Code360 powered by Coding Ninjas X Naukri.com. Code360 powered by Coding Ninjas X Naukri.com
Table of contents
1.
Introduction
2.
Identification or Entity Authentication
3.
Objective of Identification Protocol
4.
Identification Protocol Basis
4.1.
Something Known
4.2.
Something Possessed
4.3.
Something Inherent
5.
Applications of Identification Protocol 
6.
Properties of Identification Protocol
7.
Frequently Asked Questions
7.1.
What exactly is entity authentication?
7.2.
What are the three different kinds of authentication?
7.3.
What exactly is an identification protocol?
7.4.
What are the properties of the Identification protocol?
8.
Conclusions
Last Updated: Mar 27, 2024

Introduction to Identification or Entity Authentication

Author Rashi
0 upvote
Master Python: Predicting weather forecasts
Speaker
Ashwin Goyal
Product Manager @

Introduction

Let's say you need to prove your identity to someone else. According to some, this can be done in one of three ways, depending on who you are, what you know, or what you have. This is the main foundation of identification, as we will see in this article.

Introduction to Identification or Entity Authentication

Throughout this article, the terms identification and entity authentication are used synonymously. There is a distinction between weak, strong, and zero-knowledge authentication. In the literature, identification sometimes refers to a claimed or stated identity, whereas entity authentication refers to a validated identity.

Identification or Entity Authentication

Entity authentication is the procedure by which each entity (the verifier) confirms the identity of another entity (the claimant) engaging in a protocol. This assurance is typically obtained by mandating the claimant to provide the verifier with verifying evidence of the claimed identity. The claimed identity can be presented to the verifier as part of the procedure or inferred from context.

Identification protocol is often used as a synonym for entity authentication. Still, it can also refer to claiming or stating an identity without offering the corroborating evidence required for entity authentication. When using this term, care must be taken to ensure that the correct interpretation is used.

Get the tech career you deserve, faster!
Connect with our expert counsellors to understand how to hack your way to success
User rating 4.7/5
1:1 doubt support
95% placement record
Akash Pal
Senior Software Engineer
326% Hike After Job Bootcamp
Himanshu Gusain
Programmer Analyst
32 LPA After Job Bootcamp
After Job
Bootcamp

Objective of Identification Protocol

Objective of Identification protocol

The outcome of an entity authentication protocol, from the perspective of the verifier, is either acceptance of the claimant's identity as authentic, i.e., completion with acceptance or termination without acceptance, i.e., rejection. The following are the specific objectives of an identification protocol.
 

  1. In the case of trustworthy parties A and B, A can successfully authenticate itself to B. Then B will complete the protocol after accepting the identity of A.
     
  2. Transferability: Reusing an identification exchange with A is impossible to impersonate A to a third party C successfully.
     
  3. Impersonation: The likelihood that any party C, different from A, following the protocol and playing the role of A, will cause B to complete and accept A's identity is negligible. In this context, negligible typically means "so small as to be of no practical significance"; the precise definition depends on the application.

Identification Protocol Basis

Entity authentication techniques can be divided into three main categories based on which of the following is used to secure the entity:

Identification Protocol Basis

Something Known

Some examples are shared passwords, sometimes used to generate a symmetric key. PINs and secret or private keys whose knowledge is demonstrated in challenge-response protocols.

Something Possessed

This is typically a physical accessory that functions similarly to a passport. Some of the examples are listed below:

  • Magnetic-striped cards
     
  • Chip cards (like smart cards or 1C cards)
     
  • Hand-held customized calculators (password generators).

Something Inherent

Methods that use human physical characteristics and involuntary actions like biometrics, such as handwritten signatures, voice, fingerprints, retinal patterns, hand geometries, and dynamic keyboarding characteristics, fall into this category.

Applications of Identification Protocol 

One of the primary purposes of identification, when an access privilege is linked to a specific identity, is to facilitate access control to a resource, such as:

  • Computer accounts can be accessed locally or remotely.
     
  • withdrawals from automated teller machines.
     
  • permissions to communicate via a communications port.
     
  • use of software applications.
     
  • physical access to prohibited areas or border crossings.
     

A password scheme used to gain access to a user's computer account is the most basic example of an access control matrix. Each resource has a list of associated identities, e.g., a computer account that authorized entities may access. Successful corroboration of an identity grants access to the authorized resources listed for that entity.

The motivation for identification in many applications, for example, cellular telephony, is to allow the resource usage to be tracked to the identified entities, allowing appropriate billing. Identification is also commonly required in authenticated key establishment protocols.

Properties of Identification Protocol

Identification protocols can have a variety of properties. Users are interested in the following properties:
 

  1. Identification reciprocity: One or both parties may confirm their identities to the other. Also, allows for mutual or unilateral identification. Some techniques, like fixed-password schemes, may be vulnerable to an entity impersonating a verifier to obtain a claimant's password.
     
  2. Computation Efficiency: The number of operations needed to carry out a protocol.
     
  3. Effective communication: Includes the number of passes (message exchanges) and the required bandwidth (total number of bits transmitted).
     
  4. Involvement of a third party in real-time: Examples of third parties include an online trusted third party distributing standard symmetric keys to the entities for authentication purposes and an online (untrusted) directory sendee distributing public-key certificates supported by an offline certification authority.
     
  5. Trust required in a third party: For example, relying on a third party with access to an entity's private key to correctly authenticate and link the entity's name to a public key.
     
  6. Security guarantees: Provable security and zero-knowledge properties are two examples.
     
  7. Secrets storage: This includes the location and method of storing critical keying material (e.g., software only, local disks, hardware tokens, etc.).

Frequently Asked Questions

What exactly is entity authentication?

The procedure of assuring the identity of an entity engaging with a system (e.g., to access a resource).

What are the three different kinds of authentication?

There are three authentication factors: Something you know is a password or PIN. Something you have is a token, such as a bank card, and something you are is biometrics, such as fingerprints and voice recognition.

What exactly is an identification protocol?

An identification protocol generally consists of claimant A and verifier B. The verifier is presented with or assumes the claimant's purported identity beforehand. The goal is to confirm that the claimant's identity is indeed A, i.e. A provides entity authentication.

What are the properties of the Identification protocol?

Identification reciprocity, computation efficiency, and effective communication are a few of the main properties of identification protocol.

Conclusions

In this blog, we have learned about Entity authentication or Identification. Also, we learned what the Identification Protocol’s basis, applications and properties are.

If you want to learn more, check out our articles on What is the Rabin Cryptosystem?Message Authentication Codes in CryptographyNested MACs and HMAC in Cryptography, and CBC-MAC in Cryptography.

You can also refer to our guided paths on Coding Ninjas Studio to learn more about DSA, Competitive Programming, JavaScript, System Design, etc. Enrol in our courses and refer to the mock test and problems available. Take a look at the interview experiences and interview bundle for placement preparations.

Happy Learning!

Next article
Enter Your Password and Make Sure it is Strong
Live masterclass