Authentication systems. Authentication methodologies. User authentication. Authentication systems (auth - april 2011)
|
|
- Hortense Jordan
- 5 years ago
- Views:
Transcription
1 Authentication systems Diana Berbecaru < polito.it > Politecnico di Torino Dip. Automatica e Informatica Authentication methodologies can be based on different factors ( 1/2/3-factors authentication ): something I know pippo! (e.g. a password) something I have (e.g. magnetic card) something I am (e.g. my fingerprint) multiple different mechanisms can be combined to achieve identification User authentication UID : f (S UID ) authentication request UID proof request proof = F (S UID ) user (UID) secret (S UID ) 1
2 Password-based authentication secret = the user password F = I (the identity function) case #1: f = I access control: proof = password? case #2: f = one-way hash function H access control: F(proof) = F(S UID )? Password-based authentication: case#1 UID : S UID authentication request UID proof request proof = S UID user (UID) secret (S UID ) checks if indeed proof = password (= S UID ) Password-based authentication: case#2 authentication request UID user (UID) UID : H(S UID ) checks if indeed proof = H(S UID ) proof request proof = H(S UID ) secret (S UID ) computes proof = H(S UID ) 2
3 Password-based authentication pro: simple for the user cons: password storage (post-it!) password readable during transmission i password guessable (my son s name!) the must know in cleartext the password or its digest unprotected (dictionary attack) possible attacks: sniffing and replay Password suggestions to reduce the associated risks: letters + digits + special characters long (at least 8 characters) never use dictionary words frequently changed (but not too frequently!) don t use them :-) use of at least one password (or PIN or access code or...) unavoidable unless we use biometric techniques (Symmetric) challenge-response systems a challenge (typically a random number) is sent to the user who replies with the solution after a computation involving the shared secret and the challenge the must know the secret in clear often R is a hash function UID user challenge response = R (challenge, S UID ) { UID, S UID } S UID 3
4 Symmetric challenge-response systems authentication request UID user (UID) proof request + challenge UID : S UID proof secret (S UID ) checks if indeed proof = H(challenge,S UID ) computes proof = H(challenge, S UID ) (Asymmetric) challenge-response systems a random number R is encrypted with the user's public key and the users replies by sending R in clear thanks to its knowledge of the private key cert (Lioy, KpubLioy) user challenge = E (R, KpubLioy) acceptable users response = R private key Risks with asymmetric challenges trust in the issuer CA of the user cert check of the name constraint on trusted CAs unwilling RSA signature possible: if R=digest(document)... and dthe sends Ri in clear and ask kitb back encrypted with user s private key... then the user has unwillingly signed the document!!! 4
5 One-Time Passwords (OTP) original idea: Bell Labs the S/KEY system (RFC 1760) public-domain implementation commercial implementations with automatic hardware generators (authenticator) OTP provisioning to the users on stupid or insecure workstation: paper sheet of pre-computed passwords hardware authenticator (crypto token) on intelligent and secure workstation : automatically ti computed by an ad-hoc application eventual integration into the communication sw (e.g. telnet client) or hw (e.g. modem) OTP problems generally uncomfortable uncomfortable when used to access multiple password-based services (e.g. POP with periodic check of the mailbox) expensive when based on hw authenticators paper-based passwords cannot be used by a process but only by a human operator 5
6 Problems of hw authenticators denial-of-service: deliberately wrong attempts to trigger account blocking social engineering: phone call to simulate loss of the authenticator and remotely initialize a new one Security Dynamics: SecurID time-based synchronous OTP technique: P UID ( t ) = h ( S UID, t ) access code ( token-code ): 8 digits random, never repeats itself changes every 60 s maximum drift 15 s / year expires in 4 years based on proprietary and secret (!) hash algorithm SecurID: architecture the client sends in clear user, PIN, token-code (seed, time) based on user and PIN the verifies against three possible token-codes: TC -1, TC 0, TC +1 duress code: PIN to generate an alarm (useful for authentication under threat) wrong authentication attempts limited (default: 10) may have three different keys per device 6
7 SecurID: hardware SecurID Card: classic device (credit-card size) SecurID PinPad: local PIN keying and then only user and token-code* are sent to the SecurID Key Fob: usable as a key fob SecurID modem: PCMCIA-II II V.34 modem with an internal token activated via sw by introducing the PIN RSA SecurID - Token token available in various models, but all with the same functionality: generate tokencode with integrated smartcard (SID800), pinpad (SD520), software version (SoftID) SecurID: architecture ACE token OK? token OK? ACE client OK! KO! ACE client TELNET DBMS user, PIN, TC user, TC* TELNET client SecurID (normal) DBMS client SecurID (pinpad) 7
8 Example RSA SecureID SecurID: client ACE/client manages the dialogue with the ACE/ encrypted channel sd_ftp for secure FTP available for: Unix Win32 Netware Macintosh TACACS SecurID: ACE/: authentication with SecurID tokens monitor, audit and report GUI management interface authentication API SQL interface to access a DBMS (already) storing the user data large commercial support in security (e.g. firewall) and communication (e.g. comm. ) products available for Solaris, AIX, HP-UX, NT, 2000, XP 8
9 CRYPTOCard challenge-response mechanism based on DES-CBC single product: RB-1 card 8 digits (hex, dec) LCD display user-replaceable battery (change every 3-4 years) to avoid inserting the challenge, can store the last one and automatically compute the next one for Unix and Windows (Radius, Tacacs+) CRYPTOcard: hardware Biometric systems measure of one biologic characteristics of the user main characteristics being used: fingerprint voice retinal scan iris scan useful to *locally* replace a PIN or a password 9
10 Problems of biometric systems FAR = False Acceptance Rate FRR = False Rejection Rate FAR and FRR may be partly tuned but they heavily depend on the cost of the device variable biological characteristics: finger wound voice altered due to emotion retinal blood pattern altered due to alcohol or drug FAR / FRR Kerberos authentication system (not authorization) trusted key system initially developed as part of MIT project Athena provides centralised private-key third-party authentication in a distributed network allows users access to services distributed through network without needing to trust all workstations rather all trust a central authentication two versions in use: 4 & 5 10
11 Kerberos authentication service only; accounting and audit service were never implemented applies to an open distributed environment in which users at workstations wish to access services on s distributed throughout the network s need to be able to restrict the access to authorized users and to authenticate requests for service workstations cannot be trusted to identify its users correctly to network service Kerberos (cont.) threats: a user may gain access to a particular workstation and pretend to be another user operating from that workstation a user may alter the network address of a workstation so that the requests sent from the altered workstation appear to come from the impersonated workstation a user may eavesdrop on exchanges and use a replay attack to gain entrance to a or to disrupt operations unwanted result:=> unauthorized user would gain access to services/data she is not authorized to Kerberos (cont.) s must confirm the identities of clients undertaking this task in an open environment places a significant burden on solution: use an authentication (AS) knows the password of all users (stored in a DB) knows the password of all users (stored in a DB) shares a unique secret key (e.g. s) with each in the Kerberos domain, that is the set of systems that use Kerberos as authentication system (distributed physically or in some other secure manner) 11
12 Kerberos (simple authentication dialog) K S AS Authentication Server {TGT} s request client user ID, {TGT} s (application) Kerberos (simple authentication dialog) request: (user s ID, s ID, user s password) AS checks its user DB: whether user supplied the correct password for this user ID whether this user is permitted access to => AS accepts the user as authentic and must convince the (application) creates {TGT} s : (user s ID, network address, s ID) encrypted with the shared secret s client cannot forge {TGT} s : verifies user ID in {TGT} s = (sent) user ID? Kerberos (simple authentication dialog) problems: user password sent in clear supposing each ticket can be used only once, the user need to insert the password for each access request (e.g. to mail, file, etc) solution: use a Ticket Granting Server (TGS) AS sends to client a ticket-granting ticket (TGT) demonstrating the user is authorized to receive a ticket for a service only the legitimate user can recover TGT but cannot alter because it is encrypted (by AS) with TGS s secret key TGT is used to authenticate user to TGS and get a servicegranting ticket (Ts) for a particular service 12
13 Kerberos ticket (TGT, Ts) ticket data structure to authenticate a client to a variable lifetime (V4: max 21 hours = 5 x 255) (V5: unlimited) encrypted with the DES key of the target bound to the IP address of the client bound to just one credential simple or mutual authentication Kerberos high-level view K UID, K TGS AS Authentication Server {TGT} TGT K S TGS Ticket Granting Server T s request client T s (application) Kerberos versions MIT V4 (the original public one) MIT V5 (RFC-1510) not only DES extended ticket lifetime (begin-end) inter-realm realm authentication forwardable ticket message byte ordering OSF-DCE (Distributed Computing Environment from Open Source Foundation) based on MIT V5 implemented as RPC rather than a message exchange protocol 13
14 Kerberos: problems clock synchronization required: within a LAN it s useful anyway in WAN may originate problems Kryptoknight (alias IBM NetSP) doesn t require clock synchronization remote access needs cleartext password: encrypted channel or integration with OTP, symmetric or asymmetric challenge Kerberized dial-up modems SSO (Single Sign-On) the user has a single credential to authenticate himself and access any service in the system fictitious SSO: client for automatic password synchronization / management (alias password wallet ) specific for some applications only integral SSO: multiapplication authentication techniques (e.g. asymmetric challenge, Kerberos) likely requires a change in the applications 14
Cryptography and Network Security
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Authentication Applications We cannot enter into alliance with neighbouring princes until
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationAuthentication. Chapter 2
Authentication Chapter 2 Learning Objectives Create strong passwords and store them securely Understand the Kerberos authentication process Understand how CHAP works Understand what mutual authentication
More informationUnit-VI. User Authentication Mechanisms.
Unit-VI User Authentication Mechanisms Authentication is the first step in any cryptographic solution Authentication can be defined as determining an identity to the required level of assurance Passwords
More informationAuthentication Objectives People Authentication I
Authentication Objectives People Authentication I Dr. Shlomo Kipnis December 15, 2003 User identification (name, id, etc.) User validation (proof of identity) Resource identification (name, address, etc.)
More informationRadius, LDAP, Radius, Kerberos used in Authenticating Users
CSCD 303 Lecture 5 Fall 2018 Radius, LDAP, Radius, Kerberos used in Authenticating Users Kerberos Authentication and Authorization Previously Said that identification, authentication and authorization
More informationAcknowledgments. CSE565: Computer Security Lectures 16 & 17 Authentication & Applications
CSE565: Computer Security Lectures 16 & 17 Authentication & Applications Shambhu Upadhyaya Computer Science & Eng. University at Buffalo Buffalo, New York 14260 Lec 16.1 Acknowledgments Material for some
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 6. Authentication Instructor: Dr. Kun Sun Authentication Authentication is the process of reliably verifying certain information. Examples User authentication
More informationAuthentication. Identification. AIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 6. Authentication Instructor: Dr. Kun Sun Authentication Authentication is the process of reliably verifying certain information. Examples User authentication
More informationRadius, LDAP, Radius used in Authenticating Users
CSCD 303 Lecture 5 Fall 2017 Kerberos Radius, LDAP, Radius used in Authenticating Users Introduction to Centralized Authentication Kerberos is for authentication only and provides Single Sign-on (SSO)
More informationProtecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 10 - Identity Management and Access Control MIS5206 Week 10 Identity Management and Access Control Presentation Schedule Test Taking Tip Quiz Identity Management and
More informationChapter 4 Authentication Applications
Chapter 4 Authentication Applications Henric Johnson Blekinge Institute of Technology,Sweden http://www.its.bth.se/staff/hjo/ henric.johnson@bth.se Henric Johnson 1 Outline Security Concerns Kerberos X.509
More informationCIS 6930/4930 Computer and Network Security. Topic 7. Trusted Intermediaries
CIS 6930/4930 Computer and Network Security Topic 7. Trusted Intermediaries 1 Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center (KDC) Representative
More informationCSCI 667: Concepts of Computer Security. Lecture 9. Prof. Adwait Nadkarni
CSCI 667: Concepts of Computer Security Lecture 9 Prof. Adwait Nadkarni 1 Derived from slides by William Enck, Micah Sherr, Patrick McDaniel, Peng Ning, and Vitaly Shmatikov Authentication Alice? Bob?
More informationComputer Security. 08. Authentication. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Authentication Paul Krzyzanowski Rutgers University Spring 2018 1 Authentication Identification: who are you? Authentication: prove it Authorization: you can do it Protocols such
More informationCSC 474 Network Security. Authentication. Identification
Computer Science CSC 474 Network Security Topic 6. Authentication CSC 474 Dr. Peng Ning 1 Authentication Authentication is the process of reliably verifying certain information. Examples User authentication
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationAUTHENTICATION APPLICATION
AUTHENTICATION APPLICATION WHAT IS KERBEROS? Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography.
More informationNetwork Security Essentials
Network Security Essentials Fifth Edition by William Stallings Chapter 4 Key Distribution and User Authentication No Singhalese, whether man or woman, would venture out of the house without a bunch of
More informationComputer Security 3/20/18
Authentication Identification: who are you? Authentication: prove it Computer Security 08. Authentication Authorization: you can do it Protocols such as Kerberos combine all three Paul Krzyzanowski Rutgers
More informationIntroduction. Trusted Intermediaries. CSC/ECE 574 Computer and Network Security. Outline. CSC/ECE 574 Computer and Network Security.
Trusted Intermediaries CSC/ECE 574 Computer and Network Security Topic 7. Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center () Representative solution:
More informationKEY DISTRIBUTION AND USER AUTHENTICATION
KEY DISTRIBUTION AND USER AUTHENTICATION Key Management and Distribution No Singhalese, whether man or woman, would venture out of the house without a bunch of keys in his hand, for without such a talisman
More informationHOST Authentication Overview ECE 525
Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication in real-time
More informationCryptology Part 1. Terminology. Basic Approaches to Cryptography. Basic Approaches to Cryptography: (1) Transposition (continued)
Cryptology Part 1 Uses of Cryptology 1. Transmission of a message with assurance that the contents will be known only by sender and recipient a) Steganography: existence of the message is hidden b) Cryptography:
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 10 Authenticating Users
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 10 Authenticating Users Learning Objectives Explain why authentication is a critical aspect of network security Explain
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 24 April 16, 2012 CPSC 467b, Lecture 24 1/33 Kerberos Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management
More information0/41. Alice Who? Authentication Protocols. Andreas Zeller/Stephan Neuhaus. Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken
0/41 Alice Who? Authentication Protocols Andreas Zeller/Stephan Neuhaus Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken The Menu 1/41 Simple Authentication Protocols The Menu 1/41 Simple
More informationIntruders, Human Identification and Authentication, Web Authentication
Intruders, Human Identification and Authentication, Web Authentication David Sanchez Universitat Pompeu Fabra 06-06-2006 Lecture Overview Intruders and Intrusion Detection Systems Human Identification
More informationKerberos MIT protocol
Kerberos MIT protocol December 11 th 2009 Amit Shinde Kerberos MIT protocol Motivation behind the design Overview of Kerberos Protocol Kerberized applications Attacks and Security analysis Q & A Motivations
More informationTrusted Intermediaries
AIT 682: Network and Systems Security Topic 7. Trusted Intermediaries Instructor: Dr. Kun Sun Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center (KDC)
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 7. Trusted Intermediaries Instructor: Dr. Kun Sun Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center (KDC)
More informationCSE Computer Security
CSE 543 - Computer Security Lecture 6 - Authentication September 21, 2006 URL: http://www.cse.psu.edu/~tjaeger/cse543-f06/ Project Background and Related Work Due 10/10 Questions to Answer: What is the
More informationCS530 Authentication
CS530 Authentication Bill Cheng http://merlot.usc.edu/cs530-s10 1 Identification vs. Authentication Identification associating an identity (or a claimed identity) with an individual, process, or request
More informationNetwork Security and Cryptography. December Sample Exam Marking Scheme
Network Security and Cryptography December 2015 Sample Exam Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers
More informationKerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos
Kerberos and Public-Key Infrastructure Key Points Kerberos is an authentication service designed for use in a distributed environment. Kerberos makes use of a thrusted third-part authentication service
More informationKEY DISTRIBUTION AND USER AUTHENTICATION
PART 2: NETWORK SECURITY APPLICATIONS KEY DISTRIBUTION AND USER AUTHENTICATION 4.1 Symmetric Key Distribution Using Symmetric Encryption 4.2 Kerberos Kerberos Version 4 Kerberos Version 5 4.3 Key Distribution
More informationAuthentication & Authorization
Authentication & Authorization Anuj Gupta 1, 1 M.Tech Scholar, Department of C.F.I.S, G.I.T.A.M, Kablana, Jhajjar Ashish Kumar Sharma 2 2 Assistant Professor, Department of C.F.I.S & C.S.E, G.I.T.A.M,
More informationUser Authentication Protocols
User Authentication Protocols Class 5 Stallings: Ch 15 CIS-5370: 26.September.2016 1 Announcement Homework 1 is due today by end of class CIS-5370: 26.September.2016 2 User Authentication The process of
More informationCNIT 125: Information Security Professional (CISSP Preparation) Ch 6. Identity and Access Management
CNIT 125: Information Security Professional (CISSP Preparation) Ch 6. Identity and Access Management Authentication Methods Authentication Methods Type 1: Something you know Easiest and weakest method
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationCIS 6930/4930 Computer and Network Security. Topic 6. Authentication
CIS 6930/4930 Computer and Network Security Topic 6. Authentication 1 Authentication Authentication is the process of reliably verifying certain information. Examples User authentication Allow a user to
More informationUser Authentication Protocols Week 7
User Authentication Protocols Week 7 CEN-5079: 2.October.2017 1 Announcement Homework 1 is posted on the class webpage Due in 2 weeks 10 points (out of 100) subtracted each late day CEN-5079: 2.October.2017
More informationIn any of these cases, an unauthorized user may be able to gain access to services and data that he or she is not authorized to access.
e-pgpathshala Subject: Computer Science Paper: Cryptography and Network Security Module: Authentication Application Kerberos Module No: CS/CNS/31 Quadrant 1 e-text Learning Objectives To introduce authentication
More informationSecurity: Focus of Control. Authentication
Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized
More informationPassword. authentication through passwords
Password authentication through passwords Human beings Short keys; possibly used to generate longer keys Dictionary attack: adversary tries more common keys (easy with a large set of users) Trojan horse
More informationUser Authentication Principles and Methods
User Authentication Principles and Methods David Groep, NIKHEF User Authentication - Principles and Methods 1 Principles and Methods Authorization factors Cryptographic methods Authentication for login
More informationCSE543 - Introduction to Computer and Network Security. Module: Authentication
CSE543 - Introduction to Computer and Network Security Module: Authentication Professor Trent Jaeger 1 What is Authentication? Short answer: establishes identity Answers the question: To whom am I speaking?
More informationCT30A8800 Secured communications
CT30A8800 Secured communications Pekka Jäppinen October 31, 2007 Pekka Jäppinen, Lappeenranta University of Technology: October 31, 2007 Authentication Three basic models 1. Something you know Password,
More informationSecuring Internet Communication: TLS
Securing Internet Communication: TLS CS 161: Computer Security Prof. David Wagner March 11, 2016 Today s Lecture Applying crypto technology in practice Two simple abstractions cover 80% of the use cases
More informationSecurity: Focus of Control
Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized
More information1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class
1.264 Lecture 27 Security protocols Symmetric cryptography Next class: Anderson chapter 10. Exercise due after class 1 Exercise: hotel keys What is the protocol? What attacks are possible? Copy Cut and
More informationAuthentication Methods
CERT-EU Security Whitepaper 16-003 Authentication Methods D.Antoniou, K.Socha ver. 1.0 20/12/2016 TLP: WHITE 1 Authentication Lately, protecting data has become increasingly difficult task. Cyber-attacks
More informationCourse Administration
Lecture 6: Hash Functions, Message Authentication and Key Distribution CS 392/6813: Computer Security Fall 2010 Nitesh Saxena *Adopted from Previous Lectures by Nasir Memon Course Administration HW3 was
More informationAuthentication Technology Alternatives. Mark G. McGovern Chief Technologist Smart Cards, Crypto, Stego, PKI Lockheed Martin
Authentication Technology Alternatives Mark G. McGovern Chief Technologist Smart Cards, Crypto, Stego, PKI Lockheed Martin Passwords Initial response by security and programming experts to deny access
More informationPro s and con s Why pins # s, passwords, smart cards and tokens fail
Current Authentication Methods Pro s and con s Why pins # s, passwords, smart cards and tokens fail IDENTIFYING CREDENTIALS In The Physical World Verified by Physical Inspection of the Credential by an
More informationAccess Controls. CISSP Guide to Security Essentials Chapter 2
Access Controls CISSP Guide to Security Essentials Chapter 2 Objectives Identification and Authentication Centralized Access Control Decentralized Access Control Access Control Attacks Testing Access Controls
More information10/1/2015. Authentication. Outline. Authentication. Authentication Mechanisms. Authentication Mechanisms. Authentication Mechanisms
Authentication IT443 Network Security Administration Instructor: Bo Sheng Authentication Mechanisms Key Distribution Center and Certificate Authorities Session Key 1 2 Authentication Authentication is
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 3 User Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown User Authentication fundamental security building
More informationAuthentication in real world: Kerberos, SSH and SSL. Zheng Ma Apr 19, 2005
Authentication in real world: Kerberos, SSH and SSL Zheng Ma Apr 19, 2005 Where are we? After learning all the foundation of modern cryptography, we are ready to see some real world applications based
More informationBACHELOR THESIS CAPABILITY OF KERBEROS MATTHIJS MEKKING
BACHELOR THESIS CAPABILITY OF KERBEROS MATTHIJS MEKKING JUNE 2006 Contents 1 Introduction 5 1.1 Outline.................................. 5 2 The Kerberos Protocol 7 2.1 Term definitions.............................
More informationNetwork Security: Kerberos. Tuomas Aura
Network Security: Kerberos Tuomas Aura Kerberos authentication Outline Kerberos in Windows domains 2 Kerberos authentication 3 Kerberos Shared-key protocol for user login authentication Uses passwords
More informationSecurity Handshake Pitfalls
Security Handshake Pitfalls 1 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: Authenticate each other Establish sessions keys This process may
More informationThis chapter examines some of the authentication functions that have been developed to support network-based use authentication.
1 This chapter examines some of the authentication functions that have been developed to support network-based use authentication. In most computer security contexts, user authentication is the fundamental
More informationA Modified Approach for Kerberos Authentication Protocol with Secret Image by using Visual Cryptography
A Modified Approach for Kerberos Authentication Protocol with Secret Image by using Visual Cryptography Ashok Kumar J 1, and Gopinath Ganapathy 2 1,2 School of Computer Science, Engineering and Applications
More informationIdentification Schemes
Identification Schemes Lecture Outline Identification schemes passwords one-time passwords challenge-response zero knowledge proof protocols Authentication Data source authentication (message authentication):
More information5. Authentication Contents
Contents 1 / 47 Introduction Password-based Authentication Address-based Authentication Cryptographic Authentication Protocols Eavesdropping and Server Database Reading Trusted Intermediaries Session Key
More informationComputer Security 4/12/19
Authentication Computer Security 09. Authentication Identification: who are you? Authentication: prove it Authorization: you can do it Paul Krzyzanowski Protocols such as Kerberos combine all three Rutgers
More informationLecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall Nitesh Saxena
Lecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall 2009 Nitesh Saxena *Adopted from a previous lecture by Gene Tsudik Course Admin HW3 Problem 3 due Friday midnight
More informationLecture 9. Authentication & Key Distribution
Lecture 9 Authentication & Key Distribution 1 Where are we now? We know a bit of the following: Conventional (symmetric) cryptography Hash functions and MACs Public key (asymmetric) cryptography Encryption
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Final Exam Review Instructor: Dr. Kun Sun Topics covered by Final Topic before Midterm 10% Topic after Midterm 90% Date: 12/13/2017 7:30am 10:15am Place: the same
More informationICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification
ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification Hossen Asiful Mustafa Introduction Entity Authentication is a technique designed to let one party prove the identity of another
More informationAuthentication Handshakes
AIT 682: Network and Systems Security Topic 6.2 Authentication Protocols Instructor: Dr. Kun Sun Authentication Handshakes Secure communication almost always includes an initial authentication handshake.
More informationProtocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh
Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011 Outline Introduction Shared-key Authentication Asymmetric authentication protocols
More informationSecurity and Privacy in Computer Systems. Lecture 7 The Kerberos authentication system. Security policy, security models, trust Access control models
CS 645 Security and Privacy in Computer Systems Lecture 7 The Kerberos authentication system Last Week Security policy, security models, trust Access control models The Bell-La Padula (BLP) model The Biba
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 9: Authentication Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Definition of entity authentication Solutions password-based
More informationLinux Network Administration
Secure Remote Connections with OpenSSH Objective At the conclusion of this module, the student will be able to: Configure the ssh daemon start, stop, and restart sshd 17 January 2005 NETW 111 - SSH 2 SSH
More informationChapter 19 Security. Chapter 19 Security
Chapter 19 Security Outline 19.1 Introduction 19.2 Cryptography 19.2.1 Secret-Key Cryptography 19.2.2 Public-Key Cryptography 19.3 Authentication 19.3.1 Basic Authentication 19.3.2 Biometrics and Smart
More informationreview of the potential methods
Mandatory iscsi Security review of the potential methods IPS Interim Meeting Nashua NH, May 01 2001 Ofer Biran Thanks to: IBM Research Lab in Haifa Bernard Aboba, David Black, Julian Satran, Steve Senum
More informationData Security and Privacy. Topic 14: Authentication and Key Establishment
Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 3.3: Security Handshake Pitfalls CSC 474/574 Dr. Peng Ning 1 Authentication Handshakes Secure communication almost always includes an initial authentication
More informationLecture 9 User Authentication
Lecture 9 User Authentication RFC 4949 RFC 4949 defines user authentication as: The process of verifying an identity claimed by or for a system entity. Authentication Process Fundamental building block
More informationChapter 9: Key Management
Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures Slide #9-1 Overview Key exchange Session vs. interchange
More informationIdentification, authentication, authorisation. Identification and authentication. Authentication. Authentication. Three closely related concepts:
Identification, authentication, authorisation Three closely related concepts: Identification and authentication WSPC, Chapter 6 Identification: associating an identity with a subject ( Who are you? ) Authentication:
More informationVerteilte Systeme (Distributed Systems)
Verteilte Systeme (Distributed Systems) Lorenz Froihofer l.froihofer@infosys.tuwien.ac.at http://www.infosys.tuwien.ac.at/teaching/courses/ VerteilteSysteme/ Security Threats, mechanisms, design issues
More informationCSCE 548 Building Secure Software Biometrics (Something You Are) Professor Lisa Luo Spring 2018
CSCE 548 Building Secure Software Biometrics (Something You Are) Professor Lisa Luo Spring 2018 Previous Class Credentials Something you know (Knowledge factors) Something you have (Possession factors)
More information<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Pulse Connect Secure 8.x
RSA SECURID ACCESS Implementation Guide Pulse Connect Secure 8.x Daniel R. Pintal, RSA Partner Engineering Last Modified: January 24 th, 2018 Solution Summary The Pulse
More informationCSC 774 Network Security
CSC 774 Network Security Topic 2. Review of Cryptographic Techniques CSC 774 Dr. Peng Ning 1 Outline Encryption/Decryption Digital signatures Hash functions Pseudo random functions Key exchange/agreement/distribution
More informationCOPYRIGHTED MATERIAL. Chapter. Accountability and Access Control THE CISSP EXAM TOPICS COVERED IN THIS CHAPTER INCLUDE:
4335.book Page 1 Wednesday, June 9, 2004 7:01 PM Chapter 1 Accountability and Access Control THE CISSP EXAM TOPICS COVERED IN THIS CHAPTER INCLUDE: Accountability Access Control Techniques Access Control
More informationCS-630: Cyber and Network Security
CS-630: Cyber and Network Security Lecture # 6: Digital Signatures and Authentication Prof. Dr. Sfi Sufian Hameed Department of Computer Science Authentication Overview Authentication Passwords Secure
More informationCSC/ECE 774 Advanced Network Security
Computer Science CSC/ECE 774 Advanced Network Security Topic 2. Network Security Primitives CSC/ECE 774 Dr. Peng Ning 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange;
More informationDistributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to
More informationCSCE 813 Internet Security Kerberos
CSCE 813 Internet Security Kerberos Professor Lisa Luo Fall 2017 What is Kerberos? An authentication server system from MIT; versions 4 and 5 Provide authentication for a user that works on a workstation
More informationHY-457 Information Systems Security
HY-457 Information Systems Security Recitation 1 Panagiotis Papadopoulos(panpap@csd.uoc.gr) Kostas Solomos (solomos@csd.uoc.gr) 1 Question 1 List and briefly define categories of passive and active network
More informationAuthentication, Passwords. Robert H. Sloan
Authentication, Passwords Robert H. Sloan authenticate verb [ trans. ] prove or show (something) to be true or genuine : they were invited to authenticate artifacts from the Italian Renaissance. [ intrans.
More information<Partner Name> RSA SECURID ACCESS Authenticator Implementation Guide. Intel Authenticate & Intel IPT based Token Provider for RSA SecurID
RSA SECURID ACCESS Authenticator Implementation Guide Intel Authenticate & Intel IPT based Token Provider for RSA SecurID Jeffrey Carlson, RSA Partner Engineering Last
More informationDistributed Systems. Lecture 14: Security. Distributed Systems 1
06-06798 Distributed Systems Lecture 14: Security Distributed Systems 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication
More informationCS System Security Mid-Semester Review
CS 356 - System Security Mid-Semester Review Fall 2013 Mid-Term Exam Thursday, 9:30-10:45 you may bring one 8-1/2 x 11 sheet of paper with any notes you would like no cellphones, calculators This is to
More informationCS November 2018
Authentication Distributed Systems 25. Authentication For a user (or process): Establish & verify identity Then decide whether to allow access to resources (= authorization) Paul Krzyzanowski Rutgers University
More informationDistributed Systems. Lecture 14: Security. 5 March,
06-06798 Distributed Systems Lecture 14: Security 5 March, 2002 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication
More informationQUESTION: 1 An RSA SecurID tokencode is unique for each successful authentication because
1 RSA - 050-v71-CASECURID02 RSA SecurID Certified Administrator 7.1 Exam QUESTION: 1 An RSA SecurID tokencode is unique for each successful authentication because A. a token periodically calculates a new
More information