Authentication Technology Alternatives. Mark G. McGovern Chief Technologist Smart Cards, Crypto, Stego, PKI Lockheed Martin

Similar documents
Protecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets

Smart Cards and Authentication. Jose Diaz Director, Technical and Strategic Business Development Thales Information Systems Security

Authentication. Chapter 2

UNIT - IV Cryptographic Hash Function 31.1

Evaluating Alternatives to Passwords

Unit-VI. User Authentication Mechanisms.

CIS 6930/4930 Computer and Network Security. Topic 6. Authentication

What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.

Chapter 6: Digital Certificates Introduction Authentication Methods PKI Digital Certificate Passing

Lecture 9. Authentication & Key Distribution

Biometrics. Overview of Authentication

Cryptographic Concepts

ASC Chairman. Best Practice In Data Security In The Cloud. Speaker Name Dr. Eng. Bahaa Hasan

Test Conditions. Closed book, closed notes, no calculator, no laptop just brains 75 minutes. Steven M. Bellovin October 19,

AIT 682: Network and Systems Security

Authentication. Identification. AIT 682: Network and Systems Security

Pro s and con s Why pins # s, passwords, smart cards and tokens fail

Authentication Objectives People Authentication I

CSC 474 Network Security. Authentication. Identification

User Authentication. Modified By: Dr. Ramzi Saifan

Biometrics problem or solution?

(2½ hours) Total Marks: 75

User Authentication. Modified By: Dr. Ramzi Saifan

Attacking Your Two-Factor Authentication (PS: Use Two-Factor Authentication)

Sumy State University Department of Computer Science

HOST Authentication Overview ECE 525

McAfee Endpoint Encryption

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Test 2 Review. 1. (10 points) Timestamps and nonces are both used in security protocols to prevent replay attacks.

Deploying a New Hash Algorithm. Presented By Archana Viswanath

Network Security Issues and Cryptography


CS530 Authentication

BIOMETRIC MECHANISM FOR ONLINE TRANSACTION ON ANDROID SYSTEM ENHANCED SECURITY OF. Anshita Agrawal

Concurrent Distributed Authentication Model (CDAM)

Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1

CIS 4360 Secure Computer Systems Biometrics (Something You Are)

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Security in Embedded Systems

User Authentication Protocols

Syllabus: The syllabus is broadly structured as follows:

0/41. Alice Who? Authentication Protocols. Andreas Zeller/Stephan Neuhaus. Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken

Intel Security/McAfee Endpoint Encryption

CS Computer Networks 1: Authentication

Security+ SY0-501 Study Guide Table of Contents

Test 2 Review. (b) Give one significant advantage of a nonce over a timestamp.

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

Authentication systems. Authentication methodologies. User authentication. Authentication systems (auth - april 2011)

Network Security and Cryptography. December Sample Exam Marking Scheme

MODULE NO.28: Password Cracking

Kurose & Ross, Chapters (5 th ed.)

Java Card Technology-based Corporate Card Solutions

Chapter 19 Security. Chapter 19 Security

S. Erfani, ECE Dept., University of Windsor Network Security

CSE 565 Computer Security Fall 2018

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography

In this unit we are continuing our discussion of IT security measures.

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Outline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing

Practical Aspects of Modern Cryptography

Other Topics in Cryptography. Truong Tuan Anh

CSCI 667: Concepts of Computer Security. Lecture 9. Prof. Adwait Nadkarni

HY-457 Information Systems Security

Atmel Trusted Platform Module June, 2014

Introduction to Electronic Identity Documents

Vidder PrecisionAccess

Lecture 1 Applied Cryptography (Part 1)

1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class

Who s Protecting Your Keys? August 2018

User Authentication Protocols Week 7

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

Public-key Cryptography: Theory and Practice

The Match On Card Technology

Authentication Technology for a Smart eid Infrastructure.

A simple approach of Peer-to-Peer E-Cash system

CS November 2018

The Design of an Anonymous and a Fair Novel E-cash System

An Overview of Secure and Authenticated Remote Access to Central Sites

Chapter 9: Key Management

Keywords security model, online banking, authentication, biometric, variable tokens

CS System Security Mid-Semester Review

CompTIA Security+ (2008 Edition) Exam

Lecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall Nitesh Saxena

CSCE 548 Building Secure Software Biometrics (Something You Are) Professor Lisa Luo Spring 2018

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

Classical Cryptography. Thierry Sans

CIS 4360 Secure Computer Systems Applied Cryptography

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification

2 Electronic Passports and Identity Cards

Radius, LDAP, Radius, Kerberos used in Authenticating Users

Solving the key exchange problem

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Online Banking Security

Transcription:

Authentication Technology Alternatives Mark G. McGovern Chief Technologist Smart Cards, Crypto, Stego, PKI Lockheed Martin

Passwords Initial response by security and programming experts to deny access to unauthorized persons to the PC and/or network Most fundamental and commonly used access control and authentication technique General evolution of events User turns on PC or touches keyboard to wake-up system User enters User Name and Password into dialogue box and hits Enter Information sent to Identification flat file and compares user name to password Acceptance or denial returned to PC Advantages Relatively simple to implement Logical and efficient for the user

Clear Text Passwords Password authentication was designed to includes two separate distinct parts USER ID specific identification of the user attempting access Password something only the user should know Alice Bob Carol USERNAME PASSWORD mydogsparky Home4Holidays getthejobdone

Password Conversions In order to mitigate the storage of clear text passwords, three simple and effective approaches have been implemented Hashing Message Authentication Codes Cryptography

Password Hashing Sometimes referred to as a Message Digest, a hash is a one-way mathematical algorithm which produces a fixed length result from a document of almost any size Its fundamental purpose is to produce a digital fingerprint to verify the integrity of information. USERNAME PASSWORD AliceZ c0f1ce0662f4a2f8d86613cf2e7ddc311bcf3bd BobY 6dc04707c1204dac18b73e5b388365deac43f70c CarolW 2a70467b07eb3acfb90944c90e0261a5cb44649d

Passwords in MAC Format The Message Authentication Code, or MAC, takes the information offered, in this case the password, hashes it and then encrypts it USERNAME AliceZ BobY CarolW PASSWORD c0f1ce0662f4a2f8d86613cf2e7ddc311bcf3bd 6dc04707c1204dac18b73e5b388365deac43f70c 2a70467b07eb3acfb90944c90e0261a5cb44649d NOTE: The above example is not a real MAC of the Password. It is a copy of the Hash example.

Encrypted Passwords Cryptography offers a powerful solution to this dilemma Symmetric Algorithms are usually used for speed. USERNAME AliceZ BobY CarolW PASSWORD 60135d849c2700dc60ffc2606fb947 0c0dd92d4bd8d8ca864441d23e066d8b 7b94228224366ce3b2a049acaa0bd3c2

Authentication Technologies Attack Pretender Password Theft Response Passwords Hash, MAC Cryptography

Authentication Technologies Attack Pretender Password Theft Keyboard Sniffing Response Passwords Hash, MAC Cryptography

Authentication Technologies Attack Pretender Password Theft Keyboard Sniffing Response Passwords Hash, MAC Cryptography One-Time Passwords

One-Time Passwords (OTP) Developed to stop attacks on user-determined, static passwords and storage Each time a user authenticates to a system, a different password is used after which it is no longer valid There are 2 types of OTP s Hardware token synchronized algorithms are embedded in the PC/Network and the token using either a synchronized clock or challenge response algorithm Software token reside completely on the network

Authentication Technologies Attack Pretender Password Theft Keyboard Sniffing Sophisticated Network Attacks Response Passwords Hash, MAC Cryptography One-Time Passwords

Smart Cards Perfectly adaptable to access control (both logical and physical) Offers significant information security and processing power for authentication Usually preferred as a contact card for direct interaction exchanging lots of information with the reader/network, contact less capabilities also offer some advantages The card format offers everything on current corporate/government badges with the addition of the embedded computer chip

Biometrics A quickly maturing technology that is invaluable in the identifying unique characteristics of an individual Biometric technologies include Fingerprint Face Hand geometry Iris Palm Signature Voice Skin Effectively used as a primary or secondary control for access Fingerprint biometrics are particularly powerful when used with a smart card

Public Key Cryptography Public Key Infrastructure (PKI) Public Key Cryptography answers the key quandary of symmetric key distribution with the creation of 2 keys (one public and one private) which are related through one-way mathematical functions. Public Key Infrastructure (PKI) is a combination of standards, protocols, hardware and software designed and architected to maximize the security and power of Public Key Cryptography such as certificates and the ability to offer cryptographic services such as encryption for date and email, digital signatures, and access control using extraordinarily complicated keys. The Smart Card is able to keep this power secure and on demand.

Authentication Technologies Attack Pretender Password Theft Keyboard Sniffing Sophisticated Network Attacks Response Passwords Hash, MAC Cryptography OTP Smart Cards, Biometrics, PKI

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback