Presentation is loading. Please wait.

Presentation is loading. Please wait.

My topic is…………. - It is the fundamental building block and the primary lines of defense in computer security. - It is a basic for access control and.

Published byShawn West Modified over 8 years ago

Similar presentations

Presentation on theme: "My topic is…………. - It is the fundamental building block and the primary lines of defense in computer security. - It is a basic for access control and."— Presentation transcript:

1 My topic is…………

2 - It is the fundamental building block and the primary lines of defense in computer security. - It is a basic for access control and for user accountability. - It is a means of identifying the user and verifying that the user is allowed to access some restricted service. About the topic…….

3 RFC 2828 (internet security glossary) definition:- ->The process of verifying an identifying for a system entity or claimed by a system. ->An Authentication process consists of 2 steps……:

4 Identification step : Presenting an identifier to the security system. Verification step : Presenting or generating Authentication information that corroborates the binding between the entity and the identifier.

5 There are 4 general means of authenticating a user’s identity:-  Something the individual knows.  Something the individual possesses.  Something the individual is(static biometrics).  Something the individual does(dynamic biometrics).

6 Something the individual knows. A password, A personal identification number, Answers to a prearranged set of questions. Your fb password!!! Anybody can guess or steal your password. Anybody can forget a password.

7 Something the individual possesses. Electronic keycards, Smart cards, Physical keys. TOKENS. Referred as TOKENS. Anybody can forge or steal your token. Anybody can loose a token.

8 Something the individual is (static biometrics). Fingerprint, Retina, Face. Recognition by User acceptance cost and convenience.

9 Something the individual does (dynamic biometrics). Voice pattern, Handwriting characteristics, Typing rhythm. Recognition by User acceptance cost and convenience.

10 There are 3 types of Authentication:- Password-Based Authentication. Token-Based Authentication. Biometric Authentication.

11 1.Password-Based Authentication. ->It is a widely used line of defense against intruders. ->Virtually all multiuser systems not only require the user name or identifier (ID) but also the password. ->The system compares the password to a previously stored password for that user ID, maintained in a system password file. ->The password serves to authenticate id of the individual logging on to the system. How does it work???

12 The ID provides the security in the following ways:-  It determines whether a user is authorized to gain access to the system.  It determines the privileges accorded to the user.  It is used in discretionary access control.

13 The use of hashed password A widely used password security technique is the use of hashed passwords and a salt value. This scheme is found on virtually all UNIX variants as well as many other operating systems

14 Slow hash function a) Loading a new password User idSaltHash code Password file SaltPassword

15 How a new password is loaded???  The user selects or is assigned a password.  This password is combined with a fixed-length salt value [MORR79].  The password and salt serve as inputs to a hashing algorithm to produce a fixed-length hash code.  The hash algorithm is designed to be slow to execute to thwart attacks.  The hashed password is then stored, together with a plain text copy of the salt, in the password file for the corresponding user ID.

16 b) Verifying a password Password file Slow hash function compare Password Salt User idHash code User id select

17 How a password is verified???  When a user attempts to log on to a UNIX system, the user provides an ID and a password.  The operating system uses the ID to index into the password file and retrieve the plain text salt and the encrypted password.  The salt and user-supplied password are used as input to the encryption routine.  If the result matches the stored value, the password is accepted.

18 The purpose of salt It prevents duplicate passwords from being visible in the password file. It increases the difficulty of offline dictionary attacks and guessing a password in a dictionary attack. It becomes impossible to find out whether a person with passwords on two or more systems has used the same password on all of them.

19 UNIX Implementations… Each user selects a password of up to eight printable characters in length. This is converted into a 56-bit value that serves as the key input to an encryption routine. The hash routine, known as crypt(3), is based on DES. A 12-bit salt value is used. The modified DES algorithm is executed with a data input consisting of a 64-bit block of zeros. The output of the algorithm then serves as input for a second encryption. This process is repeated for a total of 25 encryptions. The resulting 64-bit output is then translated into an 11- character sequence. The modification of the DES algorithm converts it into a one-way hash function. The crypt(3) routine is designed to discourage guessing attacks.

20 2.Token-based authentication.  It’s an object that the user possesses for the purpose of user authentication.  The 2 types of token are: the cards that have the appearance and the size of the bank cards.

21 Memory cards When combined with a pin or password it provides greater security then password alone. Drawbacks are…. o Require special reader. o Token loss. o User dissatisfaction.

22 Smart cards. These can be categorized along three dimensions that are not mutually exclusive: 1. Physical characteristics: Smart tokens include an embedded microprocessor. A smart token that looks like a bank card is called a smart card. Other smart tokens can look like calculators, keys, or other small portable objects.

23 2. Interface: Manual interfaces include a keypad and display for human/token interaction. Smart tokens with an electronic interface communicate with a compatible reader/writer. 3. Authentication protocol: The purpose of a smart token is to provide a means for user authentication.We can classify the authentication protocols used with smart tokens into three categories: 1.Static 2.Dynamic password generator 3.Challenge-response

24 3.Biometric authentication.  Authenticate an individual based on his/her unique physical characteristics.  It is technically complex and expensive.  It is based on pattern recognition.  It is yet to mature as a standard tool for user authentication to computer system.

25 The physical characteristics used are…  Static: Facial characteristics. Fingerprints. Hand geometry. Retinal pattern. Iris.  Dynamic: Signature. Voice.

26 Cost verses accuracy of various biometric characteristics. accuracy cost voice hand signature retina finger iris face

27 Questions…… 1.Write a short note on user authentication and characterization of user authentication.(2,5,7,8,9) 2.Define user authentication as per IRC and explain the types of user authentication.(3,4,10,11,20,24) 3. Write short note on the following: -memory cards and smart cards.(21,22,23) -purpose of salt value.(18) 4.Explain loading and verifying hash password with neat diagram.(14,15,16,17) 5.Short note on Unix implementation.(19)

28 ->William Stallings page(668-675)

Download ppt "My topic is…………. - It is the fundamental building block and the primary lines of defense in computer security. - It is a basic for access control and."

Similar presentations

Chapter 15 Computer Security Techniques

Chapter 15 Computer Security Techniques
Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 3 “User Authentication”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 3 “User Authentication”.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Authentication & Kerberos

Authentication & Kerberos
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science ©2002-2004 Matt.

Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
CS470, A.SelcukAuthentication Systems1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukAuthentication Systems1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Chapter 15 Computer Security Techniques Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design.

Chapter 15 Computer Security Techniques Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design.
Information System Security, Intruders and password protection Presented by: Yanal Kilani Presented to: Dr. Lo’ai Tawalbeh Summer 2006.

Information System Security, Intruders and password protection Presented by: Yanal Kilani Presented to: Dr. Lo’ai Tawalbeh Summer 2006.
Marjie Rodrigues 411154.

Marjie Rodrigues
Security-Authentication

Security-Authentication
Security systems need to be able to distinguish the “white hats” from the “black hats”. This all begins with identity. What are some common identifiers.

Security systems need to be able to distinguish the “white hats” from the “black hats”. This all begins with identity. What are some common identifiers.
OV 11 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Authentication Approaches over Internet Jia Li

Authentication Approaches over Internet Jia Li
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.

Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.
CS 736 A methodology for Analyzing the Performance of Authentication Protocol by Laseinde Olaoluwa Peter Department of Computer Science West Virginia.

CS 736 A methodology for Analyzing the Performance of Authentication Protocol by Laseinde Olaoluwa Peter Department of Computer Science West Virginia.

Similar presentations

Ads by Google