Resources
Identity Use Cases & Scenarios.- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- D3.1: Overview on IMS.
- D3.2: A study on PKI and biometrics.
- D3.3: Study on Mobile Identity Management.
- D3.5: Workshop on ID-Documents.
- D3.6: Study on ID Documents.
- D3.7: A Structured Collection on RFID Literature.
- D3.8: Study on protocols with respect to identity and identification – an insight on network protocols and privacy-aware communication.
- D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management.
- D3.10: Biometrics in identity management.
- D3.11: Report on the Maintenance of the IMS Database.
- D3.15: Report on the Maintenance of the ISM Database.
- D3.17: Identity Management Systems – recent developments.
- D12.1: Integrated Workshop on Emerging AmI Technologies.
- D12.2: Study on Emerging AmI Technologies.
- D12.3: A Holistic Privacy Framework for RFID Applications.
- D12.4: Integrated Workshop on Emerging AmI.
- D12.5: Use cases and scenarios of emerging technologies.
- D12.6: A Study on ICT Implants.
- D12.7: Identity-related Crime in Europe – Big Problem or Big Hype?.
- D12.10: Normality Mining: Results from a Tracking Study.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
D3.2: A study on PKI and biometrics
 |
Title: THE IMPORTANCE OF THE AUTHENTICATION PROCESS |
 |
The Importance of the Authentication Process
The process of authentication consists of establishing a link between a physical person and a corresponding digital identity. In the physical world, this link is often established through the use of an official document, such as a passport, established by a government entity. With a passport, the link between the physical person and the digital data entered in the passport (for example name, date of birth or nationality) is established with the help of a photograph and occasionally a signature or as is the cases in Portugal, a fingerprint.
Figure 2‑: Authentication is a process used to link a physical person with a chosen identity
With the advent of computer systems and the need for heightened measures to fight criminal activity, new methods for authentication have been required to provide means to authenticate a person remotely (to log in remotely to a computer for example), and make it more difficult to forge an identity. However, the worthiness of the authentication document is directly related to the trust in the body that created the document, and the process used to establish a match with the physical person.
Authentication is today performed using a combination of methods, but has largely remained unchanged despite the availability of technology to strengthen the process. Recent developments, such as the terrorist attacks in September 2001, Internet-based financial scams and identity fraud have shed new light on the weaknesses in the systems currently in place and generated an overall push for increased levels of authentication security.
PKI as a Logical Basis for a Secure Authentication Infrastructure
Authentication has two facets. On one side authentication mechanisms serve to establish secure and authentic communication links between hardware components of a network. On the other side authentication should also guarantee that only authorised persons get access to certain resources.
For the machine authentication tasks, cryptographic secured protocols for all kinds of communication channels and network architectures have been developed. A public key infrastructure (PKI) provides the necessary mechanism and instances of trust for establishing a secure, efficient and auditable management of keys for the establishment of the cryptographic secured communication links. If applied and implemented in a proper way, a PKI and the related mechanisms provide strong protection against intruders.
Figure 2‑: The process of authenticating an individual is typically the weakest part of the system
The Weak Link in the Authentication & Verification Chain
Much less obvious is the secure authentication of persons. Persons will not accept complicated protocols and cannot perform in a cryptographic dialog. Until recently, the problem has been circumvented by asking for the knowledge of a secret password or PIN-code from a person on the request to become an authorised user. However, it is a well-known fact that people neither choose strong passwords nor treat passwords as highly valuable secrets. The average user will always optimise ergonomic convenience regardless of security considerations. The result is an unbalanced security situation with a clear weak spot at the point where a physical person is linked to her digital identity. Social engineering attacks make this weakness obvious, with phishing being the best known but not by far the only such threat. Any form of masquerading or man-in-the-middle attacks may break the fragile chain of trust between a physical person and their identity credentials.
Solutions exist today to provide authentication of persons at much higher security levels. However, the hard problem in all security, and especially in all authentication schemes, is the integration of the human user in the security chain. Organisations need highly secure and user friendly authentication with no compromise on privacy, mobility or cost efficiency. The use of PKI to secure digital identity credentials and strong links of these credentials, based on biometrics and other authentication methods, to the physical person can potentially provide a solution to the problem.
| |
   |
|
| Denis Royer | 4 / 40 |
