Information Technology Reference
In-Depth Information
•
Kerberos is not capable to manage denial of service (DoS) attacks. With
a simple DoS attack, you can prevent an application to participate in a
process of authentication. Even Password Guessing attacks are not
managed by Kerberos.
5.3
Other secure authentication systems
5.3.1
Biometrics: definition and fundamental components
In recent years the idea that the use of biometric techniques can be a good
compromise between safety and ease of use has grown.
Biometrics is the science that studies the analysis of those biologic
characteristics of the individual, which are unique and unrepeatable, allowing
therefore the identification. The biological characteristics are divided, more
precisely, in physiological (linked in a steady manner to the anatomy of the
human body) and behavioural characteristics (linked to the personal way of
life of each human being) that are easier to integrate, but less reliable.
The approach to the techniques in the field of biometric security
completely upsets the concept of passwords. There is a migration from
authentication based on something that the user knows (password or PIN), or
something that the user has (magnetic identification card or smart card) to an
authentication type based on what the user is (biological characteristics that
biometrics can identify).
The biometric technique offers the best advantages in terms of safety and
convenience: personal biologic characteristics cannot be borrowed, cannot be
stolen, cannot be forgotten and they are virtually impossible to replicate (the
possible use of plastic surgery for replicating the anatomical feature is not
taken into account).
There are two different procedures for the use of biometric systems:
verification
and
identification
.
Verification (or authentication) is used when the user is already registered,
the user declares the identity and the system acquires the biometric feature.
This is compared only with that which you have already saved in a database.
The identification (or search) is used, however, where the identity of the
subject is not known a priori. In this case, the extracted biometric feature of
the individual is compared with those in a database to establish the identity of
the subject. If the feature is not contained in the database, the identification
process gives a negative result.
Of course, identification is more expensive than verification; it needs
more resources and presents an accuracy that decreases with the size of the
database.
The most common physiological characteristics that can be analysed for
security are fingerprints, the geometry of the palm of the hand, the retinal or
