Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS470, A.SelcukAuthentication Systems1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "CS470, A.SelcukAuthentication Systems1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk."— Presentation transcript:

1 CS470, A.SelcukAuthentication Systems1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk

2 CS470, A.SelcukAuthentication Systems2 Entity Authentication Authentication of people, processes, etc. Non-cryptographic –Address-based (E-mail, IP, etc.) –Passwords –Biometrics Cryptographic –Symmetric key –Public key

3 CS470, A.SelcukAuthentication Systems3 Authentication Tokens What you know (password schemes) What you have (keys, smart cards, etc.) What you are (fingerprints, retinal scans, etc.)

4 CS470, A.SelcukAuthentication Systems4 Password Problems Eavesdropping Stealing password files On-line password guessing Off-line guessing attacks –Dictionary attacks –Exhaustive search Careless users writing down passwords

5 CS470, A.SelcukAuthentication Systems5 On-line Password Guessing Careless choices (first names, initials, etc.); poor initial passwords Defenses: After wrong guesses, Lock the account –Not desirable, can be used for DoS Slow down Alert users about unsuccessful login attempts Don’t allow short or guessable passwords

6 CS470, A.SelcukAuthentication Systems6 Off-line Password Guessing Stealing & using password files Passwords should not be stored in clear. Typically, they’re hashed and stored. Attacks: –Exhaustive search –Dictionary attacks Defenses: –Don’t allow short/guessable passwords –Don’t make password files readable –Salting: Mix a random number to each hash

7 CS470, A.SelcukAuthentication Systems7 Eavesdropping Watching the screen Watching the keyboard Login Trojan horses –Different appearance –Interrupt command for login Keyboard sniffers –Good system administration Network sniffers –Cryptographic protection –One-time passwords

8 CS470, A.SelcukAuthentication Systems8 Initial Password Distribution Initial off-line authentication Passwords can be chosen on site by users An initial password can be issued by the system administrator. Pre-expired passwords: Has to be changed at the first login

9 CS470, A.SelcukAuthentication Systems9 Authentication Tokens Keys (physical) ATM, credit cards Smart cards: On-card processor for cryptographic authentication. –PIN-protected cards: Memory protected by PIN –Challenge-response cards: Performs challenge- response authentication through SC reader New technology: Tokens working through USB ports. –Cryptographic calculator Current time encrypted, displayed to user, entered to terminal Adv: Access through standard terminals

10 CS470, A.SelcukAuthentication Systems10 Biometrics Authentication by inherent physical characteristics E.g., fingerprint readers, retina/iris scanners, face recognition, voice recognition Problems: –Expensive –Not fault tolerant –Can be replayed in remote authentication

Download ppt "CS470, A.SelcukAuthentication Systems1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk."

Similar presentations

Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 3 “User Authentication”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 3 “User Authentication”.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Cryptography and Network Security Chapter 20 Intruders

Cryptography and Network Security Chapter 20 Intruders
7-1 Last time Protection in General-Purpose Operating Systems History Separation vs. Sharing Segmentation and Paging Access Control Matrix Access Control.

7-1 Last time Protection in General-Purpose Operating Systems History Separation vs. Sharing Segmentation and Paging Access Control Matrix Access Control.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
第十章 1 Chapter 10 Authentication of People. 第十章 2 Introduction This chapter deals with password-related issues like how to force users to choose unguessable.

第十章 1 Chapter 10 Authentication of People. 第十章 2 Introduction This chapter deals with password-related issues like how to force users to choose unguessable.
95752:3-1 Access Control. 95752:3-2 Access Control Two methods of information control: –control access –control use or comprehension Access Control Methods.

95752:3-1 Access Control :3-2 Access Control Two methods of information control: –control access –control use or comprehension Access Control Methods.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
CMSC 414 Computer (and Network) Security Lecture 24 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 24 Jonathan Katz.
Authentication System

Authentication System
NS-H0503-02/11041 System Security. NS-H0503-02/11042 Authentication Verifying the identity of another entity Two interesting cases (for this class): –Computer.

NS-H /11041 System Security. NS-H /11042 Authentication Verifying the identity of another entity Two interesting cases (for this class): –Computer.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.

14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

Similar presentations

Ads by Google