Computer Security Set of slides 8 Dr Alexei Vernitski.

Slides:

Advertisements

Similar presentations

ICT at Work Banking and Finance.

Advertisements

1 MIS 2000 Class 22 System Security Update: Winter 2015.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

Security Security comes in three forms. 1.Encryption – making data and information transmitted by one person unintelligible to anyone other than the intended.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

8 Mistakes That Expose You to Online Fraud to Online Fraud.

Jason Rich CIS  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

3D-password A more secured authentication G.Suresh babu Roll no:08H71A05C2 Computer science & engineering Mic college of technology Guide:Mrs A.Jaya Lakshmi.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

95752:3-1 Access Control :3-2 Access Control Two methods of information control: –control access –control use or comprehension Access Control Methods.

Authentication. Terminology  Authentication التثبت من الهوية  Access Control (authorization) التحكم في الوصول  Note the difference between the two.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CS470, A.SelcukAuthentication Systems1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.

VOICE BOX® VOICE RECOGNITION Using YOUR Voice to Protect YOUR Identity! By Neil Madadi, Allison Wright, Ava Embry, Jacob Howard.

INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.

Security-Authentication

Security systems need to be able to distinguish the “white hats” from the “black hats”. This all begins with identity. What are some common identifiers.

Threats to I.T Internet security By Cameron Mundy.

Issues Raised by ICT.

Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.

Security Equipment Equipment for preventing unauthorised access to data & information.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

Chapter 10: Authentication Guide to Computer Network Security.

Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.

The Impact of Physical Security on Network Security

Author of Record Digital Identity Management Sub-Workgroup October 24, 2012.

Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.

Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

Information Security Phishing Update CTC

BUSINESS B1 Information Security.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.

3D password Umesh ECE.

CSCE 201 Identification and Authentication Microsoft support Fall 2010.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Starter How many methods of keeping data secure can you think of… Username and Password Biometrics Digital Signature Encryption Access Levels Physical.

Three Basic Identification Methods of password Possession (“something I have”) Possession (“something I have”) Keys Passport Smart Card Knowledge (“Something.

Lecture 19 Page 1 CS 111 Online Authentication for Operating Systems What is authentication? How does the problem apply to operating systems? Techniques.

1 Lecture 8: Authentication of People what you know (password schemes) what you have (keys, smart cards, etc.) what you are (voice recognition, fingerprints,

Network problems Last week, we talked about 3 disadvantages of networks. What are they?

Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

Physical ways of keeping your system secure. Unit 7 – Assignment 2. (Task1) By, Rachel Fiveash.

CptS 401 Adam Carter. Change in schedule  Updated online copy  Tomorrow: read

Lecture 7 Page 1 CS 236, Spring 2008 Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know.

By Kim Young Jun IGCSE1.  Computer network  Common types of network  Ring, bus, star and tree  Local are networks  Wide are networks  Wireless LANs.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.

CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.

CSCE 201 Identification and Authentication Fall 2015.

DoS Attacks Phishing Keylogging Computer Laws/Acts.

My topic is…………. - It is the fundamental building block and the primary lines of defense in computer security. - It is a basic for access control and.

LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.

Mobile Device Security Threats Christina Blakley Host Computer Security.

Information Systems Design and Development Security Precautions Computing Science.

Chapter Six: Authentication 2013 Term 2 Access Control Two parts to access control Authentication: Are you who you say you are?  Determine whether access.

Cyber security. Malicious Code Social Engineering Detect and prevent.

Challenge/Response Authentication

PHISHING Hi, The comms team asked if I could refresh everyone about Phishing after a fairly successful phishing circulated last week that led to.

Challenge/Response Authentication

Phishing is a form of social engineering that attempts to steal sensitive information.

Module 2 OBJECTIVE 14: Compare various security mechanisms.

G061 - Network Security.

Presentation transcript:

Computer Security Set of slides 8 Dr Alexei Vernitski

Methods of user authentication Knowledge-based (‘what the user knows’) Token-based (‘what the user has’) Identity-based (‘what the user is’)

Knowledge-based user authentication Passwords Any other examples?

Token-based user authentication Smartcards Electronic key fobs Other examples?

Identity-based user authentication Fingerprint scanning Iris scanning Other examples?

For discussion One recent research project studies whether a user can be authenticated by the way they sing. What type of user authentication is this? What are the advantages and disadvantages of this way of user authentication?

For discussion Let us look at an example not directly related to computer security One typically thinks of DNA as the best possible way of biometric authentication What are possible issues with DNA-based authentication? A recent example: the cost of a DNA analysis to distinguish two persons is ‘upwards of 1m euros’

For discussion Which ways of user authentication are cheaper? Which are more expensive? Which ways of user authentication are more usable?

For discussion Which ways of user authentication are likely to result in false positives? Which ways of user authentication are likely to result in false negatives?

For discussion Which ways of user authentication involve something that can be stolen? Or, can be lost? Or, can be copied? Or, can be forged?

Challenge-response authentication This is done to protect passwords as they are entered For example, this is how smartcards are authenticated Pattern-based authentication is another example

Challenge-response authentication smartcardauthenticator A random number is chosen The number is encrypted, with the password used as the key The cipher is sent back to the authenticator The two ciphers are compared The number is encrypted, with the password used as the key

Challenge-response authentication The image is taken from the paper: A pattern for successful authentication, by Stephen Howes, Computer Fraud & Security, Volume 2011, Issue 10, October 2011, Pages 13–15. What are the advantages and disadvantages of this authentication scheme?

Combination of user authentication techniques How would you classify the authentication by an ATM? What are its advantages? Some airports authenticate passengers by the boarding pass and the hand scan – how would you classify this? What other useful combinations of authentication methods can you propose?

Attacks against passwords Social engineering Shoulder-surfing More: – passwords left on post-it notes – unencrypted files containing passwords, note books with passwords in etc. – computers left on trains etc. – computers disposed incorrectly with files not deleted – passwords may be sent over the network unencrypted – passwords may be encrypted but are accessible in the encrypted form

For discussion Banks can provide you with a special device which you can use for additional protection when you log in into the bank’s web site. How does this approach work? How would you classify it within the range of authentication methods?

For discussion Password manager – good or bad? for example:

Baby monitoring cameras Hacker 'shouts abuse' via Foscam baby monitoring camera

An example of a phishing tweet The URL which appears in the tweet redirects the user to a fake Twitter login page

Hackers Say They’ve Cracked the iPhone’s Fingerprint Lock isch-german-hackers-say-theyve-cracked-the- iphones-fingerprint-lock/ isch-german-hackers-say-theyve-cracked-the- iphones-fingerprint-lock/

Paypal bank account confirmation We’ll send 2 random deposits (both between 1p and 99p) to your bank account. You'll find them on your online bank statement within 2-3 working days, or on your next paper statement. How exactly does this protocol authenticates you? What types of fraud does it prevent? What types of fraud does it not prevent?

Fridge sends spam s as attack hits smart gadgets How could smart gadgets be prevented from being included in a botnet?

Picture taken from:

Choosing password My paper on the subject: Mozilla recommendations (similar to mine): secure-passwords-keep-your-identity-safe secure-passwords-keep-your-identity-safe

Sample exam questions Name three main methods of user authentication and show how they can be combined for better security A company explains how one of their products works (example shown below): Entrust's patented grid card is a credit card-sized authenticator consisting of numbers and/or characters in a row-column format. Upon login, users are presented with a coordinate challenge and must respond with the information in the corresponding cells from the unique grid card they possess. Explain how this technology can improve your security.