Authentication: From Passwords to Public Keys - Softcover

Review

One of the key problems of computer security is that of guaranteeing that an entity (person or system) really is who he, she, or it claims to be. Authentication procedures may be very trusting (as for "guest" accounts with limited capability), moderately strong (your bank requires both a physical card and a PIN before it will dispense money from an ATM), or nearly foolproof (biometric devices, which examine--to cite two examples--retina scans or fingerprints). Authentication: From Passwords to Public Keys examines the whole range of authentication options and offers advice on which one might be right for your security requirements, budget, and tolerance for user inconvenience. As the "public keys" part of the title implies, this book also deals with some aspects of encryption.

Rather than present a menagerie of security techniques and explain their strengths and weaknesses in an academic way, Richard Smith demonstrates the strength of protection mechanisms in the only way that counts--he shows how they can be defeated, and at what expenditure of effort. He's also made lists of attacks, complete with assessments of the popularity of each and the particular risk it poses, and a similar list of defenses. Margin notes refer to list entries by number, so it's easy to see what problems and solutions are covered in a given passage of text--though there's no index of references to attacks and defenses by number. --David Wall

Topics covered: How to defend computer systems, primarily through the application of identity-verification techniques. Those covered include passwords (including the randomly generated kind, and their hashes), authentication by machine address, biometric examination, smart cards, and RSA public-key cryptography.

From the Back Cover

Computer access control is an ongoing challenge. Left to themselves, computers tend to treat one user no differently than another. Computers use authentication to confidently associate an identity with a person. Authentication: From Passwords to Public Keys gives readers a clear understanding of what an organization needs to reliably identify its users and how different techniques for verifying identity are executed.

Authentication is one of the basic building blocks of security. To allow a computer system to distinguish between legitimate users and others, most sites give passwords to authorized users. Unfortunately, just as car thieves have found ways to defeat sophisticated locks and alarms, computer hackers are always finding new ways to circumvent password systems. The good news is that organizations now have available to them a broad range of alternatives to passwords, and a variety of ways to make passwords safer. A well-designed authentication system allows users to prove their identities conveniently and gain access to the network without threatening the safety of the organization.

The first of its kind, Authentication describes the entire range of authentication methods used today. It examines situations in which certain techniques fail and points out ways to strengthen them. Network professionals, designers, developers, administrators, planners, and managers will find in these pages the authentication strategy to protect their valuable systems. Through diagrams and examples, the author thoroughly explains the technical concepts behind authentication, focusing on existing, off-the-shelf solutions to security problems.

Authentication highlights real products and solutions. If you are a network professional searching for the how and why of computer authentication, this is the book that will help you prevent unauthorized access on your network.