Authentication Technology Alternatives Mark G. McGovern Chief Technologist Smart Cards, Crypto, Stego, PKI Lockheed Martin
Passwords Initial response by security and programming experts to deny access to unauthorized persons to the PC and/or network Most fundamental and commonly used access control and authentication technique General evolution of events User turns on PC or touches keyboard to wake-up system User enters User Name and Password into dialogue box and hits Enter Information sent to Identification flat file and compares user name to password Acceptance or denial returned to PC Advantages Relatively simple to implement Logical and efficient for the user
Clear Text Passwords Password authentication was designed to includes two separate distinct parts USER ID specific identification of the user attempting access Password something only the user should know Alice Bob Carol USERNAME PASSWORD mydogsparky Home4Holidays getthejobdone
Password Conversions In order to mitigate the storage of clear text passwords, three simple and effective approaches have been implemented Hashing Message Authentication Codes Cryptography
Password Hashing Sometimes referred to as a Message Digest, a hash is a one-way mathematical algorithm which produces a fixed length result from a document of almost any size Its fundamental purpose is to produce a digital fingerprint to verify the integrity of information. USERNAME PASSWORD AliceZ c0f1ce0662f4a2f8d86613cf2e7ddc311bcf3bd BobY 6dc04707c1204dac18b73e5b388365deac43f70c CarolW 2a70467b07eb3acfb90944c90e0261a5cb44649d
Passwords in MAC Format The Message Authentication Code, or MAC, takes the information offered, in this case the password, hashes it and then encrypts it USERNAME AliceZ BobY CarolW PASSWORD c0f1ce0662f4a2f8d86613cf2e7ddc311bcf3bd 6dc04707c1204dac18b73e5b388365deac43f70c 2a70467b07eb3acfb90944c90e0261a5cb44649d NOTE: The above example is not a real MAC of the Password. It is a copy of the Hash example.
Encrypted Passwords Cryptography offers a powerful solution to this dilemma Symmetric Algorithms are usually used for speed. USERNAME AliceZ BobY CarolW PASSWORD 60135d849c2700dc60ffc2606fb947 0c0dd92d4bd8d8ca864441d23e066d8b 7b94228224366ce3b2a049acaa0bd3c2
Authentication Technologies Attack Pretender Password Theft Response Passwords Hash, MAC Cryptography
Authentication Technologies Attack Pretender Password Theft Keyboard Sniffing Response Passwords Hash, MAC Cryptography
Authentication Technologies Attack Pretender Password Theft Keyboard Sniffing Response Passwords Hash, MAC Cryptography One-Time Passwords
One-Time Passwords (OTP) Developed to stop attacks on user-determined, static passwords and storage Each time a user authenticates to a system, a different password is used after which it is no longer valid There are 2 types of OTP s Hardware token synchronized algorithms are embedded in the PC/Network and the token using either a synchronized clock or challenge response algorithm Software token reside completely on the network
Authentication Technologies Attack Pretender Password Theft Keyboard Sniffing Sophisticated Network Attacks Response Passwords Hash, MAC Cryptography One-Time Passwords
Smart Cards Perfectly adaptable to access control (both logical and physical) Offers significant information security and processing power for authentication Usually preferred as a contact card for direct interaction exchanging lots of information with the reader/network, contact less capabilities also offer some advantages The card format offers everything on current corporate/government badges with the addition of the embedded computer chip
Biometrics A quickly maturing technology that is invaluable in the identifying unique characteristics of an individual Biometric technologies include Fingerprint Face Hand geometry Iris Palm Signature Voice Skin Effectively used as a primary or secondary control for access Fingerprint biometrics are particularly powerful when used with a smart card
Public Key Cryptography Public Key Infrastructure (PKI) Public Key Cryptography answers the key quandary of symmetric key distribution with the creation of 2 keys (one public and one private) which are related through one-way mathematical functions. Public Key Infrastructure (PKI) is a combination of standards, protocols, hardware and software designed and architected to maximize the security and power of Public Key Cryptography such as certificates and the ability to offer cryptographic services such as encryption for date and email, digital signatures, and access control using extraordinarily complicated keys. The Smart Card is able to keep this power secure and on demand.
Authentication Technologies Attack Pretender Password Theft Keyboard Sniffing Sophisticated Network Attacks Response Passwords Hash, MAC Cryptography OTP Smart Cards, Biometrics, PKI