The first version of this article was sended to comp.security.misc (98/12/09).

Authenticators must be chosen, protected, used for elimination of concrete security threats. They must have an appropriate properties considering main factors of the process of I&A.

Introduction

The study [1] noted that, "Users' identities are verified using one of three generic methods: something they know (type 1), something they have (type 2), or something they are (type 3). - One would expect greater assurance from a combination of type 1 and type 2 mechanisms than either used alone. Likewise, type 3 may provide more assurance than the combination of types 1 and 2 together. - Direct comparisons of strength relationships are not possible unless one knows the exact implementation mechanism; however, one can theorize that some such relationships are likely. One might argue that type 2 is stronger than type 1 in terms of assurance, and type 123 is probably stronger than type 12. Singular mechanisms may offer the needed assurance at lower levels, whereas higher levels may require combinations to achieve adequate assurance."

Security threats

In this article, I study of the properties of authenticators used alone - elementary authenticators. The user submites an authenticator as the proof of identification. An authentication system accepts or rejects this proof. Two basics security threats are connected with the process of I&A:

The special case of false acceptance is the acceptance of the proof of ability submited a non-ability person.

Generally, there is not a stronger kind of authenticators than the other. In practice, authenticators must have appropriate properties considering main factors of the process of I&A - entity, protected resource, type of identification, environment, authentication system, kind of authenticators, intruder, time.

Main factors

... and examples of their effects on the properties of authenticators.

Identity of identical twins can not be determined with DNA analysis.

Ability of the commander of a gun system would be verified using an action connected with an decisions rather than keystroke latencies - a hurting finger can lead to false rejection.

Identity can be verified using a signal (every entity), a parameter (material entity), an action (active material entity), an emotion (person). Collective identity can be verified using a signal (every entity), an emotion (person). Ability (and identity) can be verified using an action (active material entity).

As [1] notes, "If an intruder interposes himself between authentication entry and authentication system then either making the authenticator be one-time, or protecting the path between authentication entry and authentication system."

False rejection and false acceptance are associated currently with the accuracy of biometric devices.

A signal can be shared, transmited, duplicated, stolen, lost. A parameter can be scanned outside the process of I&A. An action can be scanned only during of the process of I&A. An emotion can not be duplicated, transmited, stolen, lost.

The detection of an intruders attack would be followed by a new evaluation of effects the other factors. This new evaluation would be apply to every information system where similar factors are in affect.

Change in any of listed above factors can cause a change of properties of authenticators. Another effect of time: Property of authenticator can be "it is long-life".

Conclusion

Authenticators are the tools of protection against threats of false acceptance and false rejection. Compare kinds of authenticators without taking account of concrete factors of process I&A is nonsense. It is nonsense to refuse some authenticators a priori, too.

Literature
1. Guide to Understanding I&A. NCSC-TG-017 Library No. 5-235,479. Version 1.