Excuse me, who are you?

--Originally published at Don't Trust Humans, Trust Computers

Each person in this planet has something that identifies him/her. It could be a physical characteristic, like nose shape, eye color, hair, a scar, etc., or it could be a non-physical thing like voice tone, name, the way you speak, and so on. We even have legal documents that verify who we are in a society. No matter in what part of the world we are, we are someone and we can probe that we are the person we say we are. But if the pass from the physical world into the digital one. In the digital world, we can be any one and there’s no one that is checking if we are really who we say we are, or maybe there is? The truth is it depends on how you see it. Because there are websites, like Tumblr that ask you for a user and a password, so there is really someone checking that the user and password match, but once inside Tumblr is another story. If you came to realize, there are many places in the digital environment that ask for a user and password, and that is important matter in the security aspect.

giphy-8

Authentication and access control are two complementary topics that go on hand in hand. Most of the time you want this type of security in any system you are in to protect the information that is inside a system. And of course, it affects which user access the system. Authentication is the process of verifying if you are really the user you say you are. This process there are two key elements: the identifier and the authenticator. By identifier we mean the user, that tells who you are and the identifier is commonly known as the password that verifies that is truly you who is

screen-shot-2016-11-23-at-9-58-57-pm
the system. There are 3 generic types of authenticator:

  1. Something you have, like a card.
  2. Something you know, like a password.
  3. Something are, like a fingerprint.

The authentication process consist of 4 simple steps:

  1. The user put his/her identifier
  2. The user provides the authenticator.
  3. The authenticator is send to a part in the system through a secure channel.
  4. Validation of the data

screen-shot-2016-11-23-at-9-58-57-pm

After the validation finishes you will either enter the system or not, and this is were part of the access control comes in. Access control is the unauthorized use of resources in the system. The access control allows user to login into the system and also gives certain right to some users. There are 3 key elements: the subject, the object and the access right. The subject refers to the user, the object to the resource in the system and the access right the ways the subject can interact with the object. There are 2 types of access control:

  1. Mandatory access control.- is the user that defines what data do the other users hace access to.
  2. Discretionary access control.- the owner of a file choose who can see the file and who can’t.

Authentication and access control is something that we are going to see every time we enter to a website. Is a secure way to protect you information in a system, but remember there are also threats that can affect this two concepts. So stay alert and never share you password to stranger.

Stay safe

A.C.

Reference

http://www.cse.chalmers.se/edu/course/EDA263/oh15/L04%20authentication%20and%20access%20control.pdf