Latest authentication technologies for identity and access management strategy requires a good planning. Appropriate technologies and products must be tested. In this article, we will discuss about the latest authentication technologies in terms of encryption, access control, biometrics and authentication. The introduction of a modern identity and access management (IAM) can quickly find the key question for the daily practice : How the companies can make sure that only the authorized employees, customers and partners have access to certain data and information? There are four methods that can complement each other:
- Encrypted data storage See Encryption and Decryption in Technology, AES or Advanced Encryption Standard, Protection of Data by Encryption)
- RFID access control See Six Steps for Cloud Security
- Biometric recognition process See Facial Recognition as an example.
- Multi-factor authentication.
Definition of Authentication Technologies : There are defined very specific requirements for security and access control of storage media. This includes maintaining the confidentiality of data from logical and physical attacks. This can be realized for example by a multi user authentication for access to the protected memory area associated with a hardware-based encryption of the data.
For the latter, for example, the AES encryption is recommended with a key length of 256 bit in CBC mode. AES stands for Advanced Encryption Standard, a symmetric cryptosystem, which is recognized worldwide as safe and is approved calculation as for example in the U.S. government documents with utmost secrecy. The Cypher Block Chaining (CBC) in AES operation indicates a complicated procedure. Moreover, the user must be able to generate the cryptographic key himself/herself and destroy in an emergency if the data is regarded as a highly secure one.
Latest Authentication Technologies at a Glance : Encryption is Not Everything
Users rely in the context of encryption, however; there is always a popular misconception : users believe that encrypting their data would provide adequate security against unauthorized access and data theft. But, even with the best encryption methods, there are no real obstacle to data thieves, unless in accordance with effective access control exists. Because, the confidentiality of data on removable storage media such as hard drives, mobile security, are deployed only through a combination of access control and encryption only then can be guaranteed. Indeed, while the encryption on physical attacks ensures the confidentiality of the data specific to the storage, unauthenticated access attempts on storage are blocked at the hardware level by means of an access control.
AES Full Disk Encryption offer itself is not the recommended way to achieve the expected maximum security, as long as the data access does not occur via a multistep, complex authentication mechanism and the cryptographic key is not external, stored outside the disk. Otherwise, the result would be that the sensitive data – figuratively speaking – though behind a massive steel door, steel door – however this only secured with a padlock, which can be removed in no time. The guarantee may be ineffective in particular by the exploitability of existing vulnerabilities, to determine explicitly.
Latest Authentication Technologies at a Glance : Radio Frequency Identification (RFID)
What form of user authentication provides adequate protection for sensitive business data? The password or PIN on a PC keyboard is in the business environment popular but usually not sufficiently secure. The access control via Radio Frequency Identification (RFID) in combination with AES hardware encryption provides significantly more access protection, but still not enough as a single stage procedure for the high demands of large enterprises and government agencies.
It transmits signals to an encryption reader, which is located approximately within an external hard drive. The disk is an electromagnetic field, encryption reader receives signal by the antenna of a transponder and a microchip which is located on the transponder is activated. Following this, it can receive and send commands via the antenna. Therefore, only the owner of the RFID transponder unlock and access the data or lock the hard drive in less than 100 milliseconds. Although RFID procedures are now a central component of security concepts for superior requirements, risks remain, such as the possible reproduction of the RFID key or by listening the ID via unencrypted RFID transmission.
Latest Authentication Technologies at a Glance : Biometric Authentication
Biometric method is as RFID, PIN or password is an one-step authentication process. Here, measurable physiological characteristics such as fingerprints or facial features and behavioral characteristics such as the voice are used to authenticate a user. With an algorithm, these features are converted to a digital record and stored electronically.
When there is need of identity verification then a comparison with the current values ??of a person takes place. Sun showed that in fingerprint recognition overcoming trials were very simple and the face recognition proved to be very error-prone. With the regard to the protection of personal data, biometrics are also considered critically.
Latest Authentication Technologies at a Glance : Multi-factor Authentication
Maximum data security is ensured only through a multi-step, complex authentication. Following the principle of possession and knowledge, the two-step authentication is built by smartcard and PIN. The PIN ensures that only the authorized user of the cryptographic key can be transmitted from the smart card and gain access to the storage medium. In case of loss or theft of keys, data can not be read from either the media itself nor from its housing.
Here, the crypto key itself is a security feature that is important to note when it comes to choose the highest possible data security. How the key is made? Where is it kept? May have copies are available? These are the critical questions. Because even with the best, strongest door lock, a door can be opened quickly when the key is kept accessible or even unauthorized persons are in possession of the secondary keys. In order to meet the highest safety requirements, may for the encryption and decryption of data required cryptographic keys are stored either on disk or in flash memory or in the housing. In contrast, decryption of the data is not possible in case of Multi-factor Authentication.
Latest Authentication Technologies at a Glance : Conclusion
Even a door of a Security Vault with the best, strongest door lock demands armed guard. The reason is quite obvious – by simple or complex application of physical force in some way or the other, any security measures can be circumvented. Like often demonstrated in the Movies, we need to keep this point in mind. The hard disk, i.e. the server must be itself locked, within a secured room with the best, strongest door lock and armed guard. The room must be within a building which again has very tough to break security by means of watch camera, armed guards etc. Each door, if possible, must have tired unique smart card protection. This makes the server room difficult to access by the outside arm guards who can be forced to give physical access. Other definite point is the needed security at the operating system level.