Secure Messaging with Microsoft Exchange Server 2000

Authentication is the process of proving identity. We’re surrounded by real-world authentication systems, from the airport gate agent who politely examines our photo ID to ensure that it matches our ticket to the electronic toll systems in use in many metropolitan areas. The security of an authentication system depends on the answers to several questions:

• How do you prove your identity? In the real world, you normally have to produce a credential from some trusted authority, like a drivers’ license or a video rental card. The credential might be something you know (like a password, personal identification number [PIN], or your mother’s maiden name), something you have (like an automated teller machine [ATM] card, smart card, or SecurID token), or something you are (like a fingerprint, face, or hand geometry pattern). The more different credential types (or factors) you use, the more secure your authentication scheme is. Your bank’s ATM is a two-factor system; you must supply a valid ATM card (something you have) and the corresponding PIN to authenticate yourself to the ATM (something you know). However, your video rental card is a one-factor system— anyone with your card can pretend to be you and probably get away with it.

• How strong is the authentication method? The strength of an authentication method depends on several factors, including how resistant it is to tampering, how easy it is to create fake credentials, whether an attacker can easily steal credentials and reuse them later, and how the system stores the data that determines whether a credential is valid. Most of the existing fingerprint readers currently sold for PCs suffer from a critical weakness: they store the reference images of fingerprints unencrypted on the local disk. That means that attacking such systems is as easy as adding an extra fingerprint—the attacker’s—to the database of valid users. In this case, a weak storage method devalues the strength of the overall authentication process.

• How does the system decide which identity issuers to trust? Many organizations solve this problem by outsourcing it—that’s why U.S. banks typically allow you to use a state-issued driver’s license to cash a check. They’ve delegated the problem of credential issuance and verification to the motor vehicle departments in the United States. For computerized access control systems, this decision usually revolves around choosing a set of issuing authorities whose identity certifications are trustworthy; this decision, in turn, most often requires choosing a certificate authority (CA) that you trust to issue digital certificates.

It’s important to remember that authenticating to a system doesn’t grant access to any resources; all it does is give the system some degree of assurance that you are a valid user. Granting access to a resource is called authorization, and it can only happen after authentication. Access and resource controls use authentication to grant or deny resource access. Exchange 2000 uses the Active Directory authentication mechanisms to determine whether a particular user is authorized access to a requested messaging object (like a mailbox or Web Storage System item); Microsoft Exchange 5.5 uses its own directory in which each mailbox is associated with a Microsoft Windows NT or Microsoft Windows 2000 user account.