This preview shows page 1. Sign up to view the full content.
Unformatted text preview: ard
and checks to see if the card produced belongs to an authorized user. Obviously,
security can be ensured only if the item to be produced is unforgeable and safely
3. Proof by Property. In this approach, the system is designed to verify the
identity of a user by measuring some physical characteristics of the user that are
hard to forge. The measured property must be distinguishing, that is, unique
among all possible users. For example, a special device (known as a biometric
device) may be attached to each terminal of the system that verifies some physical
characteristic of the user, such as the person's appearance, fingerprints, hand
geometry, voice, signature. In deciding the physical characteristic to be measured,
an important factor to be considered is that the scheme must be phycologically
acceptable to the user community. Biometric systems offer the greatest degree of
confidence that a user actually is who he/she claims to be, but they are also
generally the most expensive to implement. Moreover, they often have user
acceptance problems because users see biometric devices as unduly intrusive.
In practice, a system may use a combination of two or more of these
authentication methods. 'For example, the authentication mechanism used by
automated cash-dispensing machines in banks usually employs a combination of
the first two approaches. That is, a user is allowed to withdraw money only if he or she produces a valid identification card and specifies the correct password
corresponding to the identification number on the card.
To provide good security with password-based authentication, it is important that
passwords are kept secret and passwords are chosen in such a manner that they are
difficult to guess. Access Control
Once a user or a process has been authenticated, the next step in security is to
devise ways to prohibit the user or the process from accessing those
resources/information that he/she/it is not authorized to access. This issue is called
authorization and is dealt with by using access control mechanisms.
When talking about access control in co...
View Full Document
This document was uploaded on 04/07/2014.
- Spring '14