Security’s Five Pillars

There are five pillars of security techniques nowadays. They are:

1. Authentication: means verify authenticity of users. It depends on three basic factors: knowledge factor, ownership factor, and inherence factor. “Knowledge factor” or “something they know” means things only they know, e.g. password or first pet’s name. “Ownership factor” or “something they have” means things belong to them, e.g. the token or digital certificate. “Inherence factor” or “something they are or do” means a physical characteristic, e.g. fingerprint or retinal eye.
2. Identification: means issuing and verifying access privileges. In principle, identification is certified able to do certain things. Identification has moved to application level, where people have an authentication at every application. Because identification at application is inconvenient for user, so companies are moving to single-sign-on technique.
3. Privacy and Integrity: means keeping information from being seen (privacy) and changed (integrity). The most common method of protecting data is encryption. Two common types of encryption are public key and secret key. DES is an example of secret key, while RSA is an example of public key.
4. Nonrepudiation: it can prove that communication between sender and receiver is secure and there is trusted third parties can monitor their transferring data. This technique prevents man-in-middle attack or phishing.