Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science ©2002-2004 Matt.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science ©2002-2004 Matt."— Presentation transcript:

1 Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science ©2002-2004 Matt Bishop

2 Hardware Support Token-based Used to compute response to challenge May encipher or hash challenge May require PIN from user Temporally-based Every minute (or so) different number shown Computer knows what number to expect when User enters number and fixed password Computer Security: Art and Science ©2002-2004 Matt Bishop

3 Computer Security: Art and Science ©2002-2004 Matt Bishop http://www.rsa.com/node.aspx?id=1159

4 C-R and Dictionary Attacks Same as for fixed passwords Attacker knows challenge r and response f(r); if f encryption function, can try different keys May only need to know form of response; attacker can tell if guess correct by looking to see if deciphered object is of right form Example: Kerberos Version 4 used DES, but keys had 20 bits of randomness; Purdue attackers guessed keys quickly because deciphered tickets had a fixed set of bits in some locations Computer Security: Art and Science ©2002-2004 Matt Bishop

5 Encrypted Key Exchange Defeats off-line dictionary attacks Idea: random challenges enciphered, so attacker cannot verify correct decipherment of challenge Assume Alice, Bob share secret password s In what follows, Alice needs to generate a random public key p and a corresponding private key q Also, k is a randomly generated session key, and R A and R B are random challenges Computer Security: Art and Science ©2002-2004 Matt Bishop

6 Computer Security: Art and Science ©2002-2004 Matt Bishop

7 June 1, 2004 Computer Security: Art and Science ©2002-2004 Matt BishopSlide #12-7

8 EKE Protocol Computer Security: Art and Science ©2002-2004 Matt Bishop Alice Bob Alice || E s (p) Alice Bob E s (E p (k)) Now Alice, Bob share a randomly generated secret session key k Alice Bob Ek(RA)Ek(RA) Alice Bob Ek(RARB)Ek(RARB) Alice Bob Ek(RB)Ek(RB)

9 Biometrics Automated measurement of biological, behavioral features that identify a person Fingerprints: optical or electrical techniques Maps fingerprint into a graph, then compares with database Measurements imprecise, so approximate matching algorithms used Voices: speaker verification or recognition Verification: uses statistical techniques to test hypothesis that speaker is who is claimed (speaker dependent) Recognition: checks content of answers (speaker independent) Computer Security: Art and Science ©2002-2004 Matt Bishop

10 Other Characteristics Can use several other characteristics Eyes: patterns in irises unique Measure patterns, determine if differences are random; or correlate images using statistical tests Faces: image, or specific characteristics like distance from nose to chin Lighting, view of face, other noise can hinder this Keystroke dynamics: believed to be unique Keystroke intervals, pressure, duration of stroke, where key is struck Statistical tests used Computer Security: Art and Science ©2002-2004 Matt Bishop

11 Cautions These can be fooled! Assumes biometric device accurate in the environment it is being used in! Transmission of data to validator is tamperproof, correct Computer Security: Art and Science ©2002-2004 Matt Bishop

12 Location If you know where user is, validate identity by seeing if person is where the user is Requires special-purpose hardware to locate user GPS (global positioning system) device gives location signature of entity Host uses LSS (location signature sensor) to get signature for entity Computer Security: Art and Science ©2002-2004 Matt Bishop

13 Multiple Methods Example: “where you are” also requires entity to have LSS and GPS, so also “what you have” Can assign different methods to different tasks As users perform more and more sensitive tasks, must authenticate in more and more ways (presumably, more stringently) File describes authentication required Also includes controls on access (time of day, etc.), resources, and requests to change passwords Computer Security: Art and Science ©2002-2004 Matt Bishop

Download ppt "Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science ©2002-2004 Matt."

Similar presentations

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.

1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.
Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Certificates.

Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Certificates.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Authentication attacks, causes and solutions Analyzing man in the middle and dictionary attacks against SSL/TLS and password based authentication systems.

Authentication attacks, causes and solutions Analyzing man in the middle and dictionary attacks against SSL/TLS and password based authentication systems.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
FIT3105 Biometric based authentication and identity management

FIT3105 Biometric based authentication and identity management
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #11-1 Chapter 11: Authentication Basics Passwords Challenge-Response Biometrics.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #11-1 Chapter 11: Authentication Basics Passwords Challenge-Response Biometrics.
Authentication System

Authentication System
June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #12-1 Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics.

June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #12-1 Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics.
1 Authentication CS461/ECE422 Fall 2010. 2 Reading Chapter 12 from Computer Security Chapter 10 from Handbook of Applied Cryptography

1 Authentication CS461/ECE422 Fall Reading Chapter 12 from Computer Security Chapter 10 from Handbook of Applied Cryptography
B IOMETRICS Akash Mudubagilu Arindam Gupta. O VERVIEW What is Biometrics? Why Biometrics? General Biometric System Different types of Biometrics Uses.

B IOMETRICS Akash Mudubagilu Arindam Gupta. O VERVIEW What is Biometrics? Why Biometrics? General Biometric System Different types of Biometrics Uses.
Marjie Rodrigues 411154.

Marjie Rodrigues
Security-Authentication

Security-Authentication
Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.

Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.
Karthiknathan Srinivasan Sanchit Aggarwal

Karthiknathan Srinivasan Sanchit Aggarwal
Authentication Approaches over Internet Jia Li

Authentication Approaches over Internet Jia Li
Csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature.

Csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature.

Similar presentations

Ads by Google