CSCE 201 Identification and Authentication Fall 2015 Required
- Slides: 29
CSCE 201 Identification and Authentication Fall 2015
Required reading list: – An Introduction to Computer Security: The NIST Handbook, http: //csrc. nist. gov/publications/nistpubs/800 -12/handbook. pdf : Chapter 16, IDENTIFICATION AND AUTHENTICATION, pages 180 -192 l Recommended: – Biometrics, from Wikipedia, the free encyclopedia, http: //en. wikipedia. org/wiki/Biometrics – John the Ripper password cracker http: //www. openwall. com/john/ – Brutus the remote password cracker http: //www. hoobie. net/brutus/ l CSCE 201 - Farkas 2
CSCE 201 - Farkas 3
Identification l Something you know l Something you own l Who you are l What you are l Where you are CSCE 201 - Farkas 4
Identification l Allows an entity (a user or a system) to prove its identity to another entity l Typically, the entity whose identity is verified reveals knowledge of some secret S to the verifier l Strong authentication: the entity reveals knowledge of S to the verifier without revealing S to the verifier CSCE 201 - Farkas 5
Identification Information Must be securely maintained by the system. CSCE 201 - Farkas 6
Authentication l Authentication mechanism: verifies the identification information l Access control mechanism: grant privileges upon successful authentication l Logging: record security relevant events in an audit trail CSCE 201 - Farkas 7
Authentication Requirements l Network must ensure – Data exchange is established with addressed peer entity not with an entity that masquerades or replays previous messages l Network must ensure data source is the one claimed CSCE 201 - Farkas 8
Passwords Commonly used method l For each user, system stores (user name, F(password)), where F is some transformation (e. g. , one-way hash) in a password file l – F(password) is easy to compute – From F(password), password is difficult to compute – Password is not stored in the system l When user enters the password, system computes F(password); match provides proof of identity CSCE 201 - Farkas 9
Vulnerabilities of Passwords l Inherent vulnerabilities – Easy to guess or snoop – No control on sharing l Practical vulnerabilities – Visible if unencrypted in distributed and network environment – Susceptible for replay attacks if encrypted naively l Password advantage – Easy to modify compromised password. CSCE 201 - Farkas 10
Attacks on Password l Guessing attack/dictionary attack l Social Engineering l Sniffing l Trojan login l Van Eck sniffing CSCE 201 - Farkas 11
Social Engineering l Attacker asks for password by masquerading as somebody else (not necessarily an authenticated user) l May be difficult to detect l Protection against social engineering: strict security policy and users’ education CSCE 201 - Farkas 12
Password Management Policy l Educate users to make better choices l Define rules for good password selection and ask users to follow them l Ask or force users to change their password periodically l Actively attempt to break user’s passwords and force users to change broken ones l Screen password choices CSCE 201 - Farkas 13
One-time Password Use the password exactly once! CSCE 201 - Farkas 14
Time Synchronized l There is a hand-held authenticator – It contains an internal clock, a secret key, and a display – Display outputs a function of the current time and the key – It changes about once per minute User supplies the user id and the display value l Host uses the secret key, the function and its clock to calculate the expected output l Login is valid if the values match l CSCE 201 - Farkas 15
Time Synchronized Secret key Encryption Time One Time Password CSCE 201 - Farkas 16
Challenge Response • Non-repeating challenges from the host is used • The device requires a keypad Work station Network Host User ID Challenge Response CSCE 201 - Farkas 17
Challenge Response Secret key Challenge Encryption One Time Password CSCE 201 - Farkas 18
Devices with Personal Identification Number (PIN) l Devices are subject to theft, some devices require PIN (something the user knows) l PIN is used by the device to authenticate the user l Problems with challenge/response schemes – Key database is extremely sensitive – This can be avoided if public key algorithms are used CSCE 201 - Farkas 19
Smart Cards l Portable devices with a CPU, I/O ports, and some nonvolatile memory l Can carry out computation required by public key algorithms and transmit directly to the host l Some use biometrics data about the user instead of the PIN CSCE 201 - Farkas 20
Biometrics l Fingerprint l Retina scan l Voice pattern l Signature l Typing style CSCE 201 - Farkas 21
Problems with Biometrics l Expensive – Retina scan (min. cost) about $ 2, 200 – Voice (min. cost) about $ 1, 500 – Signature (min. cost) about $ 1, 000 l False readings – Retina scan 1/10, 000+ – Signature 1/50 – Fingerprint 1/500 l Can’t be modified when compromised CSCE 201 - Farkas 22
Home Computer Security CSCE 201 - Farkas 23
Problem: You don’t remember your password Solutions: 1. Verify that you have typed the letters of your password in the correct case 2. Access a password hint on the Welcome screen 3. Use a password reset disk 4. Log on as administrator to assign a new password to your account CSCE 201 - Farkas 24
Password Case Sensitivity l Check CAPS LOCK key Question: Why do you want to use combination of symbols for your password? CSCE 201 - Farkas 25
Using the Password Reset Disk Create a password reset disk for your user account at the earliest opportunity l How to use the password reset disk l – Microsoft Windows remembers if you have created a password reset disk. Just click use your password reset disk – Follow the instructions of the Password Reset Wizard Question: Why should you safeguard your password reset disk? CSCE 201 - Farkas 26
Use a Password Hint Create a password hint: – Log on to your computer – Click Start, and then click Control Panel – Double-click User Accounts – Click your user account, and then click Change my password – Enter your current password, enter a new password, and then enter the new password again to confirm it – Enter the password hint, and then click Change Password – The change will take effect the next time that you log on l To display the hint, click the question mark (? ) that is next to your user account l CSCE 201 - Farkas 27
Create a Password Reset Disk l l l Click Start, and then click Control Panel Double-click User Accounts Click your user account, and then click Prevent a forgotten password. The Forgotten Password Wizard starts Follow the instructions NOTE: A password reset disk is valid until you create a new one; even if you change your password CSCE 201 - Farkas 28
Next Class Cyber stalking, Fraud and Abuse CSCE 201 - Farkas 29
- Peer entity authentication and data origin authentication
- Iff
- Positive identification example
- Math portfolio project
- Authentication in cryptography and network security
- Public key cryptography and message authentication
- X.509 authentication service
- Difference between law and ethic
- Kerberos x.509
- Authentication filters in mvc 5
- Authentication authorization auditing
- Grid security infrastructure
- What is message authentication code
- Kerberos x.509
- Csce 221 tamu syllabus
- Csce 314
- Csce 314
- Csce 314 tamu
- Csce 314
- Csce 314
- Csce 314
- Csce 481 tamu
- Csce 181
- Csce 181
- Csce 181
- Csce 121 tamu
- Csce 411
- Csce 355
- Csce 355
- Dropbox csce