In many aspects of security, the identity of an actor who can perform, or has performed, some action, is very important. We usually do not want, for instance, anyone other than the account holder to be able to withdraw money from a bank account.
The process of establishing identity is called authentication. The most basic form of authentication is for an entity to trust the claims made by another entity. This will bring little in the form of security, but is nevertheless the method often used between people in daily life. However, both in computer applications and in daily life, trusting the word of another only applies where the consequences of doing so are not so grave.
In order to perform authentication, two things are necessary. First, an identity must be unique. A bank account belonging to Fred Smith should not be available to anyone who happens to be named Fred Smith, but just to the Fred Smith who opened the account. Hence, something more than just the string ``Fred Smith'' is required. In daily life people often use middle names or initials to help reduce any ambiguity as to who the individual is that their name denote. There will probably be fewer Fred Constantinus Xavier Smiths than Fred Smiths. However, uniqueness is not guaranteed. To accomplish uniqueness, authorities in many countries assign a unique number to each individual.
The second thing necessary for guaranteeing that only the intended Fred Smith can access the bank account is that there must be a way by which a person claiming to be the Fred Smith can prove, or make sufficiently plausible, that he really is. The process of establishing this proof is called authentication. In a bank, Fred Smith would probably exhibit an identity card of some sort.
Let us examine the properties of an identity card. Which requirements must it meet in order to be the proof of identity we desire? First of all it must be difficult to forge. If anyone could create an identity card with little effort we can as well take the word of Fred Smith when he makes his claim to his identity in the first place. Secondly, we must implicitly trust the entity that can produce the card not to issue fake ones. Again, if it is possible to acquire an identity card with any contents desired, it is of no value, even though it might be next to impossible to forge. Finally, it must be possible to associate positively and uniquely the card with a certain individual. A card that anyone can use once obtained, for instance by finding a misplaced one or by outright stealing one, is also of little value. For the purpose of making this association possible, most ID cards use a combination of a picture and a signature of the legitimate bearer. The looks and signature of a person have the advantage that they are always present. However, it is not entirely impossible to steal them. A cunning person might through forgery skill and clever disguise be able to use the ID card of another person. Still, for most daily life situations, ID cards are deemed sufficient. This is an example of how benefits from a security measure must always be weighed against other factors. It would, for instance, be possible to achieve a more certain association between ID card and bearer if the card also included a finger print. However, even though it is perfectly possible to check a finger print electronically, it would be awkward and would require extra equipment and software. A tradeoff has to made between the benefits of introducing the extra security measure and the expenses and other negative consequences incurred by doing so.
A bank, for example, might not wish to seem not to trust its customers.
A natural question is if it is possible to create the equivalent of an ID card for use in computerized communications? The answer is yes, but it turns out that things are a bit more difficult than the simple issue of some document.
Figure 6.1: Authentication. A target authenticates a principal's
identity by validating credentials and associating credentials
with the principal.
Figure 6.1 shows the main entities in any authentication procedure. There is a principal that claims an identity and there is a target that must decide whether or not to believe in the claim. The means for making this decision are the credentials, the electronic equivalent of an ID card. The target believes the claimed identity to be authentic if the following conditions are met:
In the following we discuss each of these conditions in more detail.
Embodied in the concept of an authority is a component of trust. It would be enormously impractical for every application to have first hand knowledge about all principals. Instead, we introduce an authority that we believe in and trust to have this knowledge. When it is necessary to know something about a principal, an application takes the word of the authority.
To earn the necessary trust, all possible safeguards must be put on how credentials are issued. For instance, policies for a Certifying Authority (CA) that issues electronic credentials, usually requires that physical access to the machine where credentials are created is restricted to a few specially authorized persons. Furthermore, policy can dictate that the pass phrases necessary to operate the machine must be known only to one half by any one person, and that written copies of such phrases can only be stored in a sealed container in a secure place. In addition, such policies must include precise conditions for when a set of credentials can be issued, for example only to individuals personally known to two of the authorized operators of the authority.
The credentials themselves must meet two requirements: to be unforgeable and that they can be positively and uniquely associated with the intended principal.
Digital signatures can be used in order to meet both these requirements (digital signatures are discussed in some detail in section 6.1.4).
By letting the issuing authority electronically sign issued credentials, it is possible to verify that credentials originate from the proper place and not from someone else.
Identity alone is not sufficient to identify the originator. Identities are public. For instance, if Alice sends her identity to Bob, there is nothing to prevent Bob from using the identity Alice, perhaps while communicating with some third entity. There has to be a way in which it is possible to uniquely tie a given identity to some specific entity. In simple terms, there has to be a way of proving you are who you claim to be. For ID cards, the means for doing this are twofold, the card contains the photograph and the signature of the person identified by the card.
In a computer system, a principal can be associated with a set of
credentials using a digital signature scheme. In this process, a
special signed message is created where an authority places the
identity of a principal and a public key 
that it knows
corresponds to a secret key 
in the possession of the
principal. As explained in section 6.1.5, this
type of message is commonly referred to as a certificate.
Besides the identity, a certificate can include other credentials as
well.
A principal can associate herself with a certificate by proving she possesses the secret key that corresponds to the public key present in the certificate, for instance by signing a message with it. Then an authentication server can verify the message using the public key found in the directory certificate. A basic assumption for successful and secure authentication is that the entity identified in the certificate is the only entity in possession of the secret key.
However, far from all computer systems rely on digital certificates and signatures for establishing the association between principal and credentials. The most common method used today is passwords. Usually, the first thing a user logging into a computer system has to do is to provide her user identity. For instance, in a Unix system, the identity points out a set of credentials for the user that is represented by a line in the /etc/passwd file. A user provides proof of association with these credentials by providing a password that corresponds to the hashed version of the password present in the passwd-entry.
However, passwords often do not provide the desired level of security. Users tend to select passwords that are easy to remember but are easy to break. Password cracking programs for Unix systems are publicly available and usually succeed in guessing at least some passwords in an average user population just by using words and combinations of words from a dictionary. Furthermore, in many existing networks, passwords are sent in plaintext from client to server. For this reason, it is sometimes desirable to complement the use of passwords with other means for authentication or to use methods and authentication protocols that use passwords only to derive an encryption key that is used to protect authentication information sent over the network.
While a password is something a user knows, complementary means can also be based on something the user possesses. Common examples are smart-cards and cryptographic calculators. These implements suffer from the drawback that they may be lost or stolen. Other devices instead rely on biometric information such as facial features, fingerprints, retina patterns, and voice prints, that cannot be separated from the bearer. However, techniques like these all require specialized, and often expensive, equipment that can be difficult to interface to a particular type of computer used in an organization.
As set out previously, using the public key, an application can validate a set of credentials by checking the signature put there by the issuing authority. However, the question immediately arises as to how an application can know that the public key is really that of the authority, and not the one of a phony authority that has issued false credentials. The immediate solution is for the authority to also prove its identity, much in the same way as the principal is trying to do.
Using this scheme, one authority is vouched for by another, that is in turn vouched for by yet another, etc. This of course ultimately leads to an infinite regress. For this reason it is necessary that there exists a top level authority that is intrinsically trusted and where the public key is distributed in such a way that there can be no doubts about its validity.
In this section we have shown the principles for how an application can establish the identity of a principal using the electronic equivalent of an ID card. As we have seen, the basic problem is to be able to tie, uniquely, an identity to an entity. In the ID card example, this is achieved by tying the identity stated on the card to something that is unique and inseparable from the individual (appearance and signature). In the other familiar example mentioned, that of logging into a computer system, the most common way of corroborating that the claimed identity is the real one is for the user to provide a password. This works on the principle that only the legitimate user knows the password and that the password cannot be easily guessed. The system must somehow have been told how to associate a password with an identity. From these examples we can identify two principles for corroborating the identity of an entity. The first is to rely on something the entity has, (appearance, ability to write a signature). The other principle is to rely on something the entity knows, such as a password.
It is important to note that the complete and successful authentication is dependent on many links in a chain. As for any chain, the authentication procedure can only be as strong as its weakest link.