Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authentication. Terminology  Authentication التثبت من الهوية  Access Control (authorization) التحكم في الوصول  Note the difference between the two.

Similar presentations


Presentation on theme: "Authentication. Terminology  Authentication التثبت من الهوية  Access Control (authorization) التحكم في الوصول  Note the difference between the two."— Presentation transcript:

1 Authentication

2 Terminology  Authentication التثبت من الهوية  Access Control (authorization) التحكم في الوصول  Note the difference between the two notions.

3 Authentication  Something you know –user name and password, PIN, secret code, …  Something you have –ID card, smart card, cell phone, ATM card, digital certificate …  Something you are –fingerprint, iris, DNA … (or combinations of the above)

4 Authentication  How to authenticate an entity? –user name and passwords. –password must be sent over a secure connection! –In case of insecure connection: Challenge/Response protocol 1.The authenticator sends a "challenge" message to the peer. 2.The peer responds with a value calculated using a one-way hash function 3.The authenticator checks the response against its own calculation of the expected hash value. If the values match, the authentication succeeds; otherwise it fails. 4.(for additional security) At random intervals, the authenticator sends a new challenge to the peer, and repeats steps 1-3.

5 Other Types of Authentication  Shared-secret based –both parties share a secret key (or phrase)  Mutual authentication –both parties authenticate each other

6 Simple shared-secret based cryptographic authentication

7 Mutual authentication

8 Other methods of authentication  Digital Certificates –as we saw earlier in class –similar to “challenge/response” protocol  Biometrics –scan fingerprint (etc.). convert to template. Compare templates. –most biometric measures are not precise. –(level of matching) CA Digital Certificate


Download ppt "Authentication. Terminology  Authentication التثبت من الهوية  Access Control (authorization) التحكم في الوصول  Note the difference between the two."

Similar presentations


Ads by Google