1 Authentication Technologies Authentication Mechanisms –Something you know –Something you have –Something you are Features –Authenticator & Base secret.

Slides:

Advertisements

Similar presentations

1 Identification Who are you? How do I know you are who you say you are?

Advertisements

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

1 Best Practices for Voice Authentication Charles R. Jankowski Jr., Ph. D. SpeechTek West 2007 February 21, 2007.

Biometric Authentication Andrea Blanco Binglin Li Brian Connelly.

Introduction to Fingerprint Biometrics By Tamar Bar.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

Biometric Authentication: Security Issues M. Fahim Zibran February 23, 2009.

GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz.

Emerging Biometric Applications Expectations and Reality (in 29 minutes or less!) (C) Mr David Heath of Triton Secure.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Biometrics and Authentication Shivani Kirubanandan.

A Brief Survey on Face Recognition Systems Amir Omidvarnia March 2007.

Marjie Rodrigues

CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.

1J. M. Kizza - Ethical And Social Issues Module 16: Biometrics Introduction and Definitions Introduction and Definitions The Biometrics Authentication.

Module 14: Biometrics Introduction and Definitions The Biometrics Authentication Process Biometric System Components The Future of Biometrics J. M. Kizza.

Zachary Olson and Yukari Hagio CIS 4360 Computer Security November 19, 2008.

Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.

14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.

CS 736 A methodology for Analyzing the Performance of Authentication Protocol by Laseinde Olaoluwa Peter Department of Computer Science West Virginia.

© NeoAccel, Inc. TWO FACTOR AUTHENTICATION Corporate Presentation.

Chapter 4.  Can technology alone provide the best security for your organization?

Chapter 6 Authenticating People

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.

Chapter-2 Identification & Authentication. Introduction  To secure a network the first step is to avoid unauthorized access to the network.  This can.

Entity Authentication

Le Trong Ngoc Security Fundamentals Entity Authentication Mechanisms 4/2011.

Chapter 4 – Protection in General-Purpose Operating Systems Section 4.5 User Authentication.

At a glance…  Introduction  How Biometric Systems Work ?  Popular Biometric Methodologies  Multibiometrics  Applications  Benefits  Demerits 

Security PS Evaluating Password Alternatives Bruce K. Marshall, CISSP, IAM Senior Security Consultant

Ch9QQ T F 1.Hacking is an example of unauthorized access. T F 2.A Trojan horse is a type of malware that masquerades as another type of program. T F 3.A.

G53SEC 1 Authentication and Identification Who? What? Where?

D´ej`a Vu: A User Study Using Images for Authentication Rachna Dhamija,Adrian Perrig SIMS / CS, University of California Berkeley 報告人：張淯閎.

Protection in General- Purpose OS Week-3. Our Main Concern In what way do operating systems protect one user’s process from inadvertent or malicious interaction.

CSCE 522 Identification and Authentication. CSCE Farkas2Reading Reading for this lecture: Required: – Pfleeger: Ch. 4.5, Ch. 4.3 Kerberos – An Introduction.

Privacy versus Authentication Confidentiality (Privacy) –Interceptors cannot read messages Authentication: proving the sender’s identity –The Problem of.

14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.

SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,

A Practical Comparison of Modern Authentication Mechanisms.

Biometrics and Retina Scan Technology Lum OSMANI Alex CHERVENKOV Course: Information Security April 2008.

G53SEC 1 Authentication and Identification Who? What? Where?

Codes & Ciphers Ltd 12 Duncan Road Richmond, Surrey TW9 2JD Information Security Group Royal Holloway, University of London Egham, Surrey TW20 0EX Impersonation.

Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.

PRESENTATION ON BIOMETRICS

Biometrics: A Tool for Information Security 1 Authors: Anil K. Jain, Arun Ross, Sharath Pankanti IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY,

Biometric for Network Security. Finger Biometrics.

1 Figure 2-8: Access Cards Magnetic Stripe Cards Smart Cards  Have a microprocessor and RAM  More sophisticated than mag stripe cards  Release only.

Authentication What you know? What you have? What you are?

Computer Security and Cryptography Partha Dasgupta, Arizona State University.

Biometrics and Security Colin Soutar, CTO Bioscrypt Inc. 10th CACR Information Security Workshop May 8th, 2002.

CSCE 201 Identification and Authentication Fall 2015.

INFORMATION SECURITY AND CONTROL. SECURITY: l Deter l Detect l Minimize l Investigate l Recover.

DEFEATING BIOMETRIC AUTHENTICATION SYSTEMS Colin O’Hanlon COSC 480 April 11, 2012.

Host and Application Security Lesson 8: You are you… mostly.

An Introduction to Biometrics

CSEN 1001 Computer and Network Security Amr El Mougy Mouaz ElAbsawi.

Access control Presented by: Pius T. S. : Christian C. : Gabes K. : Ismael I. H. : Paulus N.

7/10/20161 Computer Security Protection in general purpose Operating Systems.

CSCE 522 Identification and Authentication

MANAGEMENT of INFORMATION SECURITY, Fifth Edition

CSCE 522 Identification and Authentication

Biometric Authentication

FACE RECOGNITION TECHNOLOGY

Asst. Prof. Arvind Selwal, CUJ,Jammu

Module 2 OBJECTIVE 14: Compare various security mechanisms.

PLANNING A SECURE BASELINE INSTALLATION

From Passwords to Public keys Chapter 4 ~ Chapter 6

Computer Security Protection in general purpose Operating Systems

Chapter Goals Discuss the CIA triad

Presentation transcript:

1 Authentication Technologies Authentication Mechanisms –Something you know –Something you have –Something you are Features –Authenticator & Base secret –Verifier –Verification Procedure

2 What you know Password/PIN –Authenticator & verifier –String comparison –Hashing? –Risks?

3 What you have Smart/Swipe cards Large base secret Risks? –Compared to Passwords?

4 What you are: Biometrics Identification: –Who are you? –Template/model comparison –“One-to-many” search –Choose most likely Verification –Is this you? –Template/model measure –“One-to-one” search –Thresholding

5 Subversion “As a general rule, if an authentification system is made by humans, it can be defeated by humans” Multifactor Authentication? Next: Risks & Attacks

6 Risks Masquerade Multiple Identities Identity Theft

7 Attacks Trial and Error –Passwords –Cards –Biometrics Replication Theft Digital Spoofing

8 Vulnerability Average attack space –Number of attacks to have 50% chance of succes False Acceptance Rate (FAR/FMR) –Percentage of successful attacks by imposter

9 Defences Trial and Error –Increase size of base secret –Limit guesses –Biometrics Tighten match criterion False Rejection Rate (FRR/FNMR) Replication –Liveness test? Theft –Add PINs or biometrics Digital Spoofing –Cryptography

10 Deployment Issues Enrolment –Establish the verifier –Security concerns? –Self-enrollment –Supervised enrolment Maintenance –Password aging Human memory! –Physical change Revocation

11 Operational Problems Forgetting Passwords –Cost of reset Loss or aging of devices Injury to biometric traits –Use redundancy

12 Economics Software Hardware Enrollment costs –Administrator –User Per-use cost Maintenance costs System downtime costs Revocation costs