upgrade
Fiveable

📡Systems Approach to Computer Networks Unit 18 Review

QR code for Systems Approach to Computer Networks practice questions

18.2 Authentication and Digital Signatures

📡Systems Approach to Computer Networks
Unit 18 Review

18.2 Authentication and Digital Signatures

Written by the Fiveable Content Team • Last updated August 2025
Written by the Fiveable Content Team • Last updated August 2025
📡Systems Approach to Computer Networks
Unit & Topic Study Guides

Authentication and Digital Signatures

Authentication and digital signatures solve two fundamental problems in network security: How do you prove someone is who they claim to be? and How do you prove a message hasn't been tampered with? Together, they protect the confidentiality, integrity, and availability of network resources.

Digital signatures rely on public-key cryptography to create unique, encrypted message hashes. This verifies sender identity, ensures message integrity, and provides non-repudiation. Authentication methods range from simple passwords to biometrics and multi-factor schemes, each trading off between security and convenience.

Concept of Authentication

Authentication is the process of verifying the identity of a user, device, or entity before granting access to network resources. Without it, anyone could claim to be an authorized user and access financial data, confidential documents, or critical systems.

Authentication protects against unauthorized access, data breaches, identity theft, and system compromises. It's one of the primary mechanisms for maintaining the CIA triad (confidentiality, integrity, availability) across a network.

Common authentication methods include:

  • Passwords — a secret string the user knows
  • Biometric data — fingerprints, facial recognition, iris scans
  • Security tokens — smart cards, USB tokens, or software-based tokens
  • Digital certificates — cryptographic credentials issued by a trusted authority

Each method has different strengths. Passwords are easy to deploy but easy to steal. Biometrics are hard to fake but require special hardware. The strongest approaches combine multiple methods.

Concept of authentication, How does LSA authentication on Windows work? - Information Security Stack Exchange

Role of Digital Signatures

A digital signature serves two purposes: it confirms who sent a message (sender verification) and it proves the message wasn't altered in transit (integrity).

Digital signatures use public-key cryptography. The sender encrypts a hash of the message with their private key, producing the signature. The recipient then decrypts that signature with the sender's public key and checks whether the hash matches. Because only the sender possesses the private key, a valid signature ties the message to that specific sender.

This creates non-repudiation: the sender cannot later deny having sent the message. The signature acts as legal, auditable proof of the sender's actions, which matters in contexts like contracts, financial transactions, and regulatory compliance.

Concept of authentication, IoT Security Model

Digital Signature Process

Generating a digital signature:

  1. The sender runs the message through a cryptographic hash function (e.g., SHA-256), producing a fixed-length hash value.
  2. The sender encrypts that hash using their private key. The encrypted hash is the digital signature.
  3. The sender transmits both the original message and the digital signature to the recipient.

Verifying a digital signature:

  1. The recipient receives the message and the attached digital signature.
  2. The recipient decrypts the digital signature using the sender's public key, recovering the original hash.
  3. The recipient independently hashes the received message using the same hash function (SHA-256).
  4. The recipient compares the two hashes:
    • Match → the message is authentic and unaltered.
    • No match → the message was tampered with, or the signature is invalid.

The key insight here is that the verification works because hash functions are deterministic. The same input always produces the same output. If even a single bit of the message changed in transit, the newly computed hash will differ from the decrypted one.

Comparison of Authentication Methods

Passwords:

  • The most widely used authentication method due to simplicity and low cost.
  • Security depends on the user creating strong, unique passwords with sufficient complexity and length.
  • Vulnerable to guessing, brute-force attacks, dictionary attacks, and phishing. An attacker who obtains a password through social engineering has full access.

Biometrics:

  • Use unique physical characteristics like fingerprints, facial geometry, or iris patterns.
  • More secure than passwords because biometric traits are difficult to replicate or steal.
  • Require specialized hardware (sensors, scanners, cameras), which increases deployment cost.
  • Raise privacy concerns around how biometric data is stored and protected. Unlike a password, you can't change your fingerprint if the data is compromised.

Multi-Factor Authentication (MFA):

  • Combines two or more factors from different categories for stronger security:
    • Something you know — a password or PIN
    • Something you have — a security token, phone, or smart card
    • Something you are — biometric data
  • A common example: logging in with a password, then entering a one-time code sent via SMS or generated by a hardware token (like an RSA SecurID device).
  • MFA follows a defense-in-depth strategy. Even if an attacker compromises one factor (e.g., steals a password), they still can't authenticate without the second factor. This is why MFA is considered a baseline best practice for securing sensitive systems.