[cap-talk] Definition of Authentication on wiki.erights.org

[David-Sarah Hopwood]

Rob Meijer wrote:
> On Sun, September 6, 2009 09:13, Matej Kosik wrote:
>> Rob Meijer wrote:
>>> I disagree. The validation of the authenticity and integrity properties
>>> of this object authenticate the object. This example thus shows that your
>>> definition is flawed.
>>
>> I am glad that we know exactly why we disagree (not just that we
>> disagree).
>>
>> It seems to me that you equate `authentication' with a more general term
>> `verification'. I (and at least David-Sarah ?) distinguish between them.
>> If we already have the term `verification' there is no need to create
>> multiple synonyms for it and use them interchangingly. That's confusing.
> 
> I do distinguish between authentication and validation, where it seems
> that authentication is a subset of the much broader term validation, just
> not the narrow 'identity centric' subset that you are defining.
> 
> It seems to me that 1 is a perfect definition for 'identification', not
> for authentication.
> 
>   validation > authentication (3) > identification (1)
> 
> (2 was just an other partially overlapping subset of 3, so lets further
> ignore my 2 and focus on Alan's 3 vs 1)

Well, I agree with the ordering of terms in generality, but I can't
agree that 3) is a definition of authentication, nor can I agree that
1) only (or even; see below) covers identification. I'll leave the
former disagreement to another post, and deal with the latter here.


The perception that 1) only covers identification may be due to a
narrower-than-intended interpretation of the meaning of "principal".
The concept of "principal" covers any possible categorization of
entities that can be at the end of a communication channel. Such a
categorization doesn't have to be by "identity".

In fact, we don't know how to reliably authenticate based on identity.
What we know how to do is to authenticate based on knowledge (of a
private key, a password, a password reset question, etc.)
Authentication based on possession of a physical device such as a
smartcard also works only because that device "knows" some key.
(Biometrics vendors will tell you that they can authenticate based
on properties of a person's body, although IMO they haven't
demonstrated that it is feasible to avoid unacceptable false
positive and negative rates in realistic use.)

Another approach to authentication is based on the assumption that
only certain entities have the ability to manufacture physical
objects with certain observable properties (for example, banknotes
with watermarks, fine printing, and interleaved metallic strips);
at least not at a cost that would make the authentication system
worthwhile to attack. Such assumptions are increasingly dubious but
have worked adequately so far in some contexts.

Authentication is almost always performed using one of the approaches
described above, but in principle there might be others, so let's
generalise and call whatever is necessary to authenticate as a given
principal, a "credential". Unlike identity, most credentials can be
deliberately shared, or they can be compromised. It's possible to
use possession of a credential as an approximation to identity only
to the extent that the identified entity has both the ability, and
sufficient incentive, not to share that credential with other
entities. (By definition, those other entities would then have to be
considered part of the *same* principal.)

The observation that leads to definition 1) is that credentials
can be authenticated after having been transmitted over some
channel (where "transmitted" includes both physical movement and
information transfer). In fact, they will always have been
transmitted, even if only over a short distance, since the entity
that is performing the authentication is always in a different
place to the entity that is being authenticated.

This is relevant to any security analysis of an authentication
mechanism, because the transmission channel will need to be studied
to see whether it is reasonable to conclude that it cannot be
intercepted or hijacked -- that is, that we can continue to
securely interact with a principal that has been authenticated
over that channel.

(On reflection, I think definition 1) should be changed to say
"transmission channel" instead of "communication channel" and
to make it clearer that transmission includes physical movement.)


The gist of the above argument is that we can't really do
*identification* -- or at the very least, we are not actually
doing identification in most of the protocols that claim to be
doing it. So, we probably don't need the term "identification"
very much, and in any case it is not what is defined by
definition 1).

-- 
David-Sarah Hopwood  ⚥  http://davidsarah.livejournal.com