Authentication technologies in cybersecurity play an important role in identification, authentication, authorization, and non-repudiation of an entity. The authentication process in cybersecurity, which is considered to be one of the weakest links in computer security today, takes many forms as new technologies such as cloud computing, mobile devices, biometrics, PKI, and wireless are implemented. Authentication is the security process that validates the claimed identity of an entity, relying on one or more characteristics bound to that entity. An entity can be, but is not limited to, software, firmware, physical devices, and humans. The course explores the underlying technology, the role of multi-factor authentication in cyber security, evaluation of authentication processes, and the practical issues of authentication. Several different categories and processes of authentication will be explored along with password cracking techniques, key logging, phishing, and man-in-the-middle attacks. Examples of authentication breaches and ethical hacking techniques will be explored to examine the current technologies and how they can be compromised. Case studies of authentication system implementation and their security breaches are presented. Federated authentication process over different network protocols, topologies, and solutions will be addressed. Related background is developed as needed, allowing students to gain a rich understanding of authentication techniques and the requirements for using them in a secure environment including systems, networks, and the Internet. Students will present a research project that reflects an understanding of key issues in authentication.
695.401 Foundations of Information Assurance. 695.421 Public Key Infrastructure and Managing E-Security is recommended.