5 Authentication
5.1 Types of authentication mechanisms

Based on listed authentication types the following groups of authentication mechanisms can be listed.

Biometrics

Biometrics is the comparison of anatomical, physiological and behavioral characteristics of a person. Biometric authentication mechanisms fall into two basic categories:

  • Behavioral biometrics - based on the movements, e.g. the user handling the computer mouse, latency, or the dynamics of keystrokes or signature dynamics.
  • Physiological characteristics - based on fingerprints, voice, pupil, feature characteristics of face, hand or finger geometry or even the shape of user’s ear.

It’s difficult to compare biometric technologies within each other. Each has a different range of accuracy, reliability and usability. In case of usability the simple biometric is face detection. Conversely methods that require specific position of the body to the sensor (iris detection), and are thus less comfortable to use, can achieve more accurate results.

Memometrics

This type of authentication mechanism is based on generating random sequences of letters or numbers, called password in case is word or the PIN if it is a numerical expression or passphrase if it contains more than one word. Passwords can be also in semantic form.

Password types:

image
Fig. 4.2 – Basic principle of semantic password

Cognometrics

Idea graphical authentication is based on the user's visual memory. Scientific studies point to the fact that the human being has a huge and practically unlimited possibilities to remember the pictures [9].

Graphic codes are gaining popularity especially in the case of mobile or tablets technologies, e.g. to unlock mobile phone. There are two main principles:

  • graphic codes based on recognition - the user selects the target image between the amount of disturbing elements in the scene. This approach is purely based on visual memory. The aim is to recognize previously seen object between the amounts of the other.
  • graphic codes based on the position - user with this principle must draw a pattern, usually in the grid, which requires visual-spatial memory and precise movement.

Ownership

Authentication can be based on something that a user owns. This object is token. A good example is the token SecureID from RSA Security in Fig. 4.3. [15]

image
Fig. 4.3 – Token example: SecureID – RSA Security

Token through a cryptographic function that combines the lock and a secret key, create a numerical code displayed on the LCD. To authenticate user type number from SecureID. The authentication server also knows the secret key stored in the user's token, as well as the time and date. Based on this knowledge the authentication server performs the same cryptographic functions. For successful authentication, the generated value must match the value that was inserted by the user.

Another type of authentication token is the one with USB (Universal Serial Bus) interface.

Tokens are provided as software (SW) or hardware (HW).

The main disadvantage of HW token is that user has to always carry it.

The SW tokens are stored in users PC or laptop. In this case user can access the system only from PC where the token is stored.