How Authentication Works — An Introduction
What is authentication
The dictionary meaning of the word authentication is “the process or action of proving or showing something to be true, genuine, or valid.” While this definition is generic nist.gov has defined it in the context of cyber security “Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system.”
In simple words, the system needs to know who is attempting to access the digital resource.
User Authentication
The user identification can be classified as follows:
Something you know
This type of authentication requires the user to memorize a certain sequence/pattern of information. This allows verification of the identity of the person who knows the pattern. Password or PIN are common examples of this. Most websites require the user to memorize a password along with their username to verify genuine users.
Something you have
This type of authentication requires the user to possess an identifying object that allows the system to verify the user. The user needs to carry this identifying object at the time of access. One of the common examples of this is OTP where we take advantage of something(email/smartphone) that the user has to verify the genuineness of the access.
Something you are
This type of authentication uses the uniqueness of each user to verify the identity. This is the easiest for the user as there is no need to carry or memorize anything special. The access is provided by virtue of the uniqueness present in each user. Typically, this information is a bio-metric characteristic like fingerprints or voice.
Server Authentication
The above methods cover all the ways the system can authenticate the users. But authentication is in no way a one-way street. It is important to authenticate the user to ensure the confidentiality of the resources. But it is also important to authenticate the systems before the users access the resources. This allows us to ensure the integrity of the resources in access. One of the common examples of server authentication is SSL certification. If a user is trying to access any website, let us say Google, the user can verify if the information is coming from Google or some other company that is claiming to be Google.
Common Authentications Mechanisms
There are many authentication mechanisms designed to ensure confidentiality and integrity. Here are the top 4 mechanisms
- Secure Shell(SSH) — An Introduction
- SSL-based Security — An Introduction
- Password-based Authentication — An Introduction
- Oauth2 Authentication — An Introduction
Authentications in Real Life
Each of these mechanisms is robust by itself but in real life, they are commonly used in tandem to ensure the security of the systems that contain user data. It is a common practice for servers to implement the top 3 mechanisms together.
Since most of the servers use Linux operating systems, the systems will have an authentication setup that is based on SSH keys.
Conclusion
In conclusion, authentication serves as a crucial pillar in the realm of cybersecurity, safeguarding digital resources and ensuring the integrity of information systems. As the process of proving and verifying the legitimacy of users, devices, and processes, authentication methods can be categorized into three fundamental factors: something you know, something you have, and something you are. These factors create a multi-layered approach to user authentication, offering a diversified arsenal against unauthorized access. By demanding the user’s knowledge, possession, or unique biometric characteristics, systems can confidently ascertain the authenticity of those seeking access.
