====== 4.3.4.4 Authenticity ====== [[dido:public:ra:1.4_req:2_nonfunc:25_security | Return to Securability ]] ===== About ===== [[dido:public:ra:xapend:xapend.a_glossary:a:authenticity]] is a property indicating the source and origin of the information(( Authenticity, __Computer Security Resource Center (CSRC)__ Accessed 14 August 2020, [[https://csrc.nist.gov/glossary/term/authenticity]] )). The process of authenticating a source starts when an [[dido:public:ra:xapend:xapend.a_glossary:e:entity|entity]] (i.e., user, remote process, intelligent agent, etc.) attempts to access resources on a [[dido:public:ra:xapend:xapend.a_glossary:c:computerplaform]]. The entity proves their identity in order to gain access rights. For example, traditionally when logging into a computer, users use a [[dido:public:ra:xapend:xapend.a_glossary:s:sfa]] by providing a ''usernames'' and ''passwords'' to confirm their identity to allow future [[dido:public:ra:xapend:xapend.a_glossary:a:authentication|authentication]] for access to resources. However, this ''usernames'' and ''passwords'' login combination is no longer considered secure enough, especially if there are poor [[dido:public:ra:xapend:xapend.a_glossary:c:securityculture]]. As a consequence, many systems have added [[dido:public:ra:xapend:xapend.a_glossary:t:2fa]] that require [[dido:public:ra:xapend:xapend.a_glossary:b:biometrics]] (i.e., facial recognition, fingerprints, etc) or [[dido:public:ra:xapend:xapend.a_glossary:o:otp]]. These 2FA methods generally require the user to be physically present to successfully login. [[dido:public:ra:xapend:xapend.a_glossary:p:pki]] is generally used to connect servers and clients or even nodes that have no user present to perform the SFA or the 2FA methods of authentication. It is often incorrectly used as a synonym for [[dido:public:ra:xapend:xapend.a_glossary:e:encryption]]. Encryption is an algorithm used to encrypt and decrypt data. PKI is an infrastructure built around asymmetric encryption with two [[dido:public:ra:xapend:xapend.a_glossary:k:key|keys]]: public and private. PKI is used extensively to securely transfer data between [[dido:public:ra:xapend:xapend.a_glossary:n:netnode | Network Nodes]]. In the PKI infrastructure, entities (i.e., AAA and BBB) exchange [[dido:public:ra:xapend:xapend.a_glossary:p:public_key|public keys]]. To exchange information, one entity (i.e., AAA) encrypt a document using the other entities (i.e., BBB) public key. Anyone can receive the document encrypted by AAA using BBB's public key, but it remains encrypted until BBB uses the [[dido:public:ra:xapend:xapend.a_glossary:p:private_key|private key]] in the PKI to decrypt the document. PKI is the backbone of most of the major secure document exchange sites. Some examples are(( __How Does PKI Work ?__, Venafi, Accessed 14 August 2020, [[https://www.venafi.com/education-center/pki/how-does-pki-work]] )): * Securing emails - Email Security (S/MIME Protocol) * Securing web communications - Website Security \\ • [[dido:public:ra:xapend:xapend.a_glossary:h:https]] \\ • [[dido:public:ra:xapend:xapend.a_glossary:s:ssl]] \\ • [[dido:public:ra:xapend:xapend.a_glossary:t:tls]] * Secure Shell Protocol (SSH) * Digitally signing software, applications or data * Encrypting and decrypting data * [[dido:public:ra:xapend:xapend.a_glossary:s:smart_card]] authentication * [[dido:public:ra:xapend:xapend.a_glossary:s:simcard]] * [[dido:public:ra:xapend:xapend.b_stds:tech:iso:7816]] ===== DIDO Specifics ===== [[dido:public:ra:1.4_req:2_nonfunc:25_security:authenticity| Return to Top]] : To be added/expanded in future revisions of the DIDO RA /**=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- /* To add a discussion page to this page, comment out the line that says ~~DISCUSSION:off~~ */ ~~DISCUSSION:on|Outstanding Issues~~ ~~DISCUSSION:off~~