CSC 382/582: Computer SecuritySlide #1 CSC 382/582: Computer Security Authentication.

Slides:



Advertisements
Similar presentations
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
Advertisements

BIOMETRIC VOTING SYSTEM
(Biometrics Consortium)
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Section – Biometrics 1. Biometrics Biometric refers to any measure used to uniquely identify a person based on biological or physiological traits.
By: Monika Achury and Shuchita Singh
BIOMETRICS AND NETWORK AUTHENTICATION Security Innovators.
Introduction to Biometrics Dr. Pushkin Kachroo. New Field Face recognition from computer vision Speaker recognition from signal processing Finger prints.
GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Linux+ Guide to Linux Certification, Second Edition
Biometrics Kyle O'Meara April 14, Contents Introduction Specific Types of Biometrics Examples Personal Experience Questions.
Your Interactive Guide to the Digital World Discovering Computers 2012.
Marjie Rodrigues
Security-Authentication
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
1J. M. Kizza - Ethical And Social Issues Module 16: Biometrics Introduction and Definitions Introduction and Definitions The Biometrics Authentication.
Module 14: Biometrics Introduction and Definitions The Biometrics Authentication Process Biometric System Components The Future of Biometrics J. M. Kizza.
Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.
Karthiknathan Srinivasan Sanchit Aggarwal
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
Zachary Olson and Yukari Hagio CIS 4360 Computer Security November 19, 2008.
Biometrics. Outline What is Biometrics? Why Biometrics? Physiological Behavioral Applications Concerns / Issues 2.
Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Authentication.
10/8/20151 Computer Security Authentication. 10/8/20152 Entity Authentication Entity Authentication is the process of verifying a claimed identity It.
CIT 380: Securing Computer Systems
CIT 470: Advanced Network and System AdministrationSlide #1 CIT 470: Advanced Network and System Administration Accounts and Namespaces.
Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
CSC 382: Computer SecuritySlide #1 CSC 382: Computer Security Identity.
Lecture 7 Page 1 CS 236, Spring 2008 Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know.
Biometrics Authentication Technology
Biometrics.
G53SEC 1 Authentication and Identification Who? What? Where?
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Pertemuan #9 Security in Practice Kuliah Pengaman Jaringan.
Power Point Project Michael Bennett CST 105Y01 ONLINE Course Editor-Paulette Gannett.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
Biometric Technologies
1 Figure 2-8: Access Cards Magnetic Stripe Cards Smart Cards  Have a microprocessor and RAM  More sophisticated than mag stripe cards  Release only.
Authentication What you know? What you have? What you are?
Biometrics Chuck Cook Matthew Etten Jeremy Vaughn.
INTRODUCTION TO BIOMATRICS ACCESS CONTROL SYSTEM Prepared by: Jagruti Shrimali Guided by : Prof. Chirag Patel.
CSC 382: Computer SecuritySlide #1 CSC 382: Computer Security Authentication.
Biometric Devices Biometric devices use secure identification and authentication in order for someone to use the device. These devices use automated.
CSCE 201 Identification and Authentication Fall 2015.
My topic is…………. - It is the fundamental building block and the primary lines of defense in computer security. - It is a basic for access control and.
Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.
Managing Users CSCI N321 – System and Network Administration Copyright © 2000, 2011 by Scott Orr and the Trustees of Indiana University.
Technical Devices for Security Management Kathryn Hockman COSC 481.
By Kyle Bickel. Road Map Biometric Authentication Biometric Factors User Authentication Factors Biometric Techniques Conclusion.
Information Systems Design and Development Security Precautions Computing Science.
An Introduction to Biometrics
7/10/20161 Computer Security Protection in general purpose Operating Systems.
Challenge/Response Authentication
CIT 380: Securing Computer Systems
CIT 480: Securing Computer Systems
Challenge/Response Authentication
Authentication.
2. Access Control Matrix Introduction to Computer Security © 2004 Matt Bishop 9/21/2018.
Adding New Users, Storage, File System
Biometric technology.
Computer Security Authentication
Rootly Powers Chapter 3.
Computer Security Protection in general purpose Operating Systems
Presentation transcript:

CSC 382/582: Computer SecuritySlide #1 CSC 382/582: Computer Security Authentication

CSC 382/582: Computer SecuritySlide #2 Authentication 1.Identity 2.Groups and Roles 3.Network Identities 4.Authentication 5.Biometrics 6.UNIX Authentication

CSC 382/582: Computer SecuritySlide #3 What is Identity? Computer’s representation of an entity –Entities can be subjects or objects. Authentication binds a principal to an identity. Example: –username expresses your identity. –password binds the person typing to that particular identity (username).

CSC 382/582: Computer SecuritySlide #4 Purpose of Identity Access Control –Most systems base access rights on identity of principal executing the process. Accountability –Logging and auditing functions. –Need to track identity across account/role changes (e.g., su, sudo ).

CSC 382/582: Computer SecuritySlide #5 Groups and Roles An “entity” may be a set of entities referred to by a single identifier. Principals often need to share access to files, and thus are taken as groups. –static: alias for a group of principles. –dynamic: principal changes from one group to another as different privileges are needed. role: a group that ties membership to function

CSC 382/582: Computer SecuritySlide #6 Network Identity Ethernet (MAC) Address –48-bit data link level identifier –example: 00:0B:DB:78:39:8A IP Address –32-bit network level identifier –ex: IPv6 Address –128-bit network level identifier –ex: fe80::2a0:c9ff:fe97:153d/64 Hostname (DNS name) –string application level identifier –ex:

CSC 382/582: Computer SecuritySlide #7 What is Authentication? Binding of an identity to a subject Based on: 1.What the entity knows (e.g., passwords) 2.What the entity has (e.g., access card) 3.What the entity is (e.g., fingerprints) 4.Where the entity is (e.g., local terminal) Two-factor authentication

CSC 382/582: Computer SecuritySlide #8 What You Know Passwords Pass Phrases PINs

CSC 382/582: Computer SecuritySlide #9 What You Have Smart Cards USB Token RFID RFID used for toll collection

CSC 382/582: Computer SecuritySlide #10 USB Tokens and Smart Cards Small device with storage and processor. –USB tokens tend to focus on storage. –Smart cards on processor + small storage. –Differences are growing smaller. Methods of use –By Hand (read card and type one-time password) –USB –Wireless

CSC 382/582: Computer SecuritySlide #11 RFID Radio Frequency Identification Types of Tags –Passive: use power from reader signal –Active: internal power source Applications –Product tracking (EPC barcode replacement) –Transportation payment –Automotive (embedded in car keys) –Passports –Human implants EPC RFID Tag

CSC 382/582: Computer SecuritySlide #12 What You Are: Biometrics Identification by human characteristics: 1.Physiological 2.Behavioral A biometric characteristic should be: 1.universal: everyone should have it 2.unique: no two people should share it 3.permanent: it should not change with time 4.quantifiable: it must be practically measurable

CSC 382/582: Computer SecuritySlide #13 How Biometrics Work 1.User submits sample. 2.Software turns sample into digital template. 3.Software compares template against stored reference template. 4.Authentication based on how closely templates match.

CSC 382/582: Computer SecuritySlide #14 Biometric Measurement Possible Outcomes: 1.Correct person accepted 2.Imposter rejected 3.Correct person rejected (False Rejection) 4.Imposter accepted (False Acceptance)

CSC 382/582: Computer SecuritySlide #15 False Positives and Negatives Tradeoff between False Accept Rate False Reject Rate

CSC 382/582: Computer SecuritySlide #16 Fingerprints Capacitive measurement, using differences in electrical charges of whorls on finger to detect those parts touching chip and those raised.

CSC 382/582: Computer SecuritySlide #17 Brandon Mayfield Fingerprints found in 2004 Madrid bombing. Brandon arrested May 6, FBI claimed “100 percent positive” match. –Held under a false name. –Then transferred to unidentified location. Spanish police identify fingerprint as belonging to an Algerian man May 21, Brandon released May 25, 2004.

CSC 382/582: Computer SecuritySlide #18 Eye Biometrics Iris Scan –Lowest false accept/reject rates of any biometric. –Person must hold head still and look into camera. Retinal Scan –Cataracts and pregnancy change retina pattern. –Lower false accept/reject rates than fingerprints. –Intrusive and slow.

CSC 382/582: Computer SecuritySlide #19 Other Types of Biometrics Physiological DNA Face recognition Hand geometric Scent detection Voice recognition Behavioral Gait recognition Keyboard dynamics Mouse dynamics Signatures

CSC 382/582: Computer SecuritySlide #20 Biometrics are not infallible What are False Accept and Reject Rates? Do the characteristics change over time? –Retina changes during pregnancy. –Fingerprint damage due to work/pipe smoking. –Young and old people have fainter fingerprints. Is it accurate in the installed environment? –Is someone observing fingerprint or voiceprint checks? –i.e., did you collect biometric from the person?

CSC 382/582: Computer SecuritySlide #21 Biometrics can be compromised. Unique identifiers, not secrets. –You can change a password. –You can’t change your iris scan. Examples: –You leave your fingerprints every place. –It’s easy to take a picture of your face. Other compromises. –Use faux ATM-style devices to collect biometrics. –Obtain all biometric templates from server.

CSC 382/582: Computer SecuritySlide #22 Use and Misuse of Biometrics Employee identification. –Employee enters login name. –System uses fingerprint to verify employee is who he claims to be. –Problem: Does biometric match the employee? Criminal search (Superbowl 2001) –System uses face recognition to search for criminals in public places. –Problem: Does any biometric in database match anyone in a crowd of people? –Assume system is 99.99% accurate and 1 in 10million people is a terrorist. Result: 1000 false positives for each terrorist.

CSC 382/582: Computer SecuritySlide #23 Location Classic: only allow access from a particular terminal or a particular set of remote hosts. Modern: GPS-based –Location Signature Sensor (LSS) for host and user. –Access rules permit user only to access host with specific LSS values. –Cell-phones track location, and some states use them to track drivers’ speed and locations.

CSC 382/582: Computer SecuritySlide #24 UNIX Authentication UNIX identifies user with a UID –Username is for humans, UID for computers. –15-bit to 32-bit unsigned integer. –UID=0 is the superuser, root. Identity and authentication data stored in –/etc/passwd –/etc/shadow –/etc/group

CSC 382/582: Computer SecuritySlide #25 /etc/{passwd,shadow} /etc/passwd –Username –UID –Default GID –GCOS –Home directory –Login shell /etc/shadow –Username –Encrypted password –Date of last pw change. –Days ‘til change allowed. –Days `til change required. –Expiration warning time. –Expiration date. Central file(s) describing UNIX user accounts. student:x:1000:1000:Example User,, ,:/home/student:/bin/bash student:$1$w/UuKtLF$otSSvXtSN/xJzUOGFElNz0:13226:0:99999:7:::

CSC 382/582: Computer SecuritySlide #26 Groups and GIDs GIDs are 32-bit non-negative integers. Each user has a default GID. –File group ownership set to default GID. –Temporarily change default GID: newgrp. Groups are described in /etc/group –Users may belong to multiple groups. –Format: group name, pw, GID, user list. –wheel:x:10:root,waldenj,bergs

CSC 382/582: Computer SecuritySlide #27 Superuser Powers Superuser can Read any file. Modify any file. Add / remove users. Become any user. Kill any process. Reprioritize processes. Configure network. Set date/time. Shutdown / reboot. Superuser can’t Change read-only filesystem. Decrypt hashed passwords. Modify NFS-mounted filesystems. Read or modify SELinux protected files.

CSC 382/582: Computer SecuritySlide #28 Switching Users The su command allows you to switch users. > id uid=102(wj) gid=102(wj) groups=102(wj) > su Password: # id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm), 6(disk),10(wheel) # su john john$ id uid=1995(john) gid=1995(john) groups=1995(john) john$ exit # exit > id uid=102(wj) gid=102(wj) groups=102(wj)

CSC 382/582: Computer SecuritySlide #29 Real and Effective UIDs Real UID –The UID matching the username you logged in as. Effective UID –The UID that is checked for access control. –The su command changes your EUID. SUID programs –A SUID program executes with an EUID of the owner of the program instead of yours. –/usr/bin/passwd is SUID root. Why?

CSC 382/582: Computer SecuritySlide #30 Key Points 1.Access control is based on identity. 2.Authentication consists of an entity, the user, attempting to convince another entity, the verifier, of the user’s identity 1.something you know 2.something you have 3.something you are 3.Authentication Types 1.Passwords 2.Security Tokens 3.Biometrics

CSC 382/582: Computer SecuritySlide #31 References 1.Phil Agre. “Your Face is not a Bar Code,” Ross Anderson, Security Engineering, Wiley, Matt Bishop, Introduction to Computer Security, Addison-Wesley, DigitalPersona, Simson Garfinkel, Gene Spafford, and Alan Schwartz, Practical UNIX and Internet Security, 3/e O’Reilly, Ben Mook, “Md. pilot program tracks drivers’ speed, location via cell phones,” The Daily Record, October 21, 2005, 7.Bruce Schneier, “Biometrics: Truths and Fictions,” Cryptogram, gram-9808.html#biometrics, gram-9808.html#biometrics 8.Bruce Schneier, “The Curse of the Secret Question,” Ed Skoudis, Counter Hack Reloaded, Prentice Hall, Wikipedia, Wikipedia, Wikipedia, Wikipedia, Wikipedia, Orville Wilson, “Privacy & Identity - Security and Usability: The viability of Passwords & Biometrics,” “Simple Anatomy of the Retina,”

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.