Authentication. Chapter 2

Similar documents
Unit-VI. User Authentication Mechanisms.

(2½ hours) Total Marks: 75

User Authentication. Modified By: Dr. Ramzi Saifan

HOST Authentication Overview ECE 525

Radius, LDAP, Radius, Kerberos used in Authenticating Users

1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class

User Authentication. Modified By: Dr. Ramzi Saifan

Lecture 9. Authentication & Key Distribution

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

MCSA Guide to Networking with Windows Server 2016, Exam

CSC 774 Network Security

CSE 565 Computer Security Fall 2018

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification

Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh

Radius, LDAP, Radius used in Authenticating Users

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 10 Authenticating Users

Security and Privacy in Computer Systems. Lecture 7 The Kerberos authentication system. Security policy, security models, trust Access control models

CSC/ECE 774 Advanced Network Security

UNIT - IV Cryptographic Hash Function 31.1

Protecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets

ISSN: EverScience Publications 149

Authentication Technology Alternatives. Mark G. McGovern Chief Technologist Smart Cards, Crypto, Stego, PKI Lockheed Martin

Keywords security model, online banking, authentication, biometric, variable tokens

A Modified Approach for Kerberos Authentication Protocol with Secret Image by using Visual Cryptography

Network Security Essentials

CIS 6930/4930 Computer and Network Security. Topic 7. Trusted Intermediaries

Network Security CHAPTER 31. Solutions to Review Questions and Exercises. Review Questions

Authentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1

CS530 Authentication

Lecture 9 User Authentication

Pro s and con s Why pins # s, passwords, smart cards and tokens fail

Chapter 6: Digital Certificates Introduction Authentication Methods PKI Digital Certificate Passing

In this unit we are continuing our discussion of IT security measures.

Syllabus: The syllabus is broadly structured as follows:

CSE Computer Security

MANAGING LOCAL AUTHENTICATION IN WINDOWS

CSC 474 Network Security. Authentication. Identification

Information Security & Privacy

Authentication Methods

Kerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos

Authentication systems. Authentication methodologies. User authentication. Authentication systems (auth - april 2011)

Authentication in real world: Kerberos, SSH and SSL. Zheng Ma Apr 19, 2005

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

MU2a Authentication, Authorization & Accounting Questions and Answers with Explainations

AIT 682: Network and Systems Security

Authentication. Identification. AIT 682: Network and Systems Security

Systems Analysis and Design in a Changing World, Fourth Edition

Cryptology Part 1. Terminology. Basic Approaches to Cryptography. Basic Approaches to Cryptography: (1) Transposition (continued)

Introduction. Trusted Intermediaries. CSC/ECE 574 Computer and Network Security. Outline. CSC/ECE 574 Computer and Network Security.

CNIT 125: Information Security Professional (CISSP Preparation) Ch 6. Identity and Access Management

Security: Focus of Control. Authentication

Sumy State University Department of Computer Science

Acknowledgments. CSE565: Computer Security Lectures 16 & 17 Authentication & Applications

Security Handshake Pitfalls

Chapter 9: Key Management

Authentication Handshakes

This chapter examines some of the authentication functions that have been developed to support network-based use authentication.

HY-457 Information Systems Security

Identification, authentication, authorisation. Identification and authentication. Authentication. Authentication. Three closely related concepts:

Cryptographic Checksums

CompTIA Security+ (Exam SY0-401) Course 01 Security Fundamentals

Microsoft Exam Security fundamentals Version: 9.0 [ Total Questions: 123 ]

CSC 474/574 Information Systems Security

BIOMETRIC MECHANISM FOR ONLINE TRANSACTION ON ANDROID SYSTEM ENHANCED SECURITY OF. Anshita Agrawal

Trusted Intermediaries

AIT 682: Network and Systems Security

A Two-Fold Authentication Mechanism for Network Security

KALASALINGAM UNIVERSITY

Key distribution and certification

13/10/2013. Kerberos. Key distribution and certification. The Kerberos protocol was developed at MIT in the 1980.

CPSC 467b: Cryptography and Computer Security

Biometrics. Overview of Authentication

SMart esolutions Information Security

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

CSCI 667: Concepts of Computer Security. Lecture 9. Prof. Adwait Nadkarni

CIS 6930/4930 Computer and Network Security. Topic 6. Authentication

Cryptographic Concepts

Security: Focus of Control

Authentication Objectives People Authentication I

Authentication SPRING 2018: GANG WANG. Slides credit: Michelle Mazurek (U-Maryland) and Blase Ur (CMU)

Kerberos. Pehr Söderman Natsak08/DD2495 CSC KTH 2008

Network Security and Cryptography. December Sample Exam Marking Scheme

Security issues in Distributed Systems

Configuring SSL. SSL Overview CHAPTER

PPP Configuration Options

Lesson 13 Securing Web Services (WS-Security, SAML)

Fall 2010/Lecture 32 1

Information Security CS 526

Who are you? Enter userid and password. Means of Authentication. Authentication 2/19/2010 COMP Authentication is the process of verifying that

Session key establishment protocols

Authentication & Authorization

Overview. SSL Cryptography Overview CHAPTER 1

Session key establishment protocols

based computing that takes place over the Internet, basically a step on from Utility Computing.

User Authentication Protocols

CYBER SECURITY MADE SIMPLE

Verteilte Systeme (Distributed Systems)

Overview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation

Transcription:

Authentication Chapter 2

Learning Objectives Create strong passwords and store them securely Understand the Kerberos authentication process Understand how CHAP works Understand what mutual authentication is and why it is necessary Understand how digital certificates are created and why they are used continued

Learning Objectives Understand what tokens are and how they function Understand biometric authentication processes and their strengths and weaknesses Understand the benefits of multifactor authentication

Security of System Resources Three-step process (AAA) o Authentication Positive identification of person/system seeking access to secured information/services o Authorization Predetermined level of access to resources o Accounting Logging use of each asset

Authentication Techniques Usernames and passwords Kerberos Challenge Handshake Authentication Protocol (CHAP) Mutual authentication Digital certificates Tokens Biometrics Multifactor authentication

Usernames and Passwords Username o Unique alphanumeric identifier used to identify an individual when logging onto a computer/network Password o Secret combination of keystrokes that, when combined with a username, authenticates a user to a computer/network

Basic Rules for Password Protection 1.Memorize passwords; do not write them down 2.Use different passwords for different functions 3.Use at least 6 characters 4.Use mixture of uppercase and lowercase letters, numbers, and other characters 5.Change periodically

Strong Password Creation Techniques Easy to remember; difficult to recognize Examples: o First letters of each word of a simple phrase; add a number and punctuation Asb4M? o Combine two dissimilar words and place a number between them SleigH9ShoE o Substitute numbers for letters (not obviously)

Techniques to Use Multiple Passwords Group Web sites or applications by appropriate level of security o Use a different password for each group o Cycle more complex passwords down the groups, from most sensitive to least

Storing Passwords Written o Keep in a place you are not likely to lose it o Use small type o Develop a personal code to apply to the list Electronic o Use a specifically designed application (encrypts data)

Kerberos Provides secure and convenient way to access data and services through: o Session keys o Tickets o Authenticators o Authentication servers o Ticket-granting tickets o Ticket-granting servers o Cross-realm authentication

Kerberos in a Simple Environment Session key o Secret key used during logon session between client and a service Ticket o Set of electronic information used to authenticate identity of a principal to a service Authenticator o Device (eg, PPP network server) that requires authentication from a peer and specifies authentication protocol used in the configure request during link establishment phase continued

Kerberos in a Simple Environment Checksum o Small, fixed-length numerical value o Computed as a function of an arbitrary number of bits in a message o Used to verify authenticity of sender

Kerberos in a Simple Environment

Kerberos in a More Complex Environment Ticket-granting ticket (TGT) o Data structure that acts as an authenticating proxy to principal s master key for set period of time Ticket-granting server (TGS) o Server that grants ticket-granting tickets to a principal

Kerberos in a More Complex Environment

Kerberos in Very Large Network Systems Cross-realm authentication o Allows principal to authenticate itself to gain access to services in a distant part of a Kerberos system

Cross-Realm Authentication

Security Weaknesses of Kerberos Does not solve password-guessing attacks Must keep password secret Does not prevent denial-of-service attacks Internal clocks of authenticating devices must be loosely synchronized Authenticating device identifiers must not be recycled on a short-term basis

Challenge Handshake Authentication Protocol (CHAP) PPP mechanism used by an authenticator to authenticate a peer Uses an encrypted challenge-and-response sequence

CHAP Challenge-and-Response Sequence

CHAP Security Benefits Multiple authentication sequences throughout Network layer protocol session o Limit time of exposure to any single attack Variable challenge values and changing identifiers o Provide protection against playback attacks

CHAP Security Issues Passwords should not be the same in both directions Not all implementations of CHAP terminate the link when authentication process fails, but instead limit traffic to a subset of Network layer protocols o Possible for users to update passwords

Mutual Authentication Process by which each party in an electronic communication verifies the identity of the other party

Digital Certificates Electronic means of verifying identity of an individual/organization Digital signature o Piece of data that claims that a specific, named individual wrote or agreed to the contents of an electronic document to which the signature is attached

Electronic Encryption and Decryption Concepts Encryption o Converts plain text message into secret message Decryption o Converts secret message into plain text message Symmetric cipher o Uses only one key Asymmetric cipher o Uses a key pair (private key and public key) continued

Electronic Encryption and Decryption Concepts Certificate authority (CA) o Trusted, third-party entity that verifies the actual identity of an organization/individual before providing a digital certificate Nonrepudiation o Practice of using a trusted, third-party entity to verify the authenticity of a party who sends a message

How Much Trust Should One Place in a CA? Reputable CAs have several levels of authentication that they issue based on the amount of data collected from applicants Example: VeriSign

Security Tokens Authentication devices assigned to specific user Small, credit card-sized physical devices Incorporate two-factor authentication methods Utilize base keys that are much stronger than short, simple passwords a person can remember

Types of Security Tokens Passive o Act as a storage device for the base key o Do not emit, or otherwise share, base tokens Active o Actively create another form of a base key or encrypted form of a base key that is not subject to attack by sniffing and replay o Can provide variable outputs in various circumstances

One-Time Passwords Used only once for limited period of time; then is no longer valid Uses shared keys and challenge-andresponse systems, which do not require that the secret be transmitted or revealed Strategies for generating one-time passwords o Counter-based tokens o Clock-based tokens

Biometrics Biometric authentication o Uses measurements of physical or behavioral characteristics of an individual o Generally considered most accurate of all authentication methods o Traditionally used in highly secure areas o Expensive

How Biometric Authentication Works 1.Biometric is scanned after identity is verified 2.Biometric information is analyzed and put into an electronic template 3.Template is stored in a repository 4.To gain access, biometric is scanned again 5.Computer analyzes biometric data and compares it to data in template 6.If data from scan matches data in template, person is allowed access 7.Keep a record, following AAA model

False Positives and False Negatives False positive o Occurrence of an unauthorized person being authenticated by a biometric authentication process False negative o Occurrence of an authorized person not being authenticated by a biometric authentication process when they are who they claim to be

Different Kinds of Biometrics Physical characteristics o Fingerprints o Hand geometry o Retinal scanning o Iris scanning o Facial scanning Behavioral characteristics o Handwritten signatures o Voice

Fingerprint Biometrics

Hand Geometry Authentication

Retinal Scanning

Iris Scanning

Signature Verification

General Trends in Biometrics Authenticating large numbers of people over a short period of time (eg, smart cards) Gaining remote access to controlled areas

Multifactor Authentication Identity of individual is verified using at least two of the three factors of authentication o Something you know (eg, password) o Something you have (eg, smart card) o Something about you (eg, biometrics)

Chapter Summary Authentication techniques o Usernames and passwords o Kerberos o CHAP o Mutual authentication o Digital certificates o Tokens o Biometrics o Multifactor authentication

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback