Autenticacion

Autenticacion

Autenticación El principal proposito de la autenticación consiste en permitir el acceso a ciertos recursos y evitar el uso no autorizado los mismos. Los mecanismos de seguridad con autenticacion tienen el propósito de detectar que un atacante esta actuando y tratando decifrar las claves mediante procesos de criptoanálisis.

La autenticidad de una informacion se refiere a que quien recibe los datos puede estar segura que el mensaje lo originó fue la entidad emisora original.
La integridad de los datos indican que quien recibe los datos esté segura de que la información que recibe de la entidad emisora no ha sido modificada desde su envio. Aunque teoricamente hay una diferencia entre autenticación e integridad, los esquemas y algoritmos usados normalmente proporcionan ambos tipos de protección de forma combinada.

Los criterios que deben cumplir un algoritmo de autenticación e integridad son:

los mismos criterios que ofrecen las funciones de cifrado que se utilizan para asegurar la confidencialidad.
que el cambio de un bit en el mensaje original o en su clave deba afectar al máximo número de bits posible del auténtico (aproximadamente la mitad).
se debe proteger el secreto de la clave
al proporcionar un conjunto grande de parejas de mensajes y sus correspondientes autenticadores, no se debe poder obtener el autenticador de ningún otro mensaje. Un sistema de autenticación consta de un espacio de claves K, un espacio de mensajes M para autenticar, un espacio de resúmenes R y una función de autenticación A. La función A tiene como entrada un mensaje M y una clave K dando lugar a una autenticada o resumen R que se añade al mensaje en una posición determinada y que sirve como autenticador del mensaje además de garantizar la integridad.

El autenticador es mucho más pequeño que el mensaje y en teoría dos mensajes distintos pueden dar lugar al mismo autenticador. Lo que ocurre es que la probabilidad de que esto ocurra es tan baja que permite una utilización sin problemas. Entre los algoritmos de autenticación más utilizados se encuentran:

SWIFT: para la autenticación de mensajes de carácter financiero y bancario. Este algoritmo no ha sido publicado.
algoritmos basados en modos normalizados de operación del DES.
algoritmo MAA: Message Authentication Algorithm.
algoritmo RSA: Basado en criptosistemas de clave pública.
algoritmo El Gamal: del NIST (National Institute of Standards and Technology) basado en un sistema de firma digital.
Autenticacion
La autenticacion es el proceso de identificar a un individuo basados en algun metodo de identificacion. La autenticacion solamente asegura que el individuo es quien reclama ser, pero no dice nada acerca de que permisos tendra para acceso a los recursos.

Autenticacion (Proviene del griego: 'authentes'='autor')
Es el hecho de confirmar que alguien (o algo) es autentico, o sea que el reclamo de identidad hecho por el autor es verdadero.

El individuo autenticado puede ser una persona, un computador o un programa de computacion.

La autenticacion de una persona es el proceso de identificar su identidad.
La autenticacion de un objeto consiste en confirmar su verdadera procedencia.

Por ejemplo en el campo de la computacion, un simple esquema de autenticacion esta basado en usuario y clave. Otro ejemplo es autenticar el origen de un producto como cafe o vino proviene efectivamente de algun fabricante o alguna region y tiene caracteristicas especiales.

Ejemplos comunes de autenticacion son::

Leer su email con usuario y clave
Retirar dinero de un cajero electronico con una tarjeta
Accesar una computadora remotamente a traves del internet
Utilizar un sistema bancario por internet
Autenticacion y autorizacion
Authentication is distinct from authorization , Authorization is the process of verifying that a known person or program has the authority to perform a certain operation or access system objects based on their identity.

Authentication, therefore, must precede authorization. Since authorization cannot occur without authentication, the former term is sometimes used to mean the combination of authentication and authorization. To distinguish authentication from the closely related term authorization, the short-hand notations A1 (authentication) and A2 (authorization) are occasionally used.

For example, when you show proper identification to a bank teller, you could be authenticated by the teller, and you would be authorized to access information about your bank acccounts. But you would not be authorized to access accounts that are not your own.

Strong Authentication
Authentication is a process where a person or a computer program proves their identity in order to access information. Proof is the most important part of the concept.

The proof is generally known as identification or ID and can be something that the individual knows like a password or something that he possessed, like a passport; or something that is unique for this person, like a fingerprint.

Strong authentication systems will require at least two of these proofs.

Two-factor Authentication

People authenticate themselves are using this methods:

Something the user is . Examples are: DNA sequence, unique voice pattern, fingerprint or retinal pattern, signature recognition or other biometric identifier as the face.
Something the user has . Examples are ID card, passport, cell phone, security token or software token
Something the user knows Like a password , a pass phrase or a personal identification number (PIN)

Sometimes a combination of methods is used for example the ATM card and the PIN number.

in which case the term 'two-factor authentication ' is used.

Authentication and Biometrics

Historically, fingerprints have been used as the most authoritative method of authentication, but recent court cases in the US and elsewhere have raised fundamental doubts about fingerprint reliability. Other biometric methods are promising (retinal and fingerprint scans are an example), but have shown themselves to be easily spoofable in practice.

Authentication and Cryptography
Authentication processes are linked with encryption or crypto systems. For example in the internet the sites and programs that wants to authenticate you but the password is your proof and must be sent encrypted or it’s no longer a secret.

Cryptographic methods have been developed which are currently not spoofable if (and only if) the originator's key has not been compromised. (For example the digital signature and challenge-response authentication).

It is not known whether these cryptographically based authentication methods are provably secure since unanticipated mathematical developments may make them vulnerable to attack in future. If that were to occur, it may call into question much of the authentication in the past. In particular, a contract may be questioned when a new attack on the cryptography underlying the signature is discovered.

Authentication and Trust

In a Web of trust "authentication" is a way to ensure users are who they say they are and the user who attempts to perform functions in a system is in fact the one authorized to do so.

A common case is the internet is the process of confirmation email which must be replied to in order to activate an online account of some kind. Since email can easily be arranged to go to or come from bogus and untraceable addresses, this is a week authentication method that only proves that the email exists but have no idea about the real identity of an individual.

Authentication Sites and Links
BioPassword - A software-based technology that learns and verifies unique typing patterns. Includes an introduction to biometrics and keyboard dynamics.
Blockade Systems - Password synchronization and enterprise-wide access control management software. Includes a return-on-investment calculator.
Dos and Don'ts of Client Authentication on the Web - Paper by Kevin Fu, Emil Sit, Kendra Smith, and Nick Feamster. In the Proceedings of the 10th USENIX Security Symposium, Washington, D.C., August 2001. [PDF]
Finally Software - Enterprise security solutions based on PKI and Kerberos. Also offer a secure terminal emulator for connecting to Unix servers from Windows. Product information and downloadable evaluation software.
Flicks Software - Software password protects web content (Windows NT / 2000). Free trial downloads available.
iDEX Systems, Inc. - Java-powered iButton based personal identity management security services and digital certificate authentication for secure logon, secure messaging, and digital signatures.
IIS User Authentication Tutorial - Information on various methods for WWW password protection using Internet Information Server (IIS). Text-based tutorial with some screenshots.
iisPROTECT - Functions with Internet Information Server to secure web sites. Includes live demo.
Intertrust Technologies Corporation - Develops general purpose digital rights management platform which serves as foundation for providers of digital information, technology and commerce services to participate in a global system for digital commerce. (Nasdaq: ITRU).
I/O Software - Provider of software solutions, including biometric solutions. Site includes product dencriptions and technology licensing terms.
M-Tech Information Technology, Inc. - ID-Synch, identity management software for managing user administration processes. Product information, customers, press releases and contact details.
NMA, Inc. - ZSentry two-factor authentication solution. Product information, white papers and contact details.
Open Systems Management - Password synchronization and role based access control across UNIX, Windows NT and resident applications. Site contains FAQs.
Password Management - Paper by M. Bishop, 1991. Discusses problems of password selection and password management, and identifies relevant techniques. [PDF]
Pluggable Authentication Modules - Sun's official PAM documentation. Programmer documentation and source code.
A Proactive Password Checker - Paper by M. Bishop, 1991. The author describes a technique, and a mechanism, to allow users to select passwords which to them are easy to remember but to others would be very difficult to guess. [Postscript]
Remote User Authentication in Libraries - Comprehensive collection of resources for libraries and universities. Includes links to software and some links of interest to non-librarians.
RSA Security - Products include token-based one time password systems and single sign on systems. Site contains information on security.
SAFLINK - Offer a range of identity management solutions based on tokens, smartcards and biometrics. Headquarters in Bellevue, WA.
Secure Remote Passwords - Software integrates into existing networked applications. Secure telnet and FTP available. Open source. User and technical documentation as well as source code.
SecureUser.net - Providers of tools to e-commerce developers. Site includes a technology explanation and case studies.
Theory of Identification and Authentication - History and development of mechanisms and techniques.
Unisys - Makers of several related products. Site includes rationale as well as comprehensive usage information.
Vasco - Makers of both software and hardware systems. Demos, case studies and product information.
Related Terms
Public key cryptography
Geo-location
Kerberos
SSH
Encrypted key exchange (EKE)
Secure remote password protocol (SRP)
Closed-loop authentication
RADIUS
DIAMETER
HMAC
EAP
Two-factor / strong authentication
Authorization
Biometrics
Authentication OSID
CAPTCHA
autenticacion 2018