TMK 264: COMPUTER SECURITY - PowerPoint PPT Presentation

1 / 21
About This Presentation
Title:

TMK 264: COMPUTER SECURITY

Description:

TMK 264: COMPUTER SECURITY CHAPTER 4: AUTHENTICATION Prepared By: Razif Razali * – PowerPoint PPT presentation

Number of Views:62
Avg rating:3.0/5.0
Slides: 22
Provided by: yola179
Category:

less

Transcript and Presenter's Notes

Title: TMK 264: COMPUTER SECURITY


1
TMK 264 COMPUTER SECURITY
  • CHAPTER 4 AUTHENTICATION

2
INTRODUCTION
  • An operating system bases much of its protection
    on knowing who a user of the system is.
  • In real-life situations, people commonly ask for
    identification from people they do not know a
    bank employee may ask for a drivers license
    before cashing a check, library employees may
    require some identification before charging out
    books, and immigration officials ask for passport
    as proof of identity.

3
INTRODUCTION
  • In computing, the choice are more limited and the
    possibilities less secure.
  • Anyone can attempt to log in to a computing
    system.
  • Unlike the professor who recognizes a student
    voice, the computer cannot recognize electrical
    signals from one person as being any different
    from those of anyone else.

4
USER AUTHENTICATION
  • User authentication (identity verification)
  • convince system of your identity
  • before it can act on your behalf
  • Sometimes also require that the computer verify
    its identity with the user
  • User authentication is based on three
    qualities/methods that always used to confirm the
    user identity
  • Something the user knows.
  • Something the user has.
  • Something the user is.
  • All then involve some validation of information
    supplied against a table of possible values based
    on users claimed identity.

5
USE OF PASSWORD
  • The most common authentication mechanism for user
    to operating system is a password. a word known
    to computer and user.
  • Prompt user for a login name and password.
  • Verify identity by checking that password is
    correct
  • On some (older) systems, password was stored in
    the clear (this is now regarded as insecure,
    since breaking compromises all users of the
    system)
  • More often use a one-way function, whose output
    cannot easily be used to find the input value
  • Either takes a fixed sized input (Example 8
    characters)
  • Or based on a hash function to accept a variable
    sized input to create the value
  • Important that passwords are selected with care
    to reduce risk of exhaustive search
  • The use of password is fairly straightforward.

6
(No Transcript)
7
ATTACKS ON PASSWORDS
  • How secure are password themselves? Passwords are
    somewhat limited as protection devices because of
    the relatively small number of bits of
    information they contain.
  • Here are some ways you might be able to determine
    a users password
  • Try all possible passwords.
  • Try many probable passwords.
  • Try passwords likely for the user.
  • Search for the system list of passwords.
  • Ask the user.
  • These suggestion are arranged in decreasing order
    of difficulty the later ones are, or at least
    should be, less likely to succeed.

8
(No Transcript)
9
PASSWORD LIKELY FOR A USER
  • If Sandy is selecting a password, she is probably
    not choosing a word completely at random.
  • Most likely Sandys password is something
    meaningful to her.
  • People typically choose personal password, such
    as the name of s spouse, a child, a brother or
    sister, a pet, a street name or something
    memorable or familiar.
  • Here are some of the steps on guessing password
  • No password
  • The same as the user ID
  • Derived from the users name
  • Common word list plus common names and pattern.
  • Short college dictionary
  • Complete English word list

10
USER PASSWORD CHOICE
11
PASSWORD SELECTION CRITERIA
  • Use characters other than just A-Z.
  • Choose long password.
  • Avoid actual names or words.
  • Choose an unlikely password.
  • Change the password regularly.
  • Dont write it down
  • Dont tell anyone else.

12
ONE TIME PASSWORDS
  • Also known as One-Shot Password.
  • One-Time Password is one that changes every time
    it is used.
  • One problem with traditional passwords is caused
    by eavesdropping their transfer over an insecure
    network.
  • One possible solution is to use one-shot
    (one-time) passwords
  • These are passwords used once only
  • Future values cannot be predicted from older
    values
  • Generally, one shot password is good only for
    infrequent access

13
AUTHENTICATION PROCESS
  • User authentication is a serious issue that
    becomes even more serious when unacquainted users
    seek to share facilities by means of computer
    network.
  • A user who receives a message of INCORRECT LOGIN
    will carefully retype the login again.
  • Some authentication process or procedures are
    slow.
  • The traditional authentication device is the
    password.
  • Some sophisticated authentication devices are now
    available. These devices include
  • Handprint detectors
  • Voice recognizers
  • Identifiers of patterns in the retina

14
COOKIES
  • Cookies are small files that are written to the
    hard disk by many of the web site that have been
    visited.
  • A message given to a Web browser by a Web server
    and it stores the message in a text file.
  • The main purpose of cookies is to identify users
    and possibly prepare customized Web pages for
    them.
  • These are tokens that are attached to a user or
    program and change depending on the areas entered
    by the user or program.
  • For example, online retail sites use cookies to
    implement shopping charts, which enable you to
    make selections on shopping activities.
  • Several Internet and networks, such as
    DoubleClick, use cookies to track users browsing
    actions across thousands of the most popular
    Internet sites.

15
(No Transcript)
16
KERBEROS
  • A system that supports authentication in
    distributed systems developed by Massachusetts
    Institute of Technology (MIT).
  • Used for authentication between intelligent
    processes, such as client--server tasks, or a
    users workstation to other hosts.
  • Provides centralized third-party authentication
    in a distributed network
  • KDC provides non-corruptible authentication
    credentials (tickets or tokens)
  • Kerberos builds on symmetric key cryptography and
    requires a trusted third party

17
Example of Kerberos System
18
Advantages of KERBEROS
  • No password communicated on the network.
  • Cryptographic protection against spoofing.
  • Limited period of validity.
  • Timestamps to prevent replay attacks.
  • Mutual authentication
  • Prevent eavesdropping
  • Ensure the integrity of data

19
BIOMETRICS
20
BIOMETRICS AUTHENTICATION
  • Biometric are appealing for authentication in
    principle they are immune to forgery, cannot be
    forgotten or misplaced and compared favorably to
    password in their discrimination.
  • A biometric authentication should follow three of
    the characteristics above
  • Easy to use
  • No threatening
  • Non discriminating
  • Article on Biometric

21
CONCLUSIONS
  • Definitions
  • Authentications
  • Passwords
  • Biometrics
  • User Authentications
  • Passwords
  • One Time Passwords
  • Passwords Selection Criteria
  • User Password Choices
  • Attacks on Password
  • Authentication Process
  • Examples of Authentication System KERBEROS
  • Biometric Authentication
Write a Comment
User Comments (0)
About PowerShow.com