Authentication Technologies Authentication Mechanisms Something you know Something
- Slides: 12
Authentication Technologies • Authentication Mechanisms – Something you know – Something you have – Something you are • Features – Authenticator & Base secret – Verifier – Verification Procedure 1
What you know • Password/PIN – Authenticator & verifier – String comparison – Hashing? – Risks? 2
What you have • Smart/Swipe cards • Large base secret • Risks? – Compared to Passwords? 3
What you are: Biometrics • Identification: – Who are you? – Template/model comparison – “One-to-many” search – Choose most likely • Verification – Is this you? – Template/model measure – “One-to-one” search – Thresholding 4
Subversion • “As a general rule, if an authentification system is made by humans, it can be defeated by humans” • Multifactor Authentication? • Next: Risks & Attacks 5
Risks • Masquerade • Multiple Identities • Identity Theft 6
Attacks • Trial and Error – Passwords – Cards – Biometrics • Replication • Theft • Digital Spoofing 7
Vulnerability • Average attack space – Number of attacks to have 50% chance of succes • False Acceptance Rate (FAR/FMR) – Percentage of successful attacks by imposter 8
Defences • Trial and Error – Increase size of base secret – Limit guesses – Biometrics • Tighten match criterion • False Rejection Rate (FRR/FNMR) • Replication – Liveness test? • Theft – Add PINs or biometrics • Digital Spoofing – Cryptography 9
Deployment Issues • Enrolment – Establish the verifier – Security concerns? – Self-enrollment – Supervised enrolment • Maintenance – Password aging • Human memory! – Physical change • Revocation 10
Operational Problems • Forgetting Passwords – Cost of reset • Loss or aging of devices • Injury to biometric traits – Use redundancy 11
Economics • Software • Hardware • Enrollment costs – Administrator – User • Per-use cost • Maintenance costs • System downtime costs • Revocation costs 12
- Smart is something you become not something you are
- A 25 gram paper cup falls from rest
- How to determine if something is alive
- How do you know if something is living
- Peer entity authentication and data origin authentication
- Iff
- Know history know self
- Dilan gorur
- Nothing formed against me shall stand
- So you think you know minecraft
- Heppy nod
- Personification in the raven
- If you're blue and don't know where to go