Chapter 10

HARDWARE-BASED AUTHENTICATION

WHO IS AT THE OTHER END?

The remoteness of people and devices on networks is at once their strength and their weakness. If one can ascertain (with complete confidence) the identity of the person or device at the other end of the communication, then the link provides a means to transcend the limits of space and conduct business across arbitrary distances. But the operative phrase is “with complete confidence.” The process of establishing the identity of a remote party with high (or, ideally, complete) confidence is called authentication. It can occur between people, devices, or any combination thereof.

There are three classes of authentication that we will consider in this chapter:

• Authentication of a person
• Authentication of a device
• Authentication of the physical environment around either the person or the device

As explained in previous chapters, many systems have been developed over the years that employ various forms of trust protected or validated by encryption. Such systems ultimately depend on a root basis of the trust, and any compromise to that root, at either end of any authentication process, can cause the confidence in or validity of the trust to erode rapidly. There are various hardware and software means that can be employed to protect the chain of trust, but all of these assume that the root of trust is valid.

Previous chapters have explored various methods to establish and protect this root trust in devices. The remainder ...