Authentication and Access Control: Practical Cryptography Methods and Tools

Cybersecurity is a critical concern for individuals and for organizations of all types and sizes. Authentication and access control are the first line of defense to help protect you from being attacked.

This book begins with the theoretical background of cryptography and the foundations of authentication technologies and attack mechanisms. You will learn about the mechanisms that are available to protect computer networks, systems, applications, and general digital technologies.

Different methods of authentication are covered, including the most commonly used schemes in password protection: two-factor authentication and multi-factor authentication. You will learn how to securely store passwords to reduce the risk of compromise. Biometric authentication--a mechanism that has gained popularity over recent years--is covered, including its strengths and weaknesses.

Authentication and Access Control explains the types of errors that lead to vulnerabilities in authentication mechanisms. To avoid these mistakes, the book explains the essential principles for designing and implementing authentication schemes you can use in real-world situations. Current and future trends in authentication technologies are reviewed.

What You Will Learn

• Understand the basic principles of cryptography before digging into the details of authentication mechanisms
• Be familiar with the theories behind password generation and the different types of passwords, including graphical and grid-based passwords
• Be aware of the problems associated with the use of biometrics, especially with establishing a suitable level of biometric matching or the biometric threshold value
• Study examples of multi-factor authentication protocols and be clear on the principles
• Know how to establish authentication and how key establishment processes work together despite their differences
• Be well versed on the current standards for interoperability and compatibility
• Consider future authentication technologies to solve today's problems

Who This Book Is For

Cybersecurity practitioners and professionals, researchers, and lecturers, as well as undergraduate and postgraduate students looking for supplementary information to expand their knowledge on authentication mechanisms

資訊安全對個人和各種規模的組織來說都是一個重要的關注點。身份驗證和存取控制是第一道防線，幫助保護您免受攻擊。

本書從密碼學的理論背景和身份驗證技術的基礎以及攻擊機制開始。您將了解可用於保護計算機網絡、系統、應用程序和一般數字技術的機制。

本書涵蓋了不同的身份驗證方法，包括最常用的密碼保護方案：雙因素身份驗證和多因素身份驗證。您將學習如何安全地存儲密碼以減少風險。本書還介紹了生物特徵身份驗證，這是近年來越來越受歡迎的機制，包括其優點和缺點。

《身份驗證和存取控制》解釋了導致身份驗證機制漏洞的錯誤類型。為了避免這些錯誤，本書解釋了在實際情況中設計和實施身份驗證方案的基本原則。本書還回顧了當前和未來的身份驗證技術趨勢。

您將學到什麼：
- 在深入研究身份驗證機制的細節之前，了解密碼學的基本原則
- 熟悉密碼生成背後的理論和不同類型的密碼，包括圖形和基於網格的密碼
- 了解使用生物特徵的問題，特別是建立適當的生物特徵匹配水平或生物特徵閾值
- 學習多因素身份驗證協議的示例，並清楚了解其原則
- 知道如何建立身份驗證以及密鑰建立過程如何共同工作，儘管它們之間存在差異
- 熟悉當前的互操作性和兼容性標準
- 考慮未來的身份驗證技術來解決當今的問題

本書適合對象：
- 資訊安全從業人員和專業人士、研究人員和講師，以及本科和研究生學生，尋求補充信息以擴展他們對身份驗證機制的知識。

Sirapat Boonkrong has more than 15 fifteen years of experience in the field of information security as a student, researcher, and lecturer. After spending more than 10 years getting his education from high school to PhD in the UK, Sirapat began his career in 2006 as a full-time researcher at the National Electronics and Computer Technology Centre, Thailand. He then moved into full-time teaching at King Mongkut's University of Technology North Bangkok, Thailand and stayed there from 2009 to 2017. Sirapat is currently a full-time lecturer at the School of Information Technology and DIGITECH at Suranaree University of Technology, Thailand. His main teaching and research interests are in cyber security, authentication technologies, and cryptographic protocol design.

Sirapat Boonkrong在資訊安全領域擁有超過15年的經驗，曾擔任學生、研究員和講師。在英國完成高中到博士學位的教育後，Sirapat於2006年開始在泰國國家電子與電腦技術中心擔任全職研究員。之後，他轉入泰國北曼谷工業大學全職教學，並在那裡待了2009年至2017年。目前，Sirapat是泰國素拉那底工業大學資訊技術學院和DIGITECH的全職講師。他主要的教學和研究興趣包括網路安全、身份驗證技術和密碼協議設計。