Pertemuan 04 Pengamanan Akses Sistem - PowerPoint PPT Presentation

1 / 16
About This Presentation
Title:

Pertemuan 04 Pengamanan Akses Sistem

Description:

Title: Judul Author: Debby Tanamal Last modified by. Created Date: 4/16/2005 3:08:17 AM Document presentation format: On-screen Show Company: Bina Nusantara – PowerPoint PPT presentation

Number of Views:26
Avg rating:3.0/5.0
Slides: 17
Provided by: Debby156
Category:

less

Transcript and Presenter's Notes

Title: Pertemuan 04 Pengamanan Akses Sistem


1
Pertemuan 04 Pengamanan Akses Sistem
  • Matakuliah H0242 / Keamanan Jaringan
  • Tahun 2006
  • Versi 1

2
Learning Outcomes
  • Pada akhir pertemuan ini, diharapkan mahasiswa
    akan mampu
  • Mahasiswa dapat menerapkan keamanan akses sistem

3
Outline Materi
  • Proteksi Password
  • Strategi Password

4
Authentication
  • Verifying the identity of another entity
  • Two interesting cases (for this class)
  • Computer authenticating to another computer
  • Person authenticating to a computer
  • Two issues
  • How authentication information is stored (at both
    ends)
  • Authentication protocol itself

5
Password-based protocols
  • Any password-based protocol is vulnerable to an
    off-line dictionary attack if server is
    compromised
  • Goal password-based protocol should be secure
    against off-line attacks when server is not
    compromised
  • Unfortunately, this has not been the case in
    practice (e.g., telnet, cell phones, etc.)

6
Password selection
  • User selection of passwords is typically very
    weak
  • Lower entropy password makes dictionary attacks
    easier
  • Typical passwords
  • Derived from account names or usernames
  • Dictionary words, reversed dictionary words, or
    small modifications of dictionary word

7
Password Selection
  • Non-alphanumeric characters
  • Longer phrases
  • Can try to enforce good password selection
  • But these types of passwords are difficult for
    people to memorize and type!

8
Centralized Password Storage
  • Authentication storage node
  • Central server stores password servers request
    the password to authenticate user
  • Auth. facilitator node
  • Central server stores password servers send
    information from user to be authenticated by the
    central server
  • Note that central server must be authenticated!

9
Authentication Protocols
  • Server stores H(pw) user sends pw
  • Secure against server compromise, but not
    eavesdropping (or replay attacks)
  • Server stores pw, sends R user sends H(pw,R)
  • Secure against eavesdropping, but not server
    compromise (or dictionary attack)
  • Can we achieve security against both?

10
Authentication of People
  • What you know (passwords)
  • What you have (keys)
  • What you are (biometric devices)
  • Where you are (physical)

11
Access Control
  • State of a system
  • Includes, e.g., current memory contents, all
    secondary storage, contents of all registers,
    etc.
  • Secure states
  • States in which the system is allowed to reside
  • Security policy defines the set of secure states
  • Security mechanism ensures that system never
    leaves secure state

12
Access Control List (ACL)
  • Instead of storing central matrix, store each
    column with the object it represents
  • Stored as pairs (s, r)
  • Subjects not in list have no rights
  • Can use wildcards to give default rights

13
Potential problems
  • What if one process gives capabilities to
    another? (Possibly indirectly)
  • Can lead to security violation
  • One solution assign security classifications to
    capabilities
  • E.g., when capability created, its classification
    is the same as the requesting process
  • Capability contains rights depending on the
    object to which it refers

14
Example
  • Cryptographic key used to encrypt a file
  • A file cannot be read unless the subject has
    the encryption key
  • Can also enforce that requests from n users are
    required in order to read data (and-access), or
    that any of n users are able to read data
    (or-access)

15
Cryptographic secret sharing
  • (t, n)-threshold scheme to share a key
  • Using this to achieve (t, n)-threshold encryption
  • Shamir secret sharing

16
Another example
  • Type checking
  • Label memory locations as either data or
    instructions
  • Do not allow execution of type data
  • Can potentially be used to limit buffer overflows
Write a Comment
User Comments (0)
About PowerShow.com