly seen in the form of a key to a lock. The formal description for this is that the key embodies a shared secret between the lock and the key.
There are four ways of attacking such a system:
  • Attack the authenticator or management system to try determine the secret.
  • Steal the 'something you have'
  • Make a copy of the 'something you have'
  • A man-in-the-middle attack where the attacker sits in between the communication channel of each entity

Something you are

The strongest factor of authentication and typically seen in the form of biometrics, something you are can compose of many things such as finger prints, iris scans, voice patterns etc. They are very susceptible to replay attacks.
Posted by at
Labels: , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)