Authentication Technology Alternatives. Mark G. McGovern Chief Technologist Smart Cards, Crypto, Stego, PKI Lockheed Martin

Size: px

Start display at page:

Download "Authentication Technology Alternatives. Mark G. McGovern Chief Technologist Smart Cards, Crypto, Stego, PKI Lockheed Martin"

Dina Johns
5 years ago
Views:

1 Authentication Technology Alternatives Mark G. McGovern Chief Technologist Smart Cards, Crypto, Stego, PKI Lockheed Martin

Passwords Initial response by security and programming experts to deny access to unauthorized persons to the PC and/or network Most fundamental and commonly used access control and authentication

2 Passwords Initial response by security and programming experts to deny access to unauthorized persons to the PC and/or network Most fundamental and commonly used access control and authentication technique General evolution of events User turns on PC or touches keyboard to wake-up system User enters User Name and Password into dialogue box and hits Enter Information sent to Identification flat file and compares user name to password Acceptance or denial returned to PC Advantages Relatively simple to implement Logical and efficient for the user

3 Clear Text Passwords Password authentication was designed to includes two separate distinct parts USER ID specific identification of the user attempting access Password something only the user should know Alice Bob Carol USERNAME PASSWORD mydogsparky Home4Holidays getthejobdone

4 Password Conversions In order to mitigate the storage of clear text passwords, three simple and effective approaches have been implemented Hashing Message Authentication Codes Cryptography

5 Password Hashing Sometimes referred to as a Message Digest, a hash is a one-way mathematical algorithm which produces a fixed length result from a document of almost any size Its fundamental purpose is to produce a digital fingerprint to verify the integrity of information. USERNAME PASSWORD AliceZ c0f1ce0662f4a2f8d86613cf2e7ddc311bcf3bd BobY 6dc04707c1204dac18b73e5b388365deac43f70c CarolW 2a70467b07eb3acfb90944c90e0261a5cb44649d

6 Passwords in MAC Format The Message Authentication Code, or MAC, takes the information offered, in this case the password, hashes it and then encrypts it USERNAME AliceZ BobY CarolW PASSWORD c0f1ce0662f4a2f8d86613cf2e7ddc311bcf3bd 6dc04707c1204dac18b73e5b388365deac43f70c 2a70467b07eb3acfb90944c90e0261a5cb44649d NOTE: The above example is not a real MAC of the Password. It is a copy of the Hash example.

7 Encrypted Passwords Cryptography offers a powerful solution to this dilemma Symmetric Algorithms are usually used for speed. USERNAME AliceZ BobY CarolW PASSWORD 60135d849c2700dc60ffc2606fb947 0c0dd92d4bd8d8ca864441d23e066d8b 7b ce3b2a049acaa0bd3c2

8 Authentication Technologies Attack Pretender Password Theft Response Passwords Hash, MAC Cryptography

9 Authentication Technologies Attack Pretender Password Theft Keyboard Sniffing Response Passwords Hash, MAC Cryptography

10 Authentication Technologies Attack Pretender Password Theft Keyboard Sniffing Response Passwords Hash, MAC Cryptography One-Time Passwords

11 One-Time Passwords (OTP) Developed to stop attacks on user-determined, static passwords and storage Each time a user authenticates to a system, a different password is used after which it is no longer valid There are 2 types of OTP s Hardware token synchronized algorithms are embedded in the PC/Network and the token using either a synchronized clock or challenge response algorithm Software token reside completely on the network

12 Authentication Technologies Attack Pretender Password Theft Keyboard Sniffing Sophisticated Network Attacks Response Passwords Hash, MAC Cryptography One-Time Passwords

13 Smart Cards Perfectly adaptable to access control (both logical and physical) Offers significant information security and processing power for authentication Usually preferred as a contact card for direct interaction exchanging lots of information with the reader/network, contact less capabilities also offer some advantages The card format offers everything on current corporate/government badges with the addition of the embedded computer chip

14 Biometrics A quickly maturing technology that is invaluable in the identifying unique characteristics of an individual Biometric technologies include Fingerprint Face Hand geometry Iris Palm Signature Voice Skin Effectively used as a primary or secondary control for access Fingerprint biometrics are particularly powerful when used with a smart card

15 Public Key Cryptography Public Key Infrastructure (PKI) Public Key Cryptography answers the key quandary of symmetric key distribution with the creation of 2 keys (one public and one private) which are related through one-way mathematical functions. Public Key Infrastructure (PKI) is a combination of standards, protocols, hardware and software designed and architected to maximize the security and power of Public Key Cryptography such as certificates and the ability to offer cryptographic services such as encryption for date and , digital signatures, and access control using extraordinarily complicated keys. The Smart Card is able to keep this power secure and on demand.

16 Authentication Technologies Attack Pretender Password Theft Keyboard Sniffing Sophisticated Network Attacks Response Passwords Hash, MAC Cryptography OTP Smart Cards, Biometrics, PKI

Protecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets

Protecting Information Assets - Week 10 - Identity Management and Access Control MIS5206 Week 10 Identity Management and Access Control Presentation Schedule Test Taking Tip Quiz Identity Management and