LinkedInGitHubPortfolioMediumTwitter

2.4 Authentication and Authorization Design Concept

Authentication Methods

Directory services = keeping all of an organization's usernames and passwords in a single database - all authentication requests reference this directory - Active Directory using Kerberos or LDAP

Federation = establishment of mutual trust between separate IT systems and organizations, enabling them to share resources and data securely. - often used in identity management, where users from one domain can access resources in another domain without needing separate credentials for each system - SSO, Trust Relationships - standards and protocols = SAML (XML based), OAuth (mostly for API), OpenID (mostly for web)

Attestation = prooving the device is yours, process of validating the integrity and authenticity of a system - hardware attestation = involves verifying the integrity of the hardware components of a system, often using Trusted Platform Modules (TPMs) - software attestation = involves ensuring that the software running on a system is genuine and has not been altered. It often uses cryptographic techniques to verify the integrity of software

Biometrics

Fingerprint scanners, retinal scanners, iris scanner, voice recognition, facial recognition, gait analysis, veins analysis, knuckle analysis

Multi-factor Authentication

AAA framework (authentication, authorization, accounting) Identification = this is who you claim to be - username Authentication = prove you are who you say you are - password and other authentication factors Authorization = based on your identification and authentication, what access do you have? Accounting = resources used: login time, data sent and received, logout time

Multi-factor authentication factors: - something you know = passwords, PIN, patterns , username - something you have = smart card, USB token, hardware/software tokens, your phone - something you are = biometric authentication attributes: - somewhere you are = based on your location, IP address, GPS - something you can do = handwriting analysis, biometric - something you exhibit = unique trait personal to you, gait analysis, typing analysis - someone you know = social factor, web of trust, digital signature

Previous2.3 Secure Application Development, Deployment, and AutomationNext2.5 Cybersecurity Resilience

Last updated

Was this helpful?