3.1. Introduction

Authentication is the most fundamental aspect of security. It entails the definition of access rights and the identification of the source of an attack in the case of a problem. It allows access to various local and remote services to be controlled and limited. Authentication is a key mechanism of security since it constitutes the first barrier of security against potential attacks. The most important challenge for an attacker with authentication is to find the password that allows them to do what they want and thus compromise the system in question.

Authentication is accomplished through three possible techniques:

• – The first technique, called “I have”, is tied to the possession of an object that represents a proof of identity. This is the case with a badge or a card. This technique is most often used to ensure physical security and control access to critical locales.
• – The second technique, called “I know”, is tied to the knowledge of a secret combination which is the password. This is the most common method of providing authentication for a computing system.
• – The third technique, called “I am”, is the strongest form of authentication insofar as it is dependent on a personal characteristic of the user being authenticated (fingerprint, speech, etc.).

In certain scenarios, numerous techniques can be combined for better security, which is the case with banking cards (“I have” the card and “I know” the code).

The password ...