2. IDENTIFICATION
• An assertion of who we are
• examples :
• Who we claim to be as a person
• Who a system claims to be over a network
• Who the originating party of an email claims
3. METHODS OF IDENTIFICATION
• Full names
• Account numbers
• IDs
• Usernames
• Fingerprints
• DNA samples
• etc
4. IDENTIFICATION
Who we claim who we are, in many
cases, be an information is subject
to change.
Thus, an unsubstantiated claim of
identity is not reliable information on
its own.
5. IDENTITY VERIFICATION
• establish a mapping from a person’s/system’s identity to
their real life identity
• Example :
• Show of IDs or other form of identification
6. FALSIFYING IDENTIFICATION
• Methods of identification are subject to change. As such,
they are also subject to falsification.
• Identity theft is a major concern today occurring due to
lack of authentication requirements for many activities in
which we engage.
7. AUTHENTICATION
• Set of methods use to establish a claim of identity as
being true.
• FACTORS
• Something you know
• Something you are
• Something you have
• Something you do
• Where you are
8. SOMETHING YOU KNOW
• Any information that a person can remember to claim to
authenticate who he/she is
• Examples :
• Passwords, PINs, passphrases
• Weak factor since when exposed, this can nullify the
uniqueness of our authentication method
9. SOMETHING YOU ARE
• Based on relatively unique physical attributes of an
individual often referred to as BIOMETRICS
• Examples :
• Height, weight, color, fingerprints, retina,
10. SOMETHING YOU HAVE
• Based on possession of an item or device also extending
into some logical concepts
• Examples :
• ATMs, SSS Card, software based security token
11. SOMETHING YOU DO
• Variation of something you are based on actions or
behaviors of an individual
• Examples :
• Handwriting, delay between keystrokes as he types a passphrase
13. MULTIFACTOR AUTHENTICATION
• The use of two or more factors in determining the identify
of a person as true.
• Example :
• ATM for something you have while PIN for something you know
14. MUTUAL AUTHENTICATION
• Refers to an authentication mechanism in which both
parties authenticate each other.
• Problems without mutual authentication :
IMPERSONATION ATTACK where an attacker inserts
himself between the client and the server impersonating
the client to the server and the server to the client
• Can be used in combination with multifactor
authentication
15. PASSWORDS
• One example of a single factor authentication
• Passwords must be strong/complex to prevent BRUTE
FORCE CRACKING trying every possible combination of
characters that the password can be composed of until
we tried it all.
• Practice good password hygiene. Passwords should not
be just anywhere for people to snoop around.
• Passwords should not be similar to other user accounts
you have to avoid MANUAL SYNCHRONIZATION OF
PASSWORD
16. BIOMETRICS
• refers to or metrics related to human characteristics and
traits is used in computer science as a form of
identification and access control
• BIOMETRIC IDENTIFIERS are the distinctive,
measurable characteristics used to label and describe
individuals
17. CATEGORIES OF BIOMETRICS
• PHYSIOLOGICAL
• Anything related to the shape of the body.
• Examples:
• fingerprint, palm veins, face recognition, DNA, palm print, hand
geometry, iris recognition, retina and odor/scent.
• BEHAVIORAL
• related to the pattern of behavior of a person,
• Examples : typing rhythm, voice
18. FACTORS ASSESSING SUITABILITY OF A
BIOMETRICS FOR AUTHENTICATION
• Universality
• Uniqueness
• Permanence
• Collectability
• Performance
• Acceptability
• Circumvention
19. FACTORS ASSESSING SUITABILITY OF A
BIOMETRICS FOR AUTHENTICATION
• UNIVERSALITY
• Find a biometric characteristics in the majority of the people we
expect to enroll in the system.
• ENROLLMENT – recording a biometric characteristic from the
user.
• UNIQUENESS
• Measure of how unique a particular characteristic is among
individuals.
20. FACTORS ASSESSING SUITABILITY OF A
BIOMETRICS FOR AUTHENTICATION
• PERMANENCE
• Biometric characteristic tested how well it would resists change
over time and with advancing age.
• COLLECTABILITY
• How easy to acquire a characteristic which we can later
authenticate the user.
• PERFORMANCE
• Set of metrics of how well a given system functions
• Factors to consider : speed, accuracy and error rate
21. MEASURING PERFORMANCE OF A
BIOMETRIC SYSTEM
• FALSE ACCEPTANCE RATE
• Occurs when we accept a user whom we should actually have
rejected also referred as FALSE POSITIVE
• FALSE REJECTION RATE
• Problem of rejecting a legitimate user when we should have
accepted referred to as FALSE NEGATIVE.
• EQUAL ERROR RATE
• Balance between the two error types. It is the intersection of False
Acceptance Rate and False Rejection Rate.
• Used as a measure of the accuracy of biometric system
22. ISSUES ON BIOMETRIC SYSTEM
• Some might be falsified
• Privacy in the use of biometrics