How do you make sure the person who used the system is really her?

Asked

Viewed 249 times

4

At the university where we are studying, we are developing a system in Java EE to reduce bureaucracy in some enrollment processes, extinguishing forms and generating PDF forms that, instead of going literally by hand and by hand, will pass as a person in person within the system. First of all we think, let’s create a button, if the employee (who can be a teacher, center director, etc.) clicks defer (as if he signed) it is because it is deferred and ready, but what if someone asks for some proof that it was really he who accepted such an application? How to prove it? How can we ensure that only the employee will make a deferment? Considering that the same can access the system of any computer/ smartphone, anywhere, the only restriction is that it will have a period in the specific month to make such deferment.

java validation authentication

  • I deleted some of my comments so it wouldn’t get messy here, I would suggest you do the same. We’ll be suggesting for a DNA scanner on the terminals. The guy puts his arm on the sensor, takes a needle, and if the DNA matches, it’s him :)

  • 2

    Joking aside, I could make a password system that would send a confirmation SMS with token to the person’s mobile phone. Only by releasing this token into the system within a reasonable time would the deferral be recognized.

  • @Bacco I watched Gattacca, you can bypass the DNA system :)

  • 2

    Each user does not have his own login and password to access the system? In this case, simply store the record of the user who granted the process. The guarantee that the person is really she is in the privacy of the login. Using more complex solutions can end up hurting your own initial principle of "reducing bureaucracy in some enrollment processes". :)

  • Actually, some options would bureaucratize more =/

  • 2

    3 options: 1) password. But if the person puts the password in a post-it... 2) link between the site and the person 'physical'. Type Biometric Reader. Problem: To access you need to be in front of the computer that has the reader. 3) link between the site and a physical system but without obligation to be in front of a specific computer. Type send an SMS or a "vocal" message: the site creates the code, memorizes it in the database for example 5 min, sends it and waits for the person to type the code. Also give a look here https://www.yubico.com/

  • Only the Biometric, because the Token (nda prevents to lend to someone)

  • I believe that Bacco and Peter are right. I would text. Google uses SMS. If it involved large amounts of money, it would justify using biometric readers. Here at my university all documents are digitally signed, and we only use login and password.

Show 3 more comments

3 answers

5


and if anyone asks for any proof that it really was he who granted such an inscription?

The name of this feature you seek is non-repudiation (non-repudiation). It is one of the features that cryptographic systems often seek to achieve (the others being confidentiality, authenticity and integrity).

Before commenting on the ways "hard" to ensure non-repudiation, I want to say that I agree with the other answers and comments: if you trusting in your university’s staff and IT staff (i.e. not concerned for example with some system administrator manually entering a certificate in the bank on behalf of a teacher without your permission), so it’s all a matter of authentication and authorization:

  • Establish your credential policies to reduce the risk of someone improperly accessing your teacher’s account (for example, by requiring strong passwords - but memorable - more some form of second factor). In my college, for example, we received a paper with a list of Pins, and for each "sensitive" action in the system we had to insert one of them, even though it was already logged in. This used PIN was no longer reused for anything.
  • Make sure your application establishes the authorization rules correctly (i.e. ensure that only users of the "teachers" group have access to the "defer" functionality").

If, on the other hand, you need a stronger guarantee, then we go into technical solutions. Some people have suggested biometrics, seriously or jokingly, but the fact is that biometrics is for authentication, not to repudiate you. Worse, alone biometrics aren’t even that good for authentication: if you leave an unsupervised door with a retinal reader next door, where one only has to look at the door if it opens, about 7000 people could look at it and the system could identify them as being you... Biometrics only work if accompanied by other factors (e.g., you show a document to an employee - if identifying - and then looks at the retina reader - if authenticating). That response in security.SE shows more details.

The most widely used means of non-repudiation is digital signature. Let’s say that each teacher creates for himself a digital certificate (where himself established the private key - if it was the faculty that provided it to him, non-repudiation does not apply), and recorded it in his system. The university itself can be the Certifying Authority, or in even more formal cases can be used for example the services of ICP-Brazil - whose digital signatures have by law the same validity as "normal" signatures in this country. This certificate can be on the user’s own computer (less secure) or on a smartcard (safer).

It is the user’s responsibility to ensure the security of their certificate, not allow their private key to be accessed by third parties. And/or notify the university immediately if it is suspected that it has been compromised. Under these conditions, assuming that only the teacher has access to his private key, it is enough to make his critical actions in the system have to be digitally signed by him. Thus, while guaranteeing its integrity and authenticity (i.e. no one can tamper with the content without invalidating the signature, and no one can sign for it) if he also has non-repudiation (if his signature is there, there is no way he denies that it was he who signed).

Again, I am giving this information in order to make the answer complete: this whole paraphernalia has no negligible cost (if not in cash, but in inconvenience to users), and should not be used unless really necessary. In 99% of cases it is Overkill, and simple trust in system administrators is sufficient to turn authenticity into non-repudiation ("it is registered in the database that Action X was executed by User Y, period").

  • Man, excellent reply! Thank you very much.

  • I will check with the client what will be done, but we will stay between two options you put, or digital signature that I hope teachers do not find as much bureaucracy, or just the "is registered in the bank that action X was executed by user Y."

  • @Joãoneto I sincerely hope that they agree with the simplest exit, because very rarely such a level of "paranoia" is necessary... But if you decide to use digital signature, that article (in English) may be of interest to you, as it is precisely about signing something in the browser and checking the signature on the Java server. It is not cross-browsers (FF and IE only), but as long as they don’t standardize Webcrypto it’s hard to get much better.

  • I’ll take a look! I hope they really get the simplest option.

2

I see that the only way is with a login, as it is a university everyone has to have their RA registered in the entity or you should use this to authenticate them as well as there should be a password, what comes to mind is you ask for an email to each student so that through this this receive your password or that the same register your password at the university before the presentation of the school card.

Unfortunately without that I don’t see how to authenticate these people with security and integrity

1

It is necessary to know how hardcore you want to be to really ensure that he is certain person.

CASE 01: in a vote really needs to be it.

Solution: Biometric Reader.

CASE 02: Access to a page (example bank sites)

Solution: Token or SMS code

CASE 03: Access to a page

Solution: Access in 2 or 3 steps, and the 2nd and 3rd step can vary with Password, Secret question, registration data, etc.

More Information (links):

https://www.google.com/intl/pt-BR/landing/2step/

2 steps Microsoft

  • Biometrics is very good for identification or authentication, but not both at the same time. A second factor is crucial when working with biometrics. And I got it wrong, or are you suggesting security minor for "bank sites" than for "normal websites"?

  • Do you mean 2 step access vs bank site? well just reported as it is today, bank sites do validation in a few steps yes...and still use token..

  • I must have misinterpreted your answer, so... The fact is that all the methods indicated seem to me variations of the same theme - authentication in 2 factors. In the case of voting we have something you have (your document) + something you are (biometrics); in the other, something you know (password) + something you have (the phone that will receive SMS/generate authentication codes). Only when all the "steps" involve only something you know (password, secret question, registration data, etc.) without including something you have/is, is that the authentication has only one factor, and therefore is weaker.

Browser other questions tagged java validation authentication

You are not signed in. Login or sign up in order to post.