An attacker, in order to harm the system, must firstly be connected to it. Besides preventing or blocking the access for unauthorized persons, the user's ability to operate in the system has to be limited according to one's job specifications. These successful restricting access techniques are based on the establishing the identity of the user and are called authentication and authorization.
The purpose of this conference topic is to understand some of the authentication functions that have been developed to support application-level authentication and digital signatures . Read through Session 5 Lecture Notes and become familiar with user authentication and key distribution.
Post a concise answer discussing the following topics:
- Authentication functions are widely used today to support network-based user authentication. Can you discuss some controls that have had a great degree of success? Which ones if any are not very useful and why?
- Key distribution schemes using an access control center and/or a key distribution center have central points vulnerable to attack. Discuss the security implications of such centralization.
- List some considerations you may have in mind for implementing an authentication and authorization system in your company.