Stronf Authentication Techniques

While applying authentication on any device or application, the first thing that comes is Password. Since the last decade. People prefer passwords for authentication. To make our password strong, mostly people use alphanumeric, special characters, bold letters, etc. Even though the user tries to apply the strongest password it has few

Drawbacks:
1. We use it in combinations of alphanumeric, characters, special characters, so they are easily forgetful
2. It has a high chance of getting hacked, pattern breached.
3. Keeping and maintaining different passwords or their patterns all over different platforms like web applications, cards, electronic gadgets is very difficult.


Considering all the above things, we have to use stronger techniques to avoid such breaches. There are so many techniques available currently to authenticate such as:

  1. Biometrics
  2. One Time Passwords(OTP)
  3. Two Factor Authentications
  4. Multifactor Authentication(MFAs)
  5. Security Assertion Mark-up Language(SAML)

These techniques are used in authenticating users on different platforms such as electronic devices, web applications, bank accounts, and most enterprise levels, etc.

BioMetrics

This is the most famous authentication method. In this technique, fingerprint and face recognition is used. For securing more critical apps like Military, Space information uses retina ID as retina is the most unique biometric ID.
This is based on what users have already saved for authentication, in technical terms it is called the “Query” with one or more samples of fingerprints, face Ids. The process of collecting these Ids is called enrollment. Verification is done with matching the sent Query with enrolled data.

Advantages

  1. Simple to enroll and verify.
  2. It is much faster.
  3. It is available in a wide range of platforms such as Microsoft’s windows, Apple’s devices.

Disadvantages

  1. There are some researches which show the biometric can be build up using high-resolution  images.  
  2. There are many Biometric systems that have accuracy issues.

One Time Passwords(OTP)

This technique is used to confirm the transaction is being done through the Authorized person who is associated with that particular account or credit card. 

Mechanism followed:
Step 1. The transaction is triggered after sending SMS/Email/Call to a registered communication medium.
Step 2. The Receiver receives the code on an opted communication medium.
Step 3. Receiver access to this code and uses it to authorize the transaction.
Step 4. The OTP which was unique and generated from the system expired within a few seconds, so it gets deleted from Push Messages.
Step 5. Entered OTP Automatically sends data to for verification and Transaction gets completed with valid OTP.

Advantages

  1. It is safe from replay attacks.
  2.  The communication modes are Email/SMS/and Calls so it’s convenient to use.

Disadvantages

  1. It expires within seconds so it may go out of sync.
  2. Multiple wrong attempts can block your account.
One time password-push notification

Two Factor Authentication

2FA means whenever you log in to any application it will double-check if the user is authorized and a request is coming from an associated user. 2FA is mostly used to minimize the risk of getting an account hacked if the password is compromised.
Steps followed

  1. User logins to the application with Username and Password.
  2.  If the first authentication step is cleared by the user second level of authentication enables for the user.
  3.  The authentication user sends a unique code to the second-factor device(registered).
  4.  The user confirmes the second level authentication by entering the code to the application.

Few methods of achieving 2FA: Authentication Apps(Like Duo), U2F devices, Passcodes(OTPs), Tokens, Calls on registered numbers, Smartcards, etc.

Advantages

  1. It is an inexpensive method to prevent cyber attacks and helps to protect sensitive application
  2.  Userfriendly and easy to use.
  3. Multiple options to use 2FA 
Two factor authentication

Multi-Factor Authentication(MFA)

It is the most effective way to provide advanced security and avoid brute force attacks. When any application uses MFA it creates multiple layers to authenticate the associated user who is sending a request to authenticate. Though any of the levels get breached by an attacker, the user’s data is still secure as an attacker will not have other levels.
MFA can be achieved using some combinations of listed elements below:

  • Codes Generated by Authentication apps
  • USB devices, Smartcards or other physical devices
  • Certificates, tokens
  • Biometrics like Retina, facial Id, Fingerprints
  • Security Question, Images patterns
  • Behavioral Patterns

Above listed elements can be categorized under three different Factors

  1.  Knowledge-Based: Password, Pins, security question, different patterns
  2. Possessions: USB devices, Smartcards, Different Token on Apps
  3. Inheritance: Biometrics like face, voice, fingerprint, retina


The use of this MFA can be decided using AI and implemented based on different use cases for example if the  user is sign in  from unusual devices, network connection, locations, time of accessing the application etc..

Security Assertion Mark-up Language(SAML)

This is an open standard to exchange the Authenticated and Authorised data between Identity Providers and Service Providers. This method uses XML based markup language for security assertions. Assertions are statements that service providers use to make access control decisions.

SAML enables a single sign-on method to login to the service provider. There are two terms used in SAML ie. Service providers and Identity providers 

Service providers – are those who grant access to a user in a particular application.
Identity providers – are those who send a request to SPs with enabled user rights. 

  1. Users access the application using provided URL
  2. After successful identification of the user, it sends the Identity provider request for Authentication.
  3. Now Identity providers check for active browser session or create a new one by logging in to identity provider
  4. IP builds a response containing the user’s username or email address in the XML format document. This uses the X.509 Certificate and posts the user’s information to the service provider.
  5. Service provider checks for the identity provider as it already has a  certificate fingerprint; retrieves the authentication response and validates using certificate fingerprint.
  6. When the identification of the user is established, the application is accessible to the user.

Advantage of SAML is that user don’t need to log in to the application using credentials and the same credentials can be reused for log in to other service providers 

 Conclusion:Attackers are busy finding ways to breach the security of applications and devices but Users are even Smarter, they are using different Authentication techniques to protect data.

References
This is an IEEE paper where Multimodal biometric approaches are explained in detail like facial detection, Fingerprint scanning, Voice recognition.

http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.697.3724&rep=rep1&type=pdf#page=99

ashwini-gayake

Test Analyst