Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Identification Who are you? How do I know you are who you say you are?

Published byAriana Farrell Modified over 10 years ago

Similar presentations

Presentation on theme: "1 Identification Who are you? How do I know you are who you say you are?"— Presentation transcript:

1 1 Identification Who are you? How do I know you are who you say you are?

2 2 Process of Identification There are typically two stages: 1. Username for identification 2. Password for verification of identification (authentication)

3 3 Threats There are various ways in which a username/password identification system can be abused: Password guessing Password spoofing Reading the password file

4 4 Password Guessing This term refers to exhaustive and intelligent searches to try and determine the password of a user. How can these attacks be prevented -by the user, -by the system?

5 5 Spoofing Attacks The system verifies that the user is who they say they are. BUT does the user verify the system? A typical spoof attack is to create a program which pretends to be the system inviting the user to enter their username and password.

6 6 Reading the Password File The password file, where the system stores the data for verifying passwords is very sensitive to attacks. In an insecure system the password file will be a list of passwords indexed by username. An attacker with access to this file has potential knowledge of every password.

7 7 Protecting the Password File There are essentially two ways to secure the file: 1. Cryptographic protection 2. Access control over the file which is imposed by the operating system.

8 8 Cryptographic Protection This makes use of a one-way function which is defined as follows : A one-way function is a function f: X Y such that given x in X it is easy to compute y=f(x) in Y BUT given y in Y it is difficult to find an x in X such that y=f(x).

9 9 The password file is protected using a one-way function as follows: 1. The system receives the username and password (x) from the user. 2.It uses the one-way function on the password to transform it into a set of characters y=f(x). 3. The system does not store the password but instead stores y indexed by the username. 4. To verify a user, the system asks for the username and password (x) and computes y=f(x). 5. If the value of y indexed by the username is the same as y then the user is authenticated.

10 10 Which function to use? The security of such a system relies on the one-way function used. In general the function should not be too efficient!

11 11 Password Salting This process overcomes certain problems associated with a large user base where it is possible that two users may have the same password Before the password is (encrypted and) stored, the system adds some salt such as appending the username. Now all passwords should be unique.

12 12 Alternative methods for authentication There are many alternatives used. Some are for situations where risk is low and others where security is paramount. Something only you are likely to know such as your mothers maiden name, date of birth or postcode. Something you have such as a credit card. Fingerprints, retina patterns, palmprints… where you are - access may only be available in a secured area

13 13 Authentication Failure The system can fail in two ways: 1. It can accept an unauthorised user 2. It can reject an authorised user

14 14 Summary By now you should be familiar with: The process of identification and authentication Threats such as password guessing and password spoofing and ways the user and the system can protect themselves against these threats Protection of the password file using a one- way function

Download ppt "1 Identification Who are you? How do I know you are who you say you are?"

Similar presentations

Chapter 1 - 1 ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.

Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Computer Security CIS326 Dr Rachel Shipsey.

Computer Security CIS326 Dr Rachel Shipsey.
© State Services Commission, 2006 Authentication to access government services What might the future hold? Laurence Millar Deputy Commissioner Information.

© State Services Commission, 2006 Authentication to access government services What might the future hold? Laurence Millar Deputy Commissioner Information.
Excel Lesson 16 Protecting, Tracking, and Sharing Workbooks Microsoft Office 2010 Advanced Cable / Morrison 1.

Excel Lesson 16 Protecting, Tracking, and Sharing Workbooks Microsoft Office 2010 Advanced Cable / Morrison 1.
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
BTC - 1 Biometrics Technology Centre (BTC) Biometrics Solution for Authentication Prof. David Zhang Director Biometrics Technology Centre (UGC/CRC) Department.

BTC - 1 Biometrics Technology Centre (BTC) Biometrics Solution for Authentication Prof. David Zhang Director Biometrics Technology Centre (UGC/CRC) Department.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.

It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
Authentication System

Authentication System
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.

CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) =.00625 * 5,349.44 = $33.434 What happens to the.004?.004+.004+.004=.012.004.

Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =
CSC 386 – Computer Security Scott Heggen. Agenda Authentication.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication.
Chapter 4.  Can technology alone provide the best security for your organization?

Chapter 4.  Can technology alone provide the best security for your organization?
BUSINESS B1 Information Security.

BUSINESS B1 Information Security.

Similar presentations

Ads by Google