Authentication Methods Overview

Overview

This lecture reviews the main authentication methods used in information systems, covering their concepts, strengths, weaknesses, and future trends, with a focus on biometrics and keystroke dynamics.

Key Concepts of Authentication

Identification, authentication, and authorisation are separate but related steps in security systems.
Authentication confirms that a user is who they claim to be, using proofs like passwords or biometrics.
Authorisation determines what resources or operations an authenticated user may access.
The authentication process involves enrolment (user registration), selection of channel (secure/insecure), and verification steps.

Authentication Factors

Four main authentication factors: something the user knows (password), owns (token), is (biometric), or does (gesture).
A fifth factor can be location or time (“somewhere the user is”).
Using multiple factors (multi-factor authentication) can increase security but may also impact usability.

Common Authentication Methods

Static authentication by shared secret: Most common; uses passwords or PINs but is vulnerable to theft, replay, and guessing attacks.
One-time password (OTP) tokens: Generate a new password for each use; protect against replay attacks but require synchronization.
Cryptographic challenge-response: Proves knowledge of secret without sending it; strong security but may require expensive infrastructure.
Radio Frequency Identification (RFID): Used for item identification and access control; susceptible to wireless attacks if not combined with additional protection.
Biometrics: Uses physical or behavioral traits for authentication (fingerprints, face, keystroke dynamics, etc.); strong link to user but raises privacy and permanence issues.

Biometrics and Keystroke Dynamics

Biometrics divided into morphological, behavioral, and biological traits.
Keystroke dynamics analyzes individual typing patterns as a behavioral biometric.
Advantages: difficult to copy, low cost for behavioral biometrics like keystroke dynamics.
Limitations: enrollment complexity, possible errors, variability between authentications, and privacy concerns.
Soft biometrics use non-unique traits (e.g., gender, age) to complement standard biometrics.

Comparative Analysis of Methods

Simpler methods (like passwords) are more popular and easier to use but less secure.
Stronger methods (biometrics, challenge-response) offer higher security but cost more and may face acceptance issues.
No single method fits all needs; usability and acceptance are critical for successful deployment.

Future Trends and Conclusions

Emphasis on stronger, user-friendly authentication, especially biometric-based solutions.
Keystroke dynamics is promising due to low cost and minimal hardware requirements.
Passwords are increasingly seen as inadequate alone, but all methods have trade-offs between security, cost, and usability.
Privacy concerns and the potential for biometric data theft require continued innovation.

Key Terms & Definitions

Authentication — The process of verifying an entity’s identity.
Authorisation — Granting access rights to authenticated users.
Enrolment — Registration step where user credentials or biometrics are captured.
One-time password (OTP) — A password valid for only one login session or transaction.
Challenge-response — Authentication method where the system asks a question and expects a valid answer based on a secret.
Biometrics — Authentication using unique physical or behavioral traits.
Keystroke dynamics — Biometric authentication based on the way a person types.
Soft biometrics — Traits like gender or age used to supplement primary biometric data.

Action Items / Next Steps

Review the strengths and weaknesses of each authentication method.
Consider usability and security when selecting an authentication approach.
Read more about soft biometrics and keystroke dynamics for future assignments.