Lecture 19 Page 1 CS 111 Online Authentication for Operating Systems What is authentication? How does the problem apply to operating systems? Techniques.

Slides:



Advertisements
Similar presentations
Lecture 6 User Authentication (cont)
Advertisements

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
CS470, A.SelcukAuthentication Systems1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Security-Authentication
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
Security systems need to be able to distinguish the “white hats” from the “black hats”. This all begins with identity. What are some common identifiers.
Lecture 19 Page 1 CS 111 Online Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 On-Line MS Program Operating.
Lecture 18 Page 1 CS 111 Spring 2015 Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 Operating Systems.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
CIS 450 – Network Security Chapter 8 – Password Security.
Chapter-2 Identification & Authentication. Introduction  To secure a network the first step is to avoid unauthorized access to the network.  This can.
CSCE 201 Identification and Authentication Microsoft support Fall 2010.
10/8/20151 Computer Security Authentication. 10/8/20152 Entity Authentication Entity Authentication is the process of verifying a claimed identity It.
Identification and Authentication University of Sunderland COM380 Harry R. Erwin, PhD.
1 Lecture 8: Authentication of People what you know (password schemes) what you have (keys, smart cards, etc.) what you are (voice recognition, fingerprints,
Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
G53SEC 1 Authentication and Identification Who? What? Where?
Lecture 7 Page 1 CS 236, Spring 2008 Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know.
CSCE 522 Identification and Authentication. CSCE Farkas2Reading Reading for this lecture: Required: – Pfleeger: Ch. 4.5, Ch. 4.3 Kerberos – An Introduction.
Privacy versus Authentication Confidentiality (Privacy) –Interceptors cannot read messages Authentication: proving the sender’s identity –The Problem of.
G53SEC 1 Authentication and Identification Who? What? Where?
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
Lecture 7 Page 1 CS 236 Online Authentication CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Authentication Lesson Introduction ●Understand the importance of authentication ●Learn how authentication can be implemented ●Understand threats to authentication.
Authentication What you know? What you have? What you are?
COEN 351 Authentication. Authentication is based on What you know Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card.
Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.
CSCE 201 Identification and Authentication Fall 2015.
Lecture 15 Page 1 CS 236 Online Evaluating Running Systems Evaluating system security requires knowing what’s going on Many steps are necessary for a full.
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
My topic is…………. - It is the fundamental building block and the primary lines of defense in computer security. - It is a basic for access control and.
Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.
Lecture 3 Page 1 CS 236 Online Introduction to Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 5 Page 1 CS 236 Online More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
By Kyle Bickel. Road Map Biometric Authentication Biometric Factors User Authentication Factors Biometric Techniques Conclusion.
Access control Presented by: Pius T. S. : Christian C. : Gabes K. : Ismael I. H. : Paulus N.
Lecture 7 Page 1 CS 236, Spring 2008 Authentication CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Lecture 7 Page 1 CS 136, Fall 2011 Authentication CS 136 Computer Security Peter Reiher October 13, 2011.
7/10/20161 Computer Security Protection in general purpose Operating Systems.
CSCE 522 Identification and Authentication
Challenge/Response Authentication
Outline The basic authentication problem
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
Authentication CS 136 Computer Security Peter Reiher October 18, 2012
Challenge/Response Authentication
Password Management Limit login attempts Encrypt your passwords
Outline Introduction Basic authentication mechanisms
Authentication CS 136 Computer Security Peter Reiher October 15, 2013
Authentication Computer Security Peter Reiher April 19, 2016
Authentication CS 136 Computer Security Peter Reiher January 28, 2010
Authentication Computer Security Peter Reiher January 31, 2017
Authentication CS 136 Computer Security Peter Reiher April 21, 2009
Computer Security Authentication
CS703 - Advanced Operating Systems
Computer Security Protection in general purpose Operating Systems
Outline Introduction Basic authentication mechanisms.
COEN 351 Authentication.
Outline Introduction Basic authentication mechanisms.
Presentation transcript:

Lecture 19 Page 1 CS 111 Online Authentication for Operating Systems What is authentication? How does the problem apply to operating systems? Techniques for authentication in operating systems

Lecture 19 Page 2 CS 111 Online What Is Authentication? Determining the identity of some entity – Process – Machine – Human user Requires notion of identity – One implication is we need some defined name space And some degree of proof of identity

Lecture 19 Page 3 CS 111 Online Where Do We Use Authentication in the OS? Typically users authenticate themselves to the system Their identity tends to be tied to the processes they create – OS can keep track of this easily Once authenticated, users (and their processes) typically need not authenticate again – One authentication per session, usually Distributed systems greatly complicate things

Lecture 19 Page 4 CS 111 Online Authentication Mechanisms Something you know – E.g., passwords Something you have – E.g., smart cards or tokens Something you are – Biometrics Somewhere you are – Usually identifying a role

Lecture 19 Page 5 CS 111 Online Passwords Authentication by what you know One of the oldest and most commonly used security mechanisms Authenticate the user by requiring him to produce a secret – Usually known only to him and to the authenticator

Lecture 19 Page 6 CS 111 Online Problems With Passwords They have to be unguessable – Yet easy for people to remember If sent over the network, susceptible to password sniffers Unless fairly long, brute force attacks often work on them

Lecture 19 Page 7 CS 111 Online Handling Passwords The OS must be able to check passwords when users log in So must the OS store passwords? Not really – It can store an encrypted version Encrypt the offered password – Using a one-way function – E.g., a secure hash algorithm like SHA1 And compare it to the stored version Why use a one-way function, instead of, say, AES or some other symmetric algorithm?

Lecture 19 Page 8 CS 111 Online Is Encrypting the Password File Enough? What if an attacker gets a copy of your password file? No problem, the passwords are encrypted – Right? Yes, but...

Lecture 19 Page 9 CS 111 Online Dictionary Attacks Dictionary aardvark340jafg; Now you can hack the Communist Manifesto! Harpo2st6’sG0 ZeppoG>I5{as3 Chicow*-;sddw Karl sY(34,ee GrouchoWe6/d02, Gummo3(;wbnP] sY(34,ee Rats!!!! aardwolf K]ds+3a,abaca sY(34,ee abaca is Karl Marx’s password!

Lecture 19 Page 10 CS 111 Online Salted Passwords A technique to combat dictionary attacks Combine the plaintext password with a random number – Then run it through the one-way function The random number need not be secret It just has to be different for different users You store the salt integer with the password – Generally in plaintext If the attacker steals the password file, won’t he get the salt values in plaintext, too? Why is this OK? (Or at least OK-ish?) Why don’t we need to encrypt the stored salts?

Lecture 19 Page 11 CS 111 Online Did It Fix Our Problem? beard D0Cls6& )#4,doa8 aardvark340jafg; aardwolfK[ds+3a, abacasY(34,ee... beard^*eP61a- Karl Marx Charles Darwin Karl MarxCharles Darwin

Lecture 19 Page 12 CS 111 Online Are My Passwords Safe Now? If I salt and encrypt them, am I OK? Depends on the quality of the passwords chosen Attacker can still perform dictionary attacks on an individual password, with its salt If the password isn’t in the dictionary, no problem If it is, the attack succeeds Which is why password choice is important

Lecture 19 Page 13 CS 111 Online Password Selection Generally, long passwords chosen from large character sets are good Short passwords chosen from small character sets are bad How long? – A matter of time – Moore’s law forces us to make them ever longer What’s a large character set? – Upper and lower case letters, plus numbers, plus symbols (like ^

Lecture 19 Page 14 CS 111 Online Authentication Devices Authentication by what you have A smart card or other hardware device that is readable by the computer – Safest if device has some computing capability – Rather than just data storage Authenticate by providing the device to the computer More challenging when done remotely, of course

Lecture 19 Page 15 CS 111 Online Authentication With Smart Cards How can the server be sure of the remote user’s identity? challenge E(challenge) Authentication verified! By proper use of cryptography

Lecture 19 Page 16 CS 111 Online Problems With Authentication Devices If lost or stolen, you can’t authenticate yourself – And maybe someone else can – Often combined with passwords to avoid this problem Unless cleverly done, susceptible to sniffing attacks Requires special hardware There have been successful attacks on some smart cards

Lecture 19 Page 17 CS 111 Online Biometric Authentication Authentication based on who you are Things like fingerprints, voice patterns, retinal patterns, etc. To authenticate, allow the system to measure the appropriate physical characteristics Biometric measurement converted to binary and compared to stored values – With some level of match required

Lecture 19 Page 18 CS 111 Online Problems With Biometrics Requires very special hardware May not be as foolproof as you think Many physical characteristics vary too much for practical use – Day to day or over long periods of time Generally not helpful for authenticating programs or roles What happens when it’s cracked? – You only have two retinas, after all

Lecture 19 Page 19 CS 111 Online Characterizing Biometric Accuracy How many false positives? Match made when it shouldn’t have been Versus how many false negatives? Match not made when it should have been Errors Sensitivity False Positive Rate False Negative Rate The Crossover Error Rate (CER) Generally, the higher the CER is, the better the system

Lecture 19 Page 20 CS 111 Online Some Typical Crossover Error Rates TechnologyRate Retinal Scan1:10,000,000+ Iris Scan1:131,000 Fingerprints1:500 Facial Recognition1:500 Hand Geometry1:500 Signature Dynamics1:50 Voice Dynamics1:50 Data as of 2002 Things can improve a lot in this area over time Also depends on how you use them And on what’s important to your use

Lecture 19 Page 21 CS 111 Online A Biometric Cautionary Tale A researcher in Japan went out and bought some supplies from a hobby store (in 2002) He used them to create gummy fingers – With gummy fingerprints With very modest tinkering, his gummy fingers fooled all commercial fingerprint readers Maybe today’s readers are better – Maybe not...

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.