Unit-5

User Authentication
 User authentication
User authentication is a process that allows a
device to verify the identify of someone who
connects to a network resource. There are
many technologies currently available to a
network administrator to authenticate users.
Example : Firewall
 Levels
Authentication happens in two levels. A user or
human visible level and a machine level.
• The human-level authentication is a simple login
where you provide a net ID and a password to gain
access.

• Machine level authentication is however more

complex and involves a predetermined ID and
password that only a machine authorized to access
the network can know. Ex- Biometric
 Methods of Authentication
• Certificate Based Authentication

Client authentication based on certificates is part of the SSL protocol. The

client digitally signs a randomly generated piece of data and sends both the
certificate and the signed data across the network. The server uses
techniques of public-key cryptography to validate the signature and confirm
the validity of the certificate.

• Password Based Authentication

The user has decided to trust the server, either without authentication or
on the basis of server authentication via SSL. The user requested a resource
controlled by the server.
The server requires client authentication before permitting access to the
requested resource.
• One-time password -- A one-time password is an automatically
generated numeric or alphanumeric string of characters that
authenticates a user. This password is only valid for one login session or
transaction, and is usually used for new users, or for users who lost
their passwords and are given a one-time password to log in and change
to a new password.

• Biometrics -- While some authentication systems can depend solely on

biometric identification, biometrics are usually used as a second or
third authentication factor. The more common types of biometric
authentication available include fingerprint scans, facial or retina scans
and voice recognition.

• Mobile authentication -- Mobile authentication is the process of

verifying user via their devices or verifying the devices themselves. This
lets users log into secure locations and resources from anywhere. The
mobile authentication process involves multifactor authentication that
can include one-time passwords, biometric authentication or QR code
validation.
• Two-factor authentication -- Two-factor authentication adds an
extra layer of protection to the process of authentication. 2FA
requires that a user provide a second authentication factor in
addition to the password. 2FA systems often require the user to
enter a verification code received via text message on a
preregistered mobile phone, or a code generated by an
authentication application.

• Multifactor authentication -- Multifactor authentication requires

users to authenticate with more than one authentication factor,
including a biometric factor like fingerprint or facial recognition, a
possession factor like a security key fob or a token generated by
an authenticator app.
 Assignment
• Differentiate b/w Human authentication &
machine authentication?