Authentication (2)

❖ Procedure of authentication 1. Open System Authentication

In this open system authentication, you can say there is no “authentication” that occurs because the client can be directly connected to the AP (Access point). After the client goes through the open system authentication and Association process, the client is allowed to send data through the AP but the data sent will not be continued by the AP into the network.

If WEP security is activated, the data sent by the Client must be encrypted with the WEP Key. If it turns out that the WEP Key setting on the client is different from the WEP Key setting on the AP (Access Point), the AP will not recognize the data sent by the client which results in the data being discarded (lost).

So even though the client is allowed to send data, but the data will still not be able to go through the AP network if the WEP Key between the Client and AP is not the same.

2. Shared Key Authentication (WEP) As with open system authentication, Shared Key Authentication requires clients to know the passphare key before allowing to connect to the AP. So if the client does not know the “Key” then the client will not be able to connect to the Access Point.

In Shared Key Authentication, the WEP security method is also used. In the Authentication process, the Shared Key will “lend” the WEP Key used by the WEP security level, the client must also enable WEP to use the Shared Key Authentication.

Checking the WEP Key in the shared key authentication process is done by the Challenge and response method so that there is no process for transferring the WEP Key password.

❖ The use of authentication control 1. Single-factor authentication Single-factor authentication is the simplest form of authentication methods. With SFA, a person matches one credential to verify himself or herself online. The most popular example of this would be a password (credential) to a username. Most verification today uses this type of authentication method.

The risk of SFA, especially when the identifier is a vulnerable password, o Password Reuse One of the recommendations any cybersecurity expert will give is to avoid reusing passwords across multiple accounts. However, when users must maintain long and complex passwords across several accounts, they tend to reuse their passwords verbatim or with small variations.

o Simple Password Password are inherently flawed, users rely on memory therefor will underestimate the need for higher security choosing simple passwords that can be easily guessed or social engineered. As computing power becomes increasingly available at affordable prices, attackers find it easier to break into accounts through brute-force methods, such as testing every possible combination in super-rapid succession to find the right password.

2. Two-factor authentication Two-factor authentication uses the same password/username combination, but with the addition of being asked to verify who a person is by using something only he or she owns, such as a mobile device. Putting it simply: it uses two factors to confirm an identity.

❖ Examples of authentication in everyday life – Enter your username and password when you want to log in social media – Enter a PIN for ATM or mobile banking – Smartcard that is used together with smartcard-reader and PIN or password – Random codes that change each time a user accesses the system sent via SMS and is used together with a PIN or password – Absent employees using fingerprints, and etc.

❖ How to deal with theft The things that must be considered to maximize the safety and effectiveness of this method are: 1. Uses an encrypted postage system. In this way, the new password is sent after it has been modified based on the current time. 2. Using the challenge-response (CR) system, where the password we give depends on the challenge from the server. It can be analogous that we prepare a list of different responses to

the questions / challenges given by the server. To memorize so many passwords is not easy, so it will be easier if the memorization is a rule to change the given challenge into a response (so it is not random). For example our rule is: “Capitalize the fifth letter and delete the fourth letter”, then the password that we provide is MxyPtlk1W2 to challenge the Mxyzptlk1W2 system. 3. The keys from the Certification Authority are well protected, such as stored in the Hardware Security Module, and the backup key is physically secure and stored offline. 4. The computer that the user uses to access the system is certain to be safe and not vulnerable. This can be achieved by updating anti-virus programs and using firewalls and IDS, 5. Users get information visually every time there is an access request that requires the user to enter a PIN or password so that they can detect incorrect access requests, 6. The user does not leave the smartcard in the reader. To make it safer, contactless smartcards can be used, 7. Smartcard storage capacity is made as small as possible so that applications contained on the smartcard cannot break through system security, 8. The validity of the code sent to the cell phone is set to be as small as possible 9. Users are told to report if their cell phone is lost or stolen, or if the user changes their phone number 10. The computer that the user uses to access the system is certain to be safe and not vulnerable. This can be achieved by updating anti-virus programs and using a firewall and IDS. 11. Users get information visually every time there is an access request that requires the user to enter a PIN or password so that they can detect incorrect access requests. 12. A good reader and biometric software must be used to minimize the risk of negative and positive errors.

Source:

• https://www.utilizewindows.com/types-of-authentication/
• https://www.okta.com/security-blog/2019/02/the-ultimate-authentication-playbook/
• https://en.wikipedia.org/wiki/Authentication
• https://www.centrify.com/blog/sfa-mfa-difference/
• https://doubleoctopus.com/security-wiki/authentication/single-factor-authentication/
• http://rantrianggraini12.blogspot.com/