Overview
Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.
Read the articleAUTHOR
-
Pascal THONIEL: Consultant, trainer and expert in cybersecurity - Founder and R&D Director of NTX Research SA, Paris, France
INTRODUCTION
Whether accessing local or wide-area networks, whether these networks are wired, wireless or mixed, in client-server or distributed architecture, authentication of connected objects, equipment, terminals, servers, online services and people is necessary. All aspects of private access, i.e. controlling the delivery of information, resources or services reserved for certain entities, require authentication.
Today, as in the past, widespread use of the "login/password" authentication method remains the rule. However, there are many effective attacks against this method, which is also becoming cumbersome for the user to manage (multiple passwords). Its use therefore corresponds to "weak" authentication.
However, the consequences of a successful attack are far-reaching. Identity theft enables the attacker to benefit from exactly the same rights and services as the legitimate user, but in a malicious way. Online services are offering more and more possibilities to users, and therefore, a contrario, more and more power to harm identity thieves.
In the event of a successful attack involving fraudulent intrusion into an information system, either through lack of user control, or through usurpation of an authorized user's identity, the consequences will be commensurate with the access and action rights allocated to that user (person, program or machine). The stakes are all the higher, as the threats to individuals, businesses, organizations, administrations and their information systems are very real. High-profile cases are reported every month in the specialized and even general press.
What's more, all recent trends in IT in the broadest sense are particularly concerned by the need to ensure authentication. I'm talking here about the Cloud, industrial systems, smartgrids and SCADA, and the Internet of Things (IoT).
Authentication is therefore not a security function to be neglected - quite the contrary. It plays a central role in today's cybersecurity.
Exclusive to subscribers. 97% yet to be discovered!
You do not have access to this resource.
Click here to request your free trial access!
Already subscribed? Log in!
The Ultimate Scientific and Technical Reference
This article is included in
Security of information systems
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
Authentication methods
Bibliography
Conferences
Security and information systems conference https://www.lesassisesdelasecurite.com/
SSTIC – Symposium on information and communications technology security https://www.sstic.org/2017/news/
Standards and norms
- Cartes d'identification. Cartes à circuit(s) intégré(s) à contacts. Partie 1 : caractéristiques physiques - ISO/CEI 7816-1 - 1998
- Identification cards. Integrated circuit cards. Part 2: contact cards – Contact dimensions and locations - ISO/CEI 7816-2 - 2007
Directories
Organizations
ANSSI – Agence nationale de la sécurité des systèmes d'information (French national agency for information systems security)
Exclusive to subscribers. 97% yet to be discovered!
You do not have access to this resource.
Click here to request your free trial access!
Already subscribed? Log in!
The Ultimate Scientific and Technical Reference