Lecture 2

Authentication, Access Control, Non- Repudiation & Fault - Tolerant

Methodologies

Introduction to Authentication:
Authentication is the process of verifying the identity of a user, system, or entity. It ensures that the
person or system attempting to access information is authorized to do so. Authentication methods
include:
1. Something You Know: Passwords, PINs, Passphrases.
2. Something You Have: Smart cards, Security tokens, Mobile devices.
3. Something You Are: Biometrics (fingerprint, retina scan, facial recognition).
Access Control:
Access control is the process of managing and restricting access to certain information or resources
within a system. It ensures that authenticated users can only access the data or services they are
allowed to. Access control can be categorized into:
1. Discretionary Access Control (DAC): Users have control over their own resources.
2. Mandatory Access Control (MAC): Access rights are predefined by the system
administrator.
3. Role-Based Access Control (RBAC): Access rights are assigned based on roles within an
organization.
4. Attribute-Based Access Control (ABAC): Access rights are determined by evaluating
attributes of the user, environment, and resource.
Non-Repudiation:
Non-repudiation is the assurance that a message sender cannot deny the authenticity of their
message or deny that they sent the message. It prevents parties from successfully denying
involvement in a communication. Non-repudiation techniques include:
1. Digital Signatures: Cryptographic technique to ensure the origin, identity, and status of an
electronic document, transaction, or message.
2. Public Key Infrastructure (PKI): Infrastructure that manages digital keys and certificates.
3. Audit Trails: Detailed logs that record all actions and events within a system.
4. Timestamping: Adding a timestamp to digital data to provide proof of the time when
certain events occurred.
Introduction to Fault-Tolerant Security:
Fault-tolerant security refers to the ability of a system to maintain its security functions even when
some components or processes in the system are compromised or unavailable due to faults, errors,
or attacks. It is a critical aspect of information security, ensuring that systems remain secure and
operational despite unforeseen circumstances.
Challenges and Best Practices:
1. Password Security: Encourage strong passwords and implement multi-factor authentication
to enhance security.
 2. Access Control Policies: Regularly review and update access control policies to adapt to
changing organizational needs.
3. Biometric Data Protection: Ensure secure storage and encryption of biometric data to
prevent misuse.
4. Regular Auditing: Periodically audit access logs and review authentication mechanisms to
identify
Redundancy and Replication:
1. Redundant Systems: Implementing redundant components, such as backup servers,
firewalls, or authentication mechanisms, to ensure continuous operation if one component
fails.
2. Data Replication: Duplicating critical data across multiple servers or locations, ensuring
that even if one copy is compromised, the system can still operate using the replicated data.
Error Detection and Correction:
1. Checksums and Hash Functions: Using checksums and hash functions to detect errors in
transmitted or stored data. If errors are detected, the system can request the data to be resent
or corrected.
2. Error-Correcting Codes: Implementing error-correcting codes in communication protocols
to automatically correct errors in transmitted data without the need for retransmission.
Diversity and Redundancy in Security Measures:
1. Diverse Security Measures: Employing diverse security mechanisms, such as firewalls,
intrusion detection systems, and encryption, to protect against different types of attacks. If
one measure fails, others can still provide protection.
2. Redundant Security Protocols: Implementing multiple security protocols for critical
operations. If one protocol is compromised, the system can switch to an alternative protocol
without compromising security.
Disaster Recovery and Business Continuity:
1. Data Backup and Recovery: Regularly backing up critical data and implementing robust
recovery procedures to restore the system to a secure state after a security breach or failure.
2. Business Continuity Planning: Developing comprehensive business continuity plans that
outline procedures for maintaining essential functions during and after a security incident.
This includes having backup systems, emergency response protocols, and communication
plans.
Proactive Monitoring and Response:
1. Real-Time Monitoring: Implementing real-time monitoring tools to detect anomalies,
intrusions, or faults in the system. Continuous monitoring allows for immediate response to
security threats.
2. Automated Responses: Implementing automated responses to common security threats.
Automated systems can respond quickly to mitigate the impact of an attack or fault,
preventing further damage.
Real Life Scenario
Scenario: Online Banking System
Authentication:
Example: Two-Factor Authentication (2FA) in Online Banking
When you log in to your online banking account, you typically use a combination of something you
know (password) and something you have (mobile device). After entering your password, the
system sends a verification code to your registered mobile number. You must enter this code to gain
access. Here, the password is what you know, and the verification code from your mobile device is
what you have, providing two-factor authentication.
Access Control:
Example: Role-Based Access Control (RBAC) in Online Banking
In an online banking system, different users have different levels of access. A regular user might
have access to view account balances and transfer money, while a bank employee has additional
privileges like account management. RBAC assigns roles (user, manager, administrator) to users,
and these roles have associated permissions. For instance, a bank teller (role) can view customer
account details but cannot modify them, ensuring proper access control within the system.
Non-Repudiation:
Example: Digital Signatures in Online Banking Transactions
When you initiate a fund transfer in online banking, the system generates a digital signature for the
transaction using your private key. This signature is unique to you and the specific transaction. The
bank verifies this signature using your public key, confirming your identity and ensuring the
transaction's integrity. In case of a dispute, the digital signature serves as non-repudiation evidence,
as you cannot deny authorizing the transaction with your unique digital signature.
Fault Tolerant System:
Example: Financial Institutions' Online Banking Systems:
Financial institutions like banks employ fault-tolerant methodologies to safeguard their online
banking systems. These systems handle sensitive financial transactions and require continuous
availability. Banks implement redundant servers, load balancers, and failover mechanisms. If one
server fails, the load balancer redirects traffic to other operational servers, ensuring uninterrupted
service. Additionally, real-time transaction monitoring systems detect unusual patterns, enabling
rapid responses to potential security threats and ensuring the integrity of financial data.