Authentication refers to the task of verifying the identity of aperson/software connecting to an application. The simplest form ofauthentication consists of a secret password that must be presented when a userconnects to the application. Unfortunately, passwords are easily compromised,for example, by guessing, or by sniffing of packets on the network if thepasswords are not sent encrypted.
More robust schemes are needed for criticalapplications, such as online bank accounts. Encryption is the basis for morerobust authentication schemes. Many applications use two-factor authentication, where two independentfactors (that is, pieces of information or processes) are used to identifya user.
The two factors should not share acommon vulnerability; for example, if a system merely required two passwords,both could be vulnerable to leakage in the same manner. While biometrics suchas fingerprints or iris scanners can be used in situations where a user isphysically present at the point of authentication, they are not very meaningfulacross a network. Passwords are used as the first factor in most suchtwo-factor authentication schemes. Smart cards or other encryption devicesconnected through the USB interface,which can be used for authentication based on encryption techniques are widelyused as second factors. 1) Authorization:- the selected After users are successfullyauthenticated against the selected data source, they are than authorized forspecific data or database or network resources. Authorization is basically whata user can and cannot do on the network after that user is authenticated.Authorization is typicallyimplemented using a AAA server-based solution.
Authorization uses a created setof attributes that describes the user’s access to the specific data ordatabase. These attributes are compared to information contained within the AAAdatabase, and determination of restrictions for that user is made and deliveredto the local router where the user is connected.2) Encryption:-Encryption can be used toencrypt data while it is in transit or while it’s stored on a hard drive.Cryptography is the study of protecting information by mathematicallyscrambling the data, so it cannot be deciphered without knowledge of themathematical formula used to encrypt it. This mathematical formula is known asthe encryption algorithm. Cryptography is composed of two words: crypt (meaningsecret or hidden) and graphy (meaning writing). Cryptography literally meanssecret or hidden writing.
Cleartext is the plan text which can be read byeveryone and understandable data, and cipher text is the scrambled text as aresult of the encryption process. Cipher text should be unreadable and show norepeatable pattern to ensure the confidentiality of the data.There are three criticalelements to data security.
Confidentiality, integrity, and authentication areknown as the CIA triad. Data encryption provides confidentiality, meaning thedata can only be read by authorized users. Message hashing provides integrity,which ensures the data sent is the same data received and the information wasnot modified in transit. Message digital signatures provide authentication(ensuring users are who they say they are) as well as integrity. Messageencrypting, and digital signatures together provide confidentiality, authentication,and integrity.