***
< [Home](https://github.com/SeanOhAileasa) | [README](https://github.com/SeanOhAileasa/syp-architecture-and-design/blob/main/README.md) >

## CompTIA Security+ - Course Material 2022
###### Topic: ``Multi-factor Authentication``
***

Course material for the ``CompTIA Security+`` module of the ``ICT Associate Apprenticeship (Cybersecurity)`` programme.

<a id="top"></a>
***
## Table of Contents
***

### [Multi-factor Authentication](#a) <br/><br/>

- [Authentication Authorization Accounting Framework](#b) <br/><br/>
    - [``AAA``](#b) <br/><br/>
- [Authentication](#c) <br/><br/>
    - [Cloud-based](#c) <br/><br/>
    - [On-Premises](#c) <br/><br/>
- [Multi-factor Authentication](#d) <br/><br/>
    - [Factors](#e) <br/><br/>
        - [``Something you Know``](#e) <br/><br/>
        - [``Something you Have``](#f) <br/><br/>
        - [``Something you Are``](#g) <br/><br/>
    - [Attribute](#h) <br/><br/>
        - [``Somewhere you Are``](#h) <br/><br/>
        - [``Something you Can Do``](#i) <br/><br/>
        - [``Something you Exhibit``](#j) <br/><br/>
        - [``Someone you Know``](#k) <br/><br/>
            - [Cryptography](#k) <br/><br/>
                - [Certificates](#k) <br/><br/>
                - [Digital Signature](#k)
<hr width=50%;>

***
## END

< [Table of Contents](#top) | [References](#references) >
<a id="a"></a>
***
### Multi-factor Authentication
***

< [Table of Contents](#top) | [References](#references) >
<a id="b"></a>
***
###### Authentication Authorization Accounting Framework - ``AAA``
***

We’re all familiar with the process of authenticating into a system, usually you use a username, a password, and perhaps some other type of authentication factor to gain access - this is often combined with what we call the ``AAA`` framework, this is ``Authentication, Authorization, and Accounting``.

This starts with ``Identification``, the process of proving we are who we say we are - this is commonly a username that we would provide during the login process, and that username is one that associates an account with us, as an individual.

It’s one thing to say that you are who you say you are, but you also have to prove that during the ``Authentication`` process - this is commonly done by using some type of authentication factor, such as a password, a biometric factor, or one of the many other authentication factors discussed in this notebook. 

Once you’ve now, proven that you are who you say you are, now we need to determine what you would have access to - this ``Authorization`` process may allow you access to a particular file share, or it may allow you to print to a particular printer.

The last ``A`` in the ``AAA`` framework is ``Accounting`` - this is keeping track of exactly who may have authenticated onto a network.

![image.png](attachment:image.png)

< [Table of Contents](#top) | [References](#references) >
<a id="c"></a>
***
###### Authentication - Cloud-based - On-Premises
***

There are a number of different ways to provide this authentication process, some are in the cloud, and some are on premises.

![image.png](attachment:image.png)

A ``Cloud-based`` authentication is often going to involve a third party to manage that platform - will have that service provided by a Cloud service provider, and we will simply use that service as part of the authentication process - this is usually a centralized platform in the Cloud that can be accessed from anywhere in the world and it might often include an API integration so that we can have applications access this and provide the same authentication to the same centralized database. There might also be the ability to add on additional options in the Cloud that we can turn on and turn off as we need them.

On-premises, or ``On-prem`` authentication system would be one in our local data center - this would require our own internal staff to be able to monitor and configure anything associated with this authentication system and if there are users on the outside of our network that still need to authenticate through our internal system, we need to make sure there are processes in place for them to be able to provide that authentication.

< [Table of Contents](#top) | [References](#references) >
<a id="d"></a>
***
###### Multi-factor Authentication
***

When we are authenticating into a system, there are a set of factors that we would use - those three factors are:

> ``something you know``

> ``something you have``

> ``something you are``

Can add on to those factors, some attributes - those attributes would be:

> ``somewhere you are``

> ``something you can do``

> ``something you exhibit``

> ``someone you know``

An authentication factor is comparing a characteristic to what you know is associated with an individual. 

An authentication attribute is a bit more fluid - it may not necessarily directly be associated with an individual, but we can include these with other authentication factors to help prove someone’s identity.

< [Table of Contents](#top) | [References](#references) >
<a id="e"></a>
***
###### Multi-factor Authentication - Factors - ``Something you Know``
***

The authentication factor of ``something you know`` is something that’s in your brain, and only you happen to know what this particular value is. 

One of the most common things that we know is a password and we commonly use a username and password to be able to gain access to a system but we could also use a personal identification number, similar to the numbers you would use at an automatic teller machine for example - this is something that is not usually written down anywhere - this is also something that’s in your brain and something that you know.

On many mobile phones, you also have the option to use a particular pattern that you’ve memorized - this is very similar to a password you might have memorized, but instead you’ve memorized a set of patterns that’s on the screen, and you can duplicate those patterns to gain access to your phone. 

![image.png](attachment:image.png)

< [Table of Contents](#top) | [References](#references) >
<a id="f"></a>
***
###### Multi-factor Authentication - Factors - ``Something you Have``
***

Another authentication factor is ``something you have`` - this is usually a device or some type of system that is near where you happen to be - something like a smart card for example, would be a card that we keep with us - this is sometimes even a card that’s also used as identification, and this might integrate into other devices by sliding it into a smart card reader - these are usually used in conjunction with a personal identification number so that you’re using not only something you have, but you’re combining it with something you know.

![image.png](attachment:image.png)

Another factor of something you have might be a USB token, where we might have a certificate that’s loaded on this USB drive, and you have to provide that certificate to be able to gain access to a system. 

Since you are the only one who has this USB token, and that certificate is not on any other USB drive, it’s assumed that this would be something that you would have with you.

![image.png](attachment:image.png)

If ever carried around one of these hardware-based pseudo-random number generators, then you’re familiar with something you have - there are also software based versions of these that can be loaded on a mobile phone, and in both of those situations, it would be something you have.

![image.png](attachment:image.png)

Another common factor of something you have might be your phone itself. 

It’s common to send an SMS message or text message to your phone, and if you have your phone you’re able to repeat that text message back during the authentication process.

< [Table of Contents](#top) | [References](#references) >
<a id="g"></a>
***
###### Multi-factor Authentication - Factors - ``Something you Are``
***

The third authentication factor is ``something you are``, this is a biometric factor, so this might be a fingerprint, an iris scan, or perhaps a voice print. 

This usually works by taking a mathematical representation of some part of you or your body, such as a fingerprint and storing a mathematical representation of that fingerprint. The next time you use your finger on that biometric reader it will perform the same calculation and compare that to what’s been stored previously.

![image.png](attachment:image.png)

These biometric authentication factors of something you are is certainly associating these characteristics with a specific individual. It would be very unusual for someone to be able to change their fingerprint, or change their retina, so we can associate these types of biometric features with an individual for effectively their entire lifetime. 

Although these biometric factors are very good at the authentication of an individual, they’re not fool-proof and they should usually be used with other authentication factors as well.

< [Table of Contents](#top) | [References](#references) >
<a id="h"></a>
***
###### Multi-factor Authentication - Attribute - ``Somewhere you Are``
***

One of the authentication attributes that doesn’t necessarily identify a specific individual but can help with the authentication process, is ``somewhere you are`` - this would provide an authentication factor based on where you might happen to be geographically, for example, authentications may be allowed if you are in the United States, but if you’re outside of the United States the authentication process would fail. 

Can sometimes use ``IPv4`` addressing to determine where a person might be, although this process is a bit imprecise and may give us incorrect information about what country a person may be in.

This is a bit more difficult with ``IPv6`` where specific country associations aren’t available but this can give us a good amount of information that can help us make decisions whether a user is authenticated, or not authenticated. 

Another way to gather a person’s location is through ``GPS`` or perhaps triangulation with certain ``Wireless Networks`` that may be in the area - this is also not a perfect way to determine where someone might be and there are ways to get around or even spoof GPS coordinates, but this can help in the authentication process to be able to allow or disallow access to the network.

![image.png](attachment:image.png)

< [Table of Contents](#top) | [References](#references) >
<a id="i"></a>
***
###### Multi-factor Authentication - Attribute - ``Something you Can Do``
***

Another attribute that can be used for authentication is ``something you can do``, this is your personal way of doing things. 

A good example of something you can do might be your signature - the way that you write your signature is something that’s very unique to you and it’s very difficult for someone else to be able to replicate that. 

![image.png](attachment:image.png)

These attributes may seem very similar to biometrics, but biometrics can provide us with characteristics that are very specific to an individual, whereas something you can do is a much broader description of a characteristic.

< [Table of Contents](#top) | [References](#references) >
<a id="j"></a>
***
###### Multi-factor Authentication - Attribute - ``Something you Exhibit``
***

Another set of attributes would be ``something you exhibit``, this is a personal way that you do things, for example, the way that you walk is very unique to you, and someone can perform a ``Gait Analysis`` to be able to compare the way you walk, versus the way that someone else walks. 

Another attribute that you exhibit might be the way that you type, you might type at a particular speed or there might be a particular timing between keys that’s very unique to you. 

![image.png](attachment:image.png)

< [Table of Contents](#top) | [References](#references) >
<a id="k"></a>
***
###### Multi-factor Authentication - Attribute - ``Someone you Know`` - Cryptography - Certificates - Digital Signature
***

Sometimes it’s not what you know, but who you know and the attribute of ``someone you know`` can help give you a little bit more credibility when you’re trying to gain access or authenticate to a system. 

Use the attributes of someone you know in cryptography when we’re creating a web of trust like we do with certificates, or when we’re creating a digital signature.

***
## END

< [Table of Contents](#top) >
<a id="references"></a>
***
## References
***

J. "Professor" Messer, "CompTIA Security+ (SY0-601) Course Notes," [professormesser.com](https://web.archive.org/web/20220521181010/https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/sy0-601-comptia-security-plus-course/), September 2021.

***
## END

< [Table of Contents](#top) | [References](#references) >
<a id="appendix"></a>
***
## Appendix
***

***
## END

In [1]:
from IPython.core.display import display,HTML
display(HTML("<style>.container { width:100% !important; }</style>"))

  from IPython.core.display import display,HTML


# END JUPYTER NOTEBOOK