Authentication is the process of ascertaining a user’s identity before authorizing access to a network’s resources. The said user has to provide certain unique information such as a password or a token which is then matched to the system’s database for the purpose of authentication.

Authentication factors are generally classified into three categories which are:

  • Knowledge – something you know
  • Inherence – something you are
  • Possession – something you possess

Knowledge-Based Authentication

Knowledge-based authentication models require you to provide some personal credentials created by and unique to the users themselves. Passwords, passphrases, screen patterns, PINs, security questions, etc. This is the most common type of authentication and it is used across various sectors.

The weakness of this model is that it assumes that the provision of personal information is enough proof of identity. And time and again it has failed. A cyber attacker could pose and carry out transactions as you by stealing your password or PIN.

Moreso, knowledge-based authentication is mentally-tasking. Internet users have to remember several passwords and PINs for every system they have access to. In lieu of this, many users simply use the same passwords across multiple systems, thereby compromising security by making it easy for attackers to strike.

Inherence-Based Authentication

Biometrics fall under this category. Inherence-based authentication relies on your unique physical (read genetic) characteristics such as fingerprints, voice, face, retina, iris, etc. to authenticate your identity. Unlike knowledge-based authentication, inherence-based models don’t request anything from a user. The latter provides more seamless authentication, boosting user experience.

Biometrics authentication is also more secure because they are non-transferable and are almost impossible to be hacked. For instance, the chance of two people having the same fingerprints is one in 64 billion. Throw in other factors and you have an impregnable system. Also, biometrics is sometimes combined with passwords/PINs, multiplying the security of the system.

However, on the part of the authenticating system/company, using this model will definitely require some special scanning technology. This, of course, requires significant cost. And for the ease that users experience during authentication, very technical processes have been undergone in the background. In addition, biometrics is not entirely secure, especially under certain conditions. For instance, in the case of a data breach, administrators can be effectively locked out of a system and they would be without any means of remote access.

Possession-based authentication

Possession-based authentication work in the same way you own a key to a lock. But in cybersecurity parlance, the key is referred to as a token. To gain access to a network, users are required to obtain a computer-generated code (called a token). Usually, token authentication works as an extra layer of security together with a password or PIN authentication.

Tokens provide a higher level of security because, for a third-party to hack an account, they have to be in possession of the token device (such as a dongle) at the time the authorized user is seeking access into the network. Token authentication is not unhackable, but it would require a lot of fortitude, expertise, and perhaps a bit of luck for a hacker to launch a successful attack.

Also, token-based authentication, on the web, may be used instead of password authentication. Because web protocols are stateless, users have to supply their password or PIN every time they try to access a network resource. As against this, with tokens, the system only requires one-time authentication. The token proves that you already have prior permission and there is no need to revalidate your identity every time.

Multi-factor Authentication

Because no singular authentication model is 100% secure, it is now the norm to use layers of authentication requirements. Multi-factor authentication involves the combination of two or more layers of authentication to increase the security of authentication.

Besides the three classes of authentication explained above, there are a few others including location and time-based authentication. However, these other factors are combined with the main models in MFA.

However, it seems enterprise cybersecurity has unlocked a more secure authentication framework.

Zero-Trust Security

One of the enviable aspects of aviation development (including its cybersecurity) is the DO-178C approach to risks. It’s not an outrightly zero-trust approach, but the process is still closely guarded enough to prevent unauthorized users from undue access.

Basically, zero-trust refers to a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access.

With regards to authentication and zero-trust security, the leading technology is the Software-Defined Perimeter (SDP). An SDP creates a boundary around a network’s resources, granting access on a need-to-know basis. That is, to gain access, a user needs to prove their identity. This is contrary to traditional models (especially knowledge-based and possession-based models) which, in reality, authenticate devices, rather than the users themselves.

In addition, one point of failure in all the traditional authentication models (including biometrics) is that, upon authentication, users gain access to a broad network of resources, irrespective of whether they need them at the moment or not. SDP resolves this challenge by only granting users access to the set of resources needed currently to perform their duty. This helps to ensure data loss prevention.

Read more: