Presentation is loading. Please wait.

Presentation is loading. Please wait.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz."— Presentation transcript:

1 CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz

2 Password-based protocols  Any password-based protocol is potentially vulnerable to an “on-line” dictionary attack –On-line attacks can be detected and limited –How?  Off-line attacks can never be prevented, but protocols can be made secure against such attacks  Any password-based protocol is vulnerable to off- line attack if the server is compromised –Once the server is compromised, why do we care?

3 Password-based protocols  Best: Use a password-based protocol which is secure against off-line attacks when server is not compromised –Unfortunately, this has not been the case in practice (e.g., telnet, cell phones, etc.) –This is a difficult problem!

4 Password storage  In the clear…  Hash of password (done correctly) –Doesn’t always achieve anything! –Makes adversary’s job harder –Potentially protects users who choose good passwords  “Salt”-ed hash of password –Makes bulk dictionary attacks harder, but no harder to attack a particular password  Encrypted passwords? (What attack is this defending against?)  Centralized server stores password  Threshold password storage

5 Centralized password storage  Authentication storage node –Central server stores password; servers request the password to authenticate user  Auth. facilitator node –Central server stores password; servers send information from user to be authenticated by the central server  Note that communication with the central server must be authenticated!

6 Authentication tokens  RSA SecureID  PIN-protected memory card  Cryptographic smartcards  Aladdin eTokens  Still need a secure protocol!

7 Biometrics  How much entropy is there?  How private are these?  How reliable are they?  Revocation?

8 Biometrics  Difficult to use securely –Errors –Non-uniform –Still need a secure protocol…

9  How can you securely authenticate yourself to a remote server using your fingerprint?  Trivial solution: Biometric authentication Server User close? Completely vulnerable to eavesdropping!

10 Better(?) solution Server User A single-bit difference in the scanned fingerprint results in a failed authentication! H(, nonce) nonce h= H(, nonce) h= ?

Download ppt "CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz."

Similar presentations

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –

Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.

Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 15 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 15 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

Similar presentations

Ads by Google