14.

3 Authentication Mechanisms
14.3.1 Q10. differentiate between authentication and authorisation
Authentication and Authorization are both crucial security concepts in the context of
information systems, but they serve different purposes:
Authentication:
 Definition: Authentication is the process of verifying the identity of a user, device, or
system.
 Purpose: To ensure that the entity (user or system) requesting access is who they
claim to be.
 How it works: It typically involves the use of credentials, such as a username and
password, biometrics (fingerprint or facial recognition), or security tokens.
 Example: Logging into a website with a username and password is an authentication
process. If you provide the correct password, the system verifies your identity.
 Focus: Who are you?
Authorization:
 Definition: Authorization is the process of granting or denying access to specific
resources or actions based on the authenticated identity.
 Purpose: To determine what actions the authenticated user is allowed to perform or
what resources they can access.
 How it works: It involves defining roles or permissions and checking if the
authenticated entity has the necessary privileges to access a particular resource or
perform an action.
 Example: After logging in (authentication), the system may check whether you are
allowed to view sensitive data, make changes, or delete records based on your user
role or permissions (e.g., Admin, User, Viewer).
 Focus: What can you do?
Key Difference:
 Authentication answers the question: Who are you?
 Authorization answers the question: What can you do?
14.3.2 Q11. differentiate between Two Factor Authentication (2FA) and Multifactor
Authentication (MFA)
Ans. Number of factors they use for authentication.
Two-Factor Authentication (2FA)
 Definition: 2FA is a specific type of MFA that requires two factors for authentication.
  Factors Used: Typically involves two of the following:
1. Something you know (e.g., a password or PIN).
2. Something you have (e.g., a mobile device or security token).
3. Something you are (e.g., a fingerprint or facial recognition).
 Example: When logging into an account, you enter your password (something you
know) and then receive a one-time code sent to your mobile device (something you
have) to enter.
 Purpose: Enhances security by requiring both a password and an additional
verification step.
Multifactor Authentication (MFA)
 Definition: MFA is a broader security concept that requires two or more factors from
the categories of:
1. Something you know (e.g., password, PIN).
2. Something you have (e.g., smartphone, smart card).
3. Something you are (e.g., biometrics like fingerprints, voice recognition).
 Factors: Can require two or more factors beyond a password for authentication, and
can involve any combination of the three factors (knowledge, possession, and
inherence).
 Example: Logging into a system might require a password (something you know), a
fingerprint scan (something you are), and a one-time passcode sent via email
(something you have).
Key Differences:
 Number of Factors: 2FA is a subset of MFA and requires only two factors, while MFA
can require two or more factors.
 Flexibility: MFA is more flexible as it can involve any combination of factors,
whereas 2FA is strictly limited to two.
14.3.3 Q12. describe the following authentication methodologies:
Ans.
a. username and password
b. Personal Identification Number (PIN)
c. access cards d. biometrics.
Ans. Authentication Methodologies:
Authentication methodologies are ways to verify the identity of users trying to access a
system or service. Below are descriptions of several common authentication methods:
a. Username and Password
 Description: This is one of the most common forms of authentication. The user is
required to provide a username (which is usually a unique identifier for the user) and
a password (a secret string of characters known only to the user).
 Process:
1. The user enters their username.
2. The system prompts for the password.
3. If both the username and password match the stored values in the system, the
user is granted access.
 Strengths:
o Simple and easy to implement.
o Widely understood and used.
 Weaknesses:
o Vulnerable to attacks like brute force, dictionary attacks, and phishing if
passwords are weak or reused.
o If the password is compromised, the security of the system is significantly
compromised.

b. Personal Identification Number (PIN)

 Description: A PIN is a numeric code used to authenticate a user, typically consisting
of 4 to 6 digits. It is often used in place of a password, particularly in devices like
ATMs or mobile phones.
 Process:
1. The user enters a personal identification number (PIN).
2. The system checks the PIN against a stored value.
3. If the entered PIN matches, access is granted.
 Strengths:
o Simple and quick to use.
o Typically easier to remember than a complex password.
 Weaknesses:
o Short PINs (e.g., 4 digits) are susceptible to brute-force attacks (e.g., 10,000
possible combinations for a 4-digit PIN).
 o Can be easily observed and stolen if used in public or unsecured areas.

c. Access Cards
 Description: Access cards (often called smart cards or security badges) are physical
devices used for authentication. They store cryptographic data, which can be used to
confirm a user’s identity and grant access to buildings, networks, or systems.
 Process:
1. The user presents the access card to a reader (which could be a physical door
reader or a digital device like a computer).
2. The card’s stored data (such as a unique ID or cryptographic key) is compared
to the system’s records.
3. If the data matches, the user is granted access.
 Strengths:
o Convenient and quick to use, especially in physical security systems.
o Difficult to duplicate or hack compared to traditional keys.
 Weaknesses:
o The card can be lost, stolen, or forgotten.
o May require additional infrastructure, such as card readers or scanners.
o Can be subject to hacking if the encryption or security measures are weak.

d. Biometrics
 Description: Biometrics involves using unique physical characteristics of the user
(such as fingerprints, facial recognition, retina scans, voice patterns, etc.) to
authenticate identity. Biometrics are considered "something you are" in authentication
terms.
 Process:
1. The user provides a biometric sample (e.g., scans their fingerprint or face).
2. The system compares the captured biometric data to a stored template.
3. If the data matches, access is granted.
 Strengths:
o Very difficult to forge or steal, as the biometric traits are unique to the
individual.
 o Fast and user-friendly since it doesn’t require remembering passwords or
carrying physical devices.
 Weaknesses:
o Requires specialized hardware (e.g., fingerprint scanner, camera).
o Can have privacy concerns, as biometric data is sensitive.
o May not work well for all individuals (e.g., certain people may have difficulty
with facial recognition or fingerprint scans).