March 2005 1R. Smith - University of St Thomas - Minnesota QMCS 490 - Class Today Authentication ReduxAuthentication Redux Some more biometrics slidesSome.

Slides:

Advertisements

Similar presentations

March R. Smith - University of St Thomas - Minnesota QMCS Class Today Handing back the examHanding back the exam ProjectsProjects Certificates.

Advertisements

March R. Smith - University of St Thomas - Minnesota QMCS 130: Today’s Class Vectors and DimensionsVectors and Dimensions Scripts (shell scripts)Scripts.

March /18R. Smith - University of St Thomas - Minnesota QMCS 230: Today in Class Reading numbers from dialogsReading numbers from dialogs Converting.

March R. Smith - University of St Thomas - Minnesota QMCS 230: Today in Class AdministrativeAdministrative –Project proposals –This week’s lab Notes.

March R. Smith - University of St Thomas - Minnesota QMCS 230: Today in Class Lab 16Lab 16 Filling in an arrayFilling in an array Searching for a.

March R. Smith - University of St Thomas - Minnesota QMCS 130: Today’s Class More about FunctionsMore about Functions RecursionRecursion.

March /18R. Smith - University of St Thomas - Minnesota QMCS 230: Today in Class IF StatementIF Statement Revisiting assignment statementsRevisiting.

March R. Smith - University of St Thomas - Minnesota QMCS Class Today Homework collect/returnHomework collect/return OS Security/PolicyOS Security/Policy.

March R. Smith - University of St Thomas - Minnesota QMCS 130: Today’s Class Today: covering through P. 83 of textToday: covering through P. 83 of.

March R. Smith - University of St Thomas - Minnesota Today’s Class RecapRecap More course thingsMore course things Work on labs/projectsWork on labs/projects.

March R. Smith - University of St Thomas - Minnesota QMCS Class Today Attack ExerciseAttack Exercise Attacking serversAttacking servers Firewalls.

Spring R. Smith - University of St Thomas - Minnesota QMCS 130: Today’s Class Final Exam ReviewFinal Exam Review –Assessment –Exam Format –C –Matlab.

March R. Smith - University of St Thomas - Minnesota QMCS 130: Today’s Class Exam StatusExam Status Recap of Lab 7 ExampleRecap of Lab 7 Example.

March R. Smith - University of St Thomas - Minnesota QMCS Class Today Perimeters inside computersPerimeters inside computers Protection inside.

March /18R. Smith - University of St Thomas - Minnesota QMCS 230: Today in Class I/O ObjectsI/O Objects Lab 12Lab 12.

March R. Smith - University of St Thomas - Minnesota QMCS 230: Today in Class Today’s LabToday’s Lab SortingSorting.

March /18R. Smith - University of St Thomas - Minnesota QMCS 230: Today in Class Reviewing previous workReviewing previous work Using a dialog boxUsing.

March /18R. Smith - University of St Thomas - Minnesota QMCS 230: Today in Class End of Chapter 2: READ Section 2.15End of Chapter 2: READ Section.

March R. Smith - University of St Thomas - Minnesota QMCS 130: Today’s Class The ProjectThe Project PointersPointers.

March R. Smith - University of St Thomas - Minnesota CISC Class Today Return Homework; grading recapReturn Homework; grading recap “Enigma”

March /18R. Smith - University of St Thomas - Minnesota QMCS 230: Today in Class Class projectsClass projects Lab 13: Use the method documentation.

March R. Smith - University of St Thomas - Minnesota QMCS Class Today Finish the other presentationFinish the other presentation Cipher ModesCipher.

March /18R. Smith - University of St Thomas - Minnesota QMCS 230 – Today in Class Getting Homework BackGetting Homework Back DecimalFormat class.

6/22/2015 1R. Smith - University of St Thomas - Minnesota QMCS Class Today St. Lukes Case StudySt. Lukes Case Study.

March R. Smith - University of St Thomas - Minnesota QMCS Class Today Working the InternetWorking the Internet RoutingRouting Firewalling in.

Spring R. Smith - University of St Thomas - Minnesota QMCS 130: Today’s Class Return HomeworkReturn Homework Class ScheduleClass Schedule Functions:

March R. Smith - University of St Thomas - Minnesota QMCS Class Today Cryptography – introductory termsCryptography – introductory terms “Enigma”

March R. Smith - University of St Thomas - Minnesota QMCS Class Today AuthenticationAuthentication –Elements/Actors –Strategies –Three Factors/Base.

March R. Smith - University of St Thomas - Minnesota QMCS 130: Today’s Class RecapRecap Functions and CFunctions and C Using FunctionsUsing Functions.

March R. Smith - University of St Thomas - Minnesota Today’s Class Lab 1 commentsLab 1 comments Data Types in Chapter 4Data Types in Chapter 4 Lab.

March R. Smith - University of St Thomas - Minnesota QMCS Class Today Homework due TodayHomework due Today LAN and Internet AddressesLAN and.

March /18R. Smith - University of St Thomas - Minnesota QMCS 230: Today in Class Nested IFNested IF “Boolean” Logical Operations“Boolean” Logical.

March R. Smith - University of St Thomas - Minnesota QMCS Class Today Homework backHomework back Take-home exam will be on Blackboard after.

March R. Smith - University of St Thomas - Minnesota QMCS 130: Today’s Class Lab Status, Paper StatusLab Status, Paper Status Comments on Ints vs.

March R. Smith - University of St Thomas - Minnesota QMCS Class Today HomeworkHomework Risk assessment processRisk assessment process –Identify.

March R. Smith - University of St Thomas - Minnesota QMCS 130: Today’s Class Data IndependenceData Independence Matlab #3: Exercise 5.1Matlab #3:

March R. Smith - University of St Thomas - Minnesota QMCS 230: Today in Class Buttons: Radio and Check BoxButtons: Radio and Check Box Lab 20Lab.

March R. Smith - University of St Thomas - Minnesota QMCS 130: Today’s Class StatusStatus –Survey –Returning homework ArraysArrays –What are they?

March R. Smith - University of St Thomas - Minnesota QMCS 130: Today’s Class Finish up Lab 13Finish up Lab 13 Lab 14 – DetailsLab 14 – Details.

March R. Smith - University of St Thomas - Minnesota QMCS 130: Today’s Class The examThe exam –Open book, no notes, like last time Exam TopicsExam.

March R. Smith - University of St Thomas - Minnesota ENGR 330: Today’s Class CachesCaches Direct mapped cacheDirect mapped cache Set associative.

March R. Smith - University of St Thomas - Minnesota ENGR 330: Today’s Class Administrative: do you want another lab?Administrative: do you want.

March R. Smith - University of St Thomas - Minnesota QMCS 130: Today’s Class Revised Lab 14/15Revised Lab 14/15 Counting WordsCounting Words Moving.

March R. Smith - University of St Thomas - Minnesota QMCS 130: Today’s Class Matlab “Matrix Laboratory”Matlab “Matrix Laboratory” Chapter 1 – matrices.

March R. Smith - University of St Thomas - Minnesota QMCS 130: Today’s Class Homework & GradesHomework & Grades Multiple DimensionsMultiple Dimensions.

March R. Smith - University of St Thomas - Minnesota Today’s Class Homework NotesHomework Notes –Always try to match the printed output if I give.

March /18R. Smith - University of St Thomas - Minnesota QMCS 230: Today in Class More LoopsMore Loops Do While – a ‘trailing decision’ loopDo While.

March /18R. Smith - University of St Thomas - Minnesota QMCS 230: Today in Class The ExamThe Exam Homework NotesHomework Notes.

March R. Smith - University of St Thomas - Minnesota QMCS 130: Today’s Class AssignmentsAssignments Logical operationsLogical operations Summations.

Chapter 6 Authenticating People

Entity Authentication

Lecture 19 Page 1 CS 111 Online Authentication for Operating Systems What is authentication? How does the problem apply to operating systems? Techniques.

Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.

Security PS Evaluating Password Alternatives Bruce K. Marshall, CISSP, IAM Senior Security Consultant

Lecture 7 Page 1 CS 236, Spring 2008 Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know.

A Practical Comparison of Modern Authentication Mechanisms.

March R. Smith - University of St Thomas - Minnesota QMCS 130: Today’s Class Grades & Lab 12Grades & Lab 12 Upcoming ExamUpcoming Exam StructuresStructures.

March R. Smith - University of St Thomas - Minnesota QMCS Class Today “Enigma” recap and finish“Enigma” recap and finish The quiz/surveyThe.

Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.

March R. Smith - University of St Thomas - Minnesota CISC Class Today HomeworkHomework Project ScheduleProject Schedule LabLab RecapRecap Protecting.

CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.

COEN 351 Authentication. Authentication is based on What you know Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card.

Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.

March /18R. Smith - University of St Thomas - Minnesota QMCS 230: Today in Class What’s on the Exam Next Week?What’s on the Exam Next Week? Lab 8Lab.

Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.

1 Authentication Technologies Authentication Mechanisms –Something you know –Something you have –Something you are Features –Authenticator & Base secret.

Challenge/Response Authentication

Challenge/Response Authentication

COEN 351 Authentication.

Presentation transcript:

March R. Smith - University of St Thomas - Minnesota QMCS Class Today Authentication ReduxAuthentication Redux Some more biometrics slidesSome more biometrics slides Challenge Response authenticationChallenge Response authentication Token based authenticationToken based authentication

March R. Smith - University of St Thomas - Minnesota Elements/Actors PrincipalPrincipal CharacteristicCharacteristic ProprietorProprietor Authentication mechanismAuthentication mechanism Access control mechanismAccess control mechanism –Examples 40 thieves40 thieves PasswordsPasswords ATMATM Web serverWeb server

March R. Smith - University of St Thomas - Minnesota Strategies Standards of due careStandards of due care Risk analysisRisk analysis Exceed industry practicesExceed industry practices

March R. Smith - University of St Thomas - Minnesota Average Attack Space If the attack “tries” X times, thenIf the attack “tries” X times, then There is a 50% chance of success.There is a 50% chance of success. Usually tied to the size of a base secretUsually tied to the size of a base secret

March R. Smith - University of St Thomas - Minnesota Biometrics: Recap Measure physical trait: finger, hand, eye, face, … From Authentication © Used by permission

March R. Smith - University of St Thomas - Minnesota Some Based on Behavior Measure something the person does, instead of measuring a physical traitMeasure something the person does, instead of measuring a physical trait Examples: voice, keystrokes, written signatureExamples: voice, keystrokes, written signature From Authentication © Used by permission

March R. Smith - University of St Thomas - Minnesota Biometric Matching Compares user’s signature to previously established pattern built from that traitCompares user’s signature to previously established pattern built from that trait Pattern and signature contents vary according to the biometric and the implementationPattern and signature contents vary according to the biometric and the implementation From Authentication © Used by permission

March R. Smith - University of St Thomas - Minnesota Pattern Matching We compare how closely a signature matches one user’s pattern versus another’s patternWe compare how closely a signature matches one user’s pattern versus another’s pattern From Authentication © Used by permission

March R. Smith - University of St Thomas - Minnesota Matching in Practice You should often match yourself and rarely match others From Authentication © Used by permission

March R. Smith - University of St Thomas - Minnesota Matching Self vs. Others It’s possible that an imposter will sneak through From Authentication © Used by permission

March R. Smith - University of St Thomas - Minnesota Biometric Strength

March R. Smith - University of St Thomas - Minnesota More about Passwords …

March R. Smith - University of St Thomas - Minnesota Password Ping-Pong AttacksDefenses PasswordsSteal the Password File Password HashingGuessing Guess DetectionSocial Engineering Help Desk RestrictionsKeystroke Sniffing Memory ProtectionPassword Sharing Password TokensNetwork Sniffing One-Time Passwords ??

March R. Smith - University of St Thomas - Minnesota Guessable Passwords

March R. Smith - University of St Thomas - Minnesota Strength in Practice

March R. Smith - University of St Thomas - Minnesota Sniffing Trumps Strength From Authentication © Used by permission

March R. Smith - University of St Thomas - Minnesota Interactive Challenge Requires a calculator (hardware or software)Requires a calculator (hardware or software) Base secret is embedded in the calculatorBase secret is embedded in the calculator Authenticates the owner of the base secretAuthenticates the owner of the base secret From Authentication © Used by permission

March R. Smith - University of St Thomas - Minnesota Embedded Challenge Login client handles challenge automatically (DEC, Novell)Login client handles challenge automatically (DEC, Novell) The password is the base secretThe password is the base secret From Authentication © Used by permission

March R. Smith - University of St Thomas - Minnesota Tokens for Authentication Something you have that’s hard to copySomething you have that’s hard to copy –Attacker needs to steal it to log on –I can’t tell if someone has sniffed my password, but I can tell immediately if someone has stolen my token From Authentication © Used by permission

March R. Smith - University of St Thomas - Minnesota Hardware Tokens Resist copying and other attacks by storing the base secret in a tamper-resistant package.Resist copying and other attacks by storing the base secret in a tamper-resistant package. From Authentication © Used by permission

March R. Smith - University of St Thomas - Minnesota One-Time Password Tokens Attacker can’t reuse the sniffed password From Authentication © Used by permission

March R. Smith - University of St Thomas - Minnesota Combination Product Fingerprint used locally to “unlock” the token From Authentication © Used by permission

March R. Smith - University of St Thomas - Minnesota Average Attack Space for Tokens For “Off Line”For “Off Line” –This is to clone someone’s token –Figure out the size of the base secret –Use that as the number of trials –Applies to all tokens For “On Line”For “On Line” –This is to crack into the server without cracking the token –Figure out the size of the one time password –Use that as the number of trials –Applies to all tokens/users/attacks

March R. Smith - University of St Thomas - Minnesota Creative Commons License This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA.