Authentication

Presenting an identity to a system is technically all that is needed for the system to apply authorizations, enforce access control, and audit. Unfortunately, the world isn’t comprised of honest people. Therefore, an identity generally has to be accompanied by something else that proves the person’s identity is legitimate.

For identification to work successfully, there has to be a process for proving that a person is who they claim to be: authentication is that process.

Methods

Authentication methods fall into the following three categories:

  • Something you know, such as a password or Personal Identification Number (PIN). Passwords are the most common authentication method for computer systems because they are generally cheap to implement and maintain.

  • Something you possess such as a token card, X.509 certificate, a smart card, a car key, a credit card, or a software license key. These last examples vary on their ability to support an individual’s identity. Sometimes the authentication is just to prove that you are a legitimate entity, such as a building access card that proves you are an employee or a license key that proves you are a paying software subscriber.

  • Something you are, or biometrics. Fingerprints, facial recognition, iris scans, and maybe someday DNA will be used to authenticate people to their computer applications.

Strong and Weak Authentication

Strong authentication usually implies that the authentication cannot be easily guessed or faked. Authentication technologies have varying abilities to perform their authenticating task. One of the metrics for determining the authentication strength is how hard it is to forge the authentication method.

Something you are and something you have are considered stronger forms of authentication than something you know. Passwords can be guessed and therefore are considered weak authentication. Forging an X.509 certificate (something you have) or duplicating a biometric (something you are) is not as easy. Consequently, digital certificates, token, and biometric authentications are considered strong authentication.

This isn’t meant to imply that passwords shouldn’t be used for authentication. You learned in Chapter 2 for information on how you can ensure that your database users are using strong passwords by implementing a password complexity routine and a password profile.

Multifactor Authentication

Have you ever been asked to present three forms of identification? It’s inconvenient, but it provides more security. This is because it’s easier to fake or forge single things than it is to fake or forge multiple things. Consequently, combining authentication methods has a similar effect and is generally considered a very good authentication practice. For example, the possession of an object combined with a password or PIN is considered strong authentication. Most bank customers can withdraw cash with possession of an ATM card and the associated PIN. In this example, the card acts as both the identifier (it contains your bank account numbers) as well as one of the factors for authentication. Simple possession of the card wouldn’t be sufficient because the card could be lost or stolen.

Generally speaking, the more methods you use for authentication, the higher assurance you have in the authentication. Two forms, or two-factor authentication, is better than a single-authenticating item, and three forms, or multifactor authentication, is better than two, and so on.

Best Practices for Secure Authentication

Just as it is important to protect sensitive user identifiers, it’s very important to protect user authenticators. Protecting the authenticators implies protection not only for the storage of the authenticator, but also security for the authenticator while it’s in transit.

You could employ strong authentication and lose a security battle to a hacker because the authentication channel you use or the manner in which the authentication credentials are stored isn’t secured. For example, biometric authentication is considered robust, strong authentication; however, compromising biometric authentication is more easily done not by plastic surgery, but by copying and replaying a biometric signature or altering the metadata that indicates whose biometric data is whose.

Encrypt Authenticators

Encryption is an important tool for securing authenticators. For example, let’s assume a user is authenticating with a fingerprint. If the fingerprint is passed over an unencrypted network channel, a hacker with a network sniffer could record the user’s identity and fingerprint. Later, the hacker could replay or submit the captured identity and fingerprint, thereby successfully spoofing the original user. With network encryption, a new key is used for each communication session. The key used in the first captured session can’t be re-used later. Replaying a captured encrypted biometric will not work using standard network encryption such as SSL.

Authenticators are at high risk because they are often traversing the computer networks. Encrypting network traffic is a good defense against authenticator copying and replaying. Encrypting the entire network stream provides optimal security. The encryption protects not only the authenticators, but also the identities of the users, the queries they submit, and the results returned. In Chapter 2 you saw that enabling Oracle’s network encryption will guard against these network risks for data going to and from the database. You should also be aware that Oracle doesn’t pass plaintext passwords over the network even when you aren’t using the network encryption.

Providing security for the authenticator storage is equally as important. Often, authenticators will be stored in an encrypted format to preserve the confidentiality of the authenticator.

Hashed Authenticators

When passwords are used for authentication, the passwords shouldn’t be stored in plaintext. Encryption seems to be the natural solution, but it’s not. Encryption, which is the process of converting plaintext into undecipherable text, implies decryption, which is the process of converting the undecipherable text back into plaintext. The golden rule of passwords is that they are never disclosed to anyone at anytime. Encrypting passwords, which allows for potential decryption, could allow this disclosure to occur.

To solve this, you use a technology called hashing. Hashing takes plaintext and converts it to undecipherable text. Unlike encryption, however, there is no way to unhash something. That is, there is no way to take a hashed value and determine what created that value. Hashing is called a one-way function because of this property. Another important property of hashing is that the same input to the hash will always generate the same output.

Password authentication occurs by hashing the password and storing the resulting hashed value. When the user enters a password to authenticate, you hash the user-supplied authentication value (their password) and compare this hashed result with the stored hashed value. If the hashed values match, then the inputs must also have matched, and therefore the passwords are the same.

The hashing process can be used for other authenticators in the same manner. Since the authenticators are never used for activities such as sorts, aggregate computations, and so on, hashing is a good solution for storing the authentication data.

Keyed hashing, which involves encrypting a hashed value, is often a better alternative than basic hashing as long as the key can be protected. You can see an example of how to build your own password-based authentication that uses these concepts in Chapter 13, which illustrates the uses of the DBMS_CRYPTO package.



Effective Oracle Database 10g Security by Design
Effective Oracle Database 10g Security by Design
ISBN: 0072231300
EAN: 2147483647
Year: 2003
Pages: 111

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net