Presentation is loading. Please wait.

Presentation is loading. Please wait.

Le Trong Ngoc Security Fundamentals Entity Authentication Mechanisms 4/2011.

Published byRosalind Patrick Modified over 8 years ago

Similar presentations

Presentation on theme: "Le Trong Ngoc Security Fundamentals Entity Authentication Mechanisms 4/2011."— Presentation transcript:

1 Le Trong Ngoc Security Fundamentals Entity Authentication Mechanisms 4/2011

2 1.2 4-1 Continued Entity authentication is a technique designed to let one party prove the identity of another party. An entity can be a person, a process, a client, or a server. The entity whose identity needs to be proved is called the claimant; the party that tries to prove the identity of the claimant is called the verifier.

3 1.3 4-1 Continued There are two differences between message authentication (data-origin authentication) and entity authentication, discussed in this chapter. 1)Message authentication might not happen in real time; entity authentication does. 2)Message authentication simply authenticates one message; the process needs to be repeated for each new message. Entity authentication authenticates the claimant for the entire duration of a session.

4 1.4 4-1 Continued Something known Something possessed Something inherent

5 1.5 4-2 PASSWORDS The simplest and oldest method of entity authentication is the password-based authentication, where the password is something that the claimant knows.

6 1.6 4-2 Continued First Approach User ID and password file

7 1.7 4-2 Continued Hashing the password Second Approach

8 1.8 4-2 Continued Third Approach Salting the password

9 1.9 4-2 Continued Fourth Approach In the fourth approach, two identification techniques are combined. A good example of this type of authentication is the use of an ATM card with a PIN (personal identification number).

10 1.10 4-2 Continued One-Time Password First Approach In the first approach, the user and the system agree upon a list of passwords. Second Approach In the second approach, the user and the system agree to sequentially update the password. Third Approach In the third approach, the user and the system create a sequentially updated password using a hash function.

11 1.11 4-2 Continued Lamport one-time password

12 1.12 4-3 CHALLENGE-RESPONSE In password authentication, the claimant proves her identity by demonstrating that she knows a secret, the password. In challenge-response authentication, the claimant proves that she knows a secret without sending it.

13 1.13 4-3 Continued In challenge-response authentication, the claimant proves that she knows a secret without sending it to the verifier. The challenge is a time-varying value sent by the verifier; the response is the result of a function applied on the challenge.

14 1.14 4-3 Continued First Approach Nonce challenge

15 1.15 4-3 Continued Second Approach Timestamp challenge

16 1.16 4-3 Continued Third Approach. Bidirectional authentication

17 1.17 4-3 Continued Instead of using encryption/decryption for entity authentication, we can also use a keyed-hash function (MAC). Keyed-hash function Using Keyed-Hash Functions

18 1.18 4-3 Continued First Approach Unidirectional, asymmetric-key authentication Using an Asymmetric-Key Cipher

19 1.19 4-3 Continued Second Approach Bidirectional, asymmetric-key

20 1.20 4-3 Continued Using Digital Signature First Approach Digital signature, unidirectional

21 1.21 4-3 Continued Second Approach Digital signature, bidirectional authentication

22 1.22 4-4 ZERO-KNOWLEDGE In zero-knowledge authentication, the claimant does not reveal anything that might endanger the confidentiality of the secret. The claimant proves to the verifier that she knows a secret, without revealing it. The interactions are so designed that they cannot lead to revealing or guessing the secret. Fiat-Shamir Protocol Feige-Fiat-Shamir Protocol Guillou-Quisquater Protocol

23 1.23 4-4 Continued Fiat-Shamir protocol

24 1.24 4-4 Continued Cave Example

25 1.25 4-4 Continued Feige-Fiat-Shamir protocol

26 1.26 4-4 Continued Guillou-Quisquater protocol

27 1.27 4-4 Continued Guillou-Quisquater protocol

28 1.28 4-5 BIOMETRICS Biometrics is the measurement of physiological or behavioral features that identify a person (authentication by something inherent). Biometrics measures features that cannot be guessed, stolen, or shared. Components Enrollment Authentication Techniques Accuracy Applications

29 1.29 4-5 Continued Several components are needed for biometrics, including capturing devices, processors, and storage devices.. Components

30 1.30 4-5 Continued Before using any biometric techniques for authentication, the corresponding feature of each person in the community should be available in the database. This is referred to as enrollment. Enrollment

31 1.31 4-5 Continued Authentication Verification Identification

32 1.32 4-5 Continued Techniques

33 1.33 4-5 Continued Physiological Techniques Fingerprint Iris Retina Face Hands Voice DNA

34 1.34 4-5 Continued Behavioral Techniques Signature Keystroke

35 1.35 4-5 Continued Accuracy False Rejection Rate (FRR) False Acceptance Rate (FAR)

36 1.36 4-5 Continued Several applications of biometrics are already in use. In commercial environments, these include access to facilities, access to information systems, transaction at point-ofsales, and employee timekeeping. In the law enforcement system, they include investigations (using fingerprints or DNA) and forensic analysis. Border control and immigration control also use some biometric techniques. Applications

Download ppt "Le Trong Ngoc Security Fundamentals Entity Authentication Mechanisms 4/2011."

Similar presentations

Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science ©2002-2004 Matt.

Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.
Authentication. Terminology  Authentication التثبت من الهوية  Access Control (authorization) التحكم في الوصول  Note the difference between the two.

Authentication. Terminology  Authentication التثبت من الهوية  Access Control (authorization) التحكم في الوصول  Note the difference between the two.
Introduction to Biometrics Dr. Pushkin Kachroo. New Field Face recognition from computer vision Speaker recognition from signal processing Finger prints.

Introduction to Biometrics Dr. Pushkin Kachroo. New Field Face recognition from computer vision Speaker recognition from signal processing Finger prints.
GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz.

GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz.
Video- and Audio-based Biometric Person Authentication Motivation: Applications. Modalities and their characteristics. Characterization of a biometric.

Video- and Audio-based Biometric Person Authentication Motivation: Applications. Modalities and their characteristics. Characterization of a biometric.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Biometrics and Authentication Shivani Kirubanandan.

Biometrics and Authentication Shivani Kirubanandan.
B IOMETRICS Akash Mudubagilu Arindam Gupta. O VERVIEW What is Biometrics? Why Biometrics? General Biometric System Different types of Biometrics Uses.

B IOMETRICS Akash Mudubagilu Arindam Gupta. O VERVIEW What is Biometrics? Why Biometrics? General Biometric System Different types of Biometrics Uses.
Marjie Rodrigues 411154.

Marjie Rodrigues
Security-Authentication

Security-Authentication
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Karthiknathan Srinivasan Sanchit Aggarwal

Karthiknathan Srinivasan Sanchit Aggarwal
Zachary Olson and Yukari Hagio CIS 4360 Computer Security November 19, 2008.

Zachary Olson and Yukari Hagio CIS 4360 Computer Security November 19, 2008.
By Alvaro E. Escobar 1 Biometrics Agenda I. Video II. Biometric Overview III. Biometric Technologies IV. Accuracy Metrics V. BioPrivacy Concerns.

By Alvaro E. Escobar 1 Biometrics Agenda I. Video II. Biometric Overview III. Biometric Technologies IV. Accuracy Metrics V. BioPrivacy Concerns.

Similar presentations

Ads by Google