Authentication

Authentication is the process of determining whether someone or something is, in fact, who
or what it says it is. Authentication technology provides access control for systems by
checking to see if a user's credentials match the credentials in a database of authorized users
or in a data authentication server. In doing this, authentication assures secure systems, secure
processes and enterprise information security.

Why is authentication important in Cybersecurity?

Authentication enables organizations to keep their networks secure by permitting only

authenticated users or processes to gain access to their protected resources. This may include
computer systems, networks, databases, websites and other network-based applications or
services.

Once authenticated, a user or process is usually subjected to an authorization process to

determine whether the authenticated entity should be permitted access to a specific protected
resource or system. A user can be authenticated but not be given access to a specific resource
if that user was not granted permission to access it.

C Authenticate
‘A’ as Sender

A B

Types of Authentication
1. Message Encryption

In this type of authentication, the ciphertext has been used as authenticator. It is of four
categories.

Message encryption using Symmetric key cryptography:

Sender send message to receiver by encryption and decryption using single secret key. It
maintains confidentiality and authentication both.
 Sender Encryption Decryption Receiver
using Secret Key using Secret Key
Plain Cipher Plain
Text E Text D Text

Message encryption using Asymmetric key cryptography:

Sender send message to receiver by encryption using receiver’s public key and decryption
using receiver’s private key. It maintains confidentiality but not maintain authentication.

Sender Encryption Decryption Receiver

using Public Key using Private
of Receiver Key of Receiver

Plain Cipher Plain

Text E Text D Text

Sender send message to receiver by encryption using receiver’s public key and decryption
using receiver’s private key. It maintains authentication but not maintain confidentiality.

Sender Encryption Decryption Receiver

using Private using Public Key
Key of Sender of Sender

Plain Cipher Plain

Text E Text D Text

Sender send message to receiver by encryption using receiver’s public key and decryption
using receiver’s private key. It maintains authentication and confidentiality both.
Decryption Decryption
Encryption Receiver
Sender Encryption using using Public
using Public
using Private Private Key Key of
Key of
Key of Sender of Receiver Sender
Receiver
Cipher Cipher Plain
Plain Cipher D
E E Text2 Text1 D Text
Text Text1

2. Message Authentication Code

In this type of authentication, the fixed length code (MAC) has been used as authenticator. It
is of three categories. The message authentication code can be defined using function.
i. Sender Receiver

Plain
Plain Text C

Text C + Compared
Key
Key MAC MAC

C denotes a function using the key that generates MAC. At the last a comparison is used for
authenticate the sender.

ii.
Sender Receiver

Plain Plain
Text Text C
Plain
C + E D Compared
Text
Key 1
MAC
Key 1 Key 2 MAC Key 2 MAC

E denotes Encryption process using another key (Key2), this key is different from key of
MAC function. Similarly, D denotes Decryption process using same key (Key2). Similar like
previous category, the last comparison is used for authenticate the sender. The
authentication tied to plain text.

iii.

Sender Receiver

Plain Plain
Text Text C
Plain
C + E D Compared
Text
Key 1
MAC
Key 1 Key 2 MAC Key 2 MAC

Here, the authentication tied to cipher text.

3. Hash function
The hash code is used as authenticator. No key used, only hash function is used. H(m) = h. It
is of two categories.
 Sender Receiver
h
Plain
Plain Text H
Text H E + Compared
h
Key of h D
private
key of A

Key

i. H denotes hash function.

Sender
Receive
r
Ciph Plai
Plain er n H
Text H E + D
Text D Text Compare
h d
h h D
Key of Secret
private
Key
key of A Secret
key Key of public
key of A