Ch 12 Authentication Dr Wayne Summers Department of

  • Slides: 8
Download presentation
Ch. 12 – Authentication Dr. Wayne Summers Department of Computer Science Columbus State University

Ch. 12 – Authentication Dr. Wayne Summers Department of Computer Science Columbus State University Summers_wayne@colstate. edu http: //csc. colstate. edu/summers

Authentication Basics ¨ Authentication – binding of an identity to a subject – What

Authentication Basics ¨ Authentication – binding of an identity to a subject – What the entity knows (passwords) – What the entity has (badge, card) – What the entity is (fingerprints, retinal scan) – Where the entity is (phone #) 2

Passwords ¨ Password – information associated with an entity that confirms the entity’s identity

Passwords ¨ Password – information associated with an entity that confirms the entity’s identity ¨ Goal of authentication system is to ensure that entities are correctly identified – Hide enough information so that either the authentication information, the complementary information, or the complementation function cannot be found – Prevent access to the authentication functions 3

Attacking a Password System ¨ Dictionary attack – guessing of a password by repeated

Attacking a Password System ¨ Dictionary attack – guessing of a password by repeated trial and error – Type 1 – complementary information and complementary functions are available – Type 2 – if either comp. info. or comp. functions are unavailable, then authentication functions may be used 4

Passwords ¨ Random selection of passwords ¨ Pronounceable and Other Computer-Generated Passwords ¨ User

Passwords ¨ Random selection of passwords ¨ Pronounceable and Other Computer-Generated Passwords ¨ User Selection of Passwords (see page 316) – Proactive password checker – software that enforces specific restrictions on the selection of new passwords (see page 318) ¨ Reusable Passwords and Dictionary Attacks – Salting – choice of complementation function is a function of randomly selected data 5

Passwords ¨ Guessing Through Authentication Functions – Exponential backoff – Disconnection – Disabling –

Passwords ¨ Guessing Through Authentication Functions – Exponential backoff – Disconnection – Disabling – Jailing (honeypots) ¨ Password Aging – Password be changed after some period of time or event 6

Challenge-Response ¨ Pass Algorithms – Challenge-response authentication system in which the function is secret

Challenge-Response ¨ Pass Algorithms – Challenge-response authentication system in which the function is secret ¨ One-Time Passwords – Password that is invalidated as soon as it is used ¨ Hardware-Supported Challenge-Response Procedures ¨ Challenge-Response and Dictionary Attacks 7

Biometrics ¨ Fingerprints ¨ Voices ¨ Eyes ¨ Faces ¨ Keystrokes ¨ Cominations 8

Biometrics ¨ Fingerprints ¨ Voices ¨ Eyes ¨ Faces ¨ Keystrokes ¨ Cominations 8

MAKE THIS SUMMERS STAFF Into next summers leadershipMAKE THIS SUMMERS STAFF Into next summers leadership
Lola Summers Lola Summers SHE HE IT WELola Summers Lola Summers SHE HE IT WE
Integrity Policies Dr Wayne Summers Department of ComputerIntegrity Policies Dr Wayne Summers Department of Computer
Chapter 23 Vulnerability Analysis Dr Wayne Summers DepartmentChapter 23 Vulnerability Analysis Dr Wayne Summers Department
Chapter 21 Evaluating Systems Dr Wayne Summers DepartmentChapter 21 Evaluating Systems Dr Wayne Summers Department
Advanced System Security Dr Wayne Summers Department ofAdvanced System Security Dr Wayne Summers Department of
Chapter 23 Vulnerability Analysis Dr Wayne Summers DepartmentChapter 23 Vulnerability Analysis Dr Wayne Summers Department