Skip to Content
Computer Security Handbook, Fifth Edition
book

Computer Security Handbook, Fifth Edition

by SEYMOUR BOSWORTH, ERIC WHYNE, M.E. KABAY
February 2009
Intermediate to advanced
2048 pages
80h 12m
English
Wiley
Content preview from Computer Security Handbook, Fifth Edition

CHAPTER 28

IDENTIFICATION AND AUTHENTICATION

Ravi Sandhu, Jennifer Hadley, Steven Lovaas, and Nicholas Takacs

28.1 INTRODUCTION

28.2 FOUR PRINCIPLES OF AUTHENTICATION

28.2.1 What Only You Know

28.2.2 What Only You Have

28.2.3 What Only You Are

28.2.4 What Only You Do

28.3 PASSWORD-BASED AUTHENTICATION

28.3.1 Access to User Passwords by System Administrators

28.3.2 Risk of Undetected Theft

28.3.3 Risk of Undetected Sharing

28.3.4 Risk of Weakest Link

28.3.5 Risk of Online Guessing

28.3.6 Risk of Off-Line Dictionary Attacks

28.3.7 Risk of Password Replay

28.3.8 Risk of Server Spoofing

28.3.9 Risk of Password Reuse

28.3.10 Authentication Using Recognition of Symbols

28.4 TOKEN-BASED AUTHENTICATION

28.4.1 One-Time Password Generators

28.4.2 Smart Cards and Dongles

28.4.3 Soft Tokens

28.5 BIOMETRIC AUTHENTICATION

28.6 CROSS-DOMAIN AUTHENTICATION

28.7 RELATIVE COSTS OF AUTHENTICATION TECHNOLOGIES

28.8 CONCLUDING REMARKS

28.9 SUMMARY

28.10 FURTHER READING

28.11 NOTES

28.1 INTRODUCTION.

Authorization is the allocation of permissions for specific types of access to restricted information. In the real world, authorization is conferred on real human beings; in contrast, information technology normally confers authorization on user identifiers (IDs). Computer systems need to link specific IDs to particular authorized users of those IDs. Even inanimate components, such as network interface cards, firewalls, and printers, need IDs. Identification is the process of ascribing an ID to a human ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

AirBnbBlueOriginElectronic ArtsHomeDepotNasdaqRakutenTata Consultancy Services

QuotationMarkO’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.
Julian F.
Head of Cybersecurity
QuotationMarkI wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.
Addison B.
Field Engineer
QuotationMarkI’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.
Amir M.
Data Platform Tech Lead
QuotationMarkI'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Mark W.
Embedded Software Engineer

You might also like

Computer and Information Security Handbook, 3rd Edition

Computer and Information Security Handbook, 3rd Edition

John R. Vacca
Defensive Security Handbook, 2nd Edition

Defensive Security Handbook, 2nd Edition

Lee Brotherston, Amanda Berlin, William F. Reyor

Publisher Resources

ISBN: 9780471716525Purchase book