CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

Slides:



Advertisements
Similar presentations
CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Advertisements

Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Lecture 6 User Authentication (cont)
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
FIT3105 Smart card based authentication and identity management Lecture 4.
CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 15 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Chapter 9 Overview of Authentication System
1 Pertemuan 04 Pengamanan Akses Sistem Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
CS470, A.SelcukAuthentication Systems1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.
More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 23 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
Apr 4, 2003Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication.
CMSC 414 Computer (and Network) Security Lecture 24 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Authentication System
NS-H /11041 System Security. NS-H /11042 Authentication Verifying the identity of another entity Two interesting cases (for this class): –Computer.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
Lecture 3: Access Control Fred Chong CS290N Architectural Support for Secure and Reliable Computing.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
VPN AND SECURITY FLAWS Rajesh Perumal Clemson University.
EMBEDDED SECURITY EEN 417 Fall /6/13, Dr. Eric Rozier, V1.0, ECE Thanks to Edward Lee and Sanjit Seshia of UC Berkeley.
Lecture 11: Strong Passwords
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Lecture 7 Page 1 CS 236, Spring 2008 Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know.
CSCE 522 Identification and Authentication. CSCE Farkas2Reading Reading for this lecture: Required: – Pfleeger: Ch. 4.5, Ch. 4.3 Kerberos – An Introduction.
1 Lecture 9: Cryptographic Authentication objectives and classification one-way –secret key –public key mutual –secret key –public key establishing session.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
COEN 351 Authentication. Authentication is based on What you know Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card.
By Chris Zachor CS 650.  Introduction  SSH Overview  Scenarios  How To:  Results  Conclusion.
1 Authentication Protocols Rocky K. C. Chang 9 March 2007.
December 14, 2000Securely Available Credentails (SACRED) - Framework Draft 1 Securely Available Credentials (SACRED) Protocol Framework, Draft Specification.
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
Pertemuan #8 Key Management Kuliah Pengaman Jaringan.
Information Systems Design and Development Security Precautions Computing Science.
CSEN 1001 Computer and Network Security Amr El Mougy Mouaz ElAbsawi.
Identification (User Authentication). Model Alice wishes to prove to Bob her identity in order to access a resource, obtain a service etc. Bob may ask.
Secure Biometric Authentication for Weak Computational Devices Mikhail Atallah (Purdue),Keith Frikken (Purdue), Michael Goodrich (UC- Irvine), Roberto.
Outline The basic authentication problem
Security Issues.
CMSC 414 Computer and Network Security Lecture 15
پروتكلهاي احرازاصالت Authentication protocols
Presentation transcript:

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz

Password-based protocols  Any password-based protocol is potentially vulnerable to an “on-line” dictionary attack –On-line attacks can be detected and limited –How?  Off-line attacks can never be prevented, but protocols can be made secure against such attacks  Any password-based protocol is vulnerable to off- line attack if the server is compromised –Once the server is compromised, why do we care?

Password-based protocols  Best: Use a password-based protocol which is secure against off-line attacks when server is not compromised –Unfortunately, this has not been the case in practice (e.g., telnet, cell phones, etc.) –This is a difficult problem!

Password storage  In the clear…  Hash of password (done correctly) –Doesn’t always achieve anything! –Makes adversary’s job harder –Potentially protects users who choose good passwords  “Salt”-ed hash of password –Makes bulk dictionary attacks harder, but no harder to attack a particular password  Encrypted passwords? (What attack is this defending against?)  Centralized server stores password  Threshold password storage

Centralized password storage  Authentication storage node –Central server stores password; servers request the password to authenticate user  Auth. facilitator node –Central server stores password; servers send information from user to be authenticated by the central server  Note that communication with the central server must be authenticated!

Authentication tokens  RSA SecureID  PIN-protected memory card  Cryptographic smartcards  Aladdin eTokens  Still need a secure protocol!

Biometrics  How much entropy is there?  How private are these?  How reliable are they?  Revocation?

Biometrics  Difficult to use securely –Errors –Non-uniform –Still need a secure protocol…

 How can you securely authenticate yourself to a remote server using your fingerprint?  Trivial solution: Biometric authentication Server User close? Completely vulnerable to eavesdropping!

Better(?) solution Server User A single-bit difference in the scanned fingerprint results in a failed authentication! H(, nonce) nonce h= H(, nonce) h= ?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.