Authentication by Passwords

Slides:



Advertisements
Similar presentations
1 PANEL Solving the Access Control Puzzle: Finding the Pieces and Putting Them Together Ravi Sandhu Executive Director Endowed Professor June 2010
Advertisements

Symmetric Message Authentication Codes Prof. Ravi Sandhu.
Lecture 6 User Authentication (cont)
1 Authentication with Passwords Prof. Ravi Sandhu Executive Director and Endowed Chair February 1, © Ravi.
1 Federated Identity and Single-Sign On Prof. Ravi Sandhu Executive Director and Endowed Chair February 15, 2013
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
1 Privacy and Access Control: How are These Two Concepts Related? Prof. Ravi Sandhu Executive Director and Endowed Chair SACMAT Panel June 3, 2015
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
1 Big Data Applications in Cloud and Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Professor UTSA COB Symposium on Big Data, Big Challenges.
Lecture 19 Page 1 CS 111 Online Authentication for Operating Systems What is authentication? How does the problem apply to operating systems? Techniques.
1 Virtualization Prof. Ravi Sandhu Executive Director and Endowed Chair February 7, © Ravi Sandhu World-Leading.
Password authentication Basic idea –User has a secret password –System checks password to authenticate user Issues –How is password stored? –How does system.
1 The Quest for Single-Sign On Prof. Ravi Sandhu Executive Director and Endowed Chair February 8, © Ravi Sandhu.
1 Cloud Computing and Security Prof. Ravi Sandhu Executive Director and Endowed Chair April 19, © Ravi Sandhu.
Authentication Lesson Introduction ●Understand the importance of authentication ●Learn how authentication can be implemented ●Understand threats to authentication.
COEN 351 Authentication. Authentication is based on What you know Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card.
1 Panel on Data Usage Management: Technology or Regulation? Prof. Ravi Sandhu Executive Director and Endowed Chair DUMA 2013 May 23, 2013
My topic is…………. - It is the fundamental building block and the primary lines of defense in computer security. - It is a basic for access control and.
1 Cyber Security A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 15, 2016
1 Security and Privacy in Human-Centric Computing and Big Data Management Prof. Ravi Sandhu Executive Director and Endowed Chair CODASPY 2013 February.
1 Open Discussion PSOSM 2012 Prof. Ravi Sandhu Executive Director and Endowed Chair © Ravi Sandhu.
1 Understanding Which New Threats Operators Can Expect To Face Within The Next Two To Five Years To Improve The On- Going Management Of Security Systems.
1 Secure Cloud Computing: A Research Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair Texas Fresh Air Big Data and Data Analytics Conference.
Executive Director and Endowed Chair
Intrusion Detection Evaluation
Executive Director and Endowed Chair
Symmetric Cryptography
Executive Director and Endowed Chair
Asymmetric Cryptography
What can Technologists learn from the History of the Internet?
Security and Privacy in the Networked World
Discretionary Access Control (DAC)
Executive Director and Endowed Chair
Introduction to Cyber Security
Introduction and Basic Concepts
Cryptography Basics and Symmetric Cryptography
Role-Based Access Control (RBAC)
Identity and Access Control in the
Executive Director and Endowed Chair
Executive Director and Endowed Chair
Cyber Security Research: Applied and Basic Combined*
Challenge-Response Authentication
ABAC Panel Prof. Ravi Sandhu Executive Director and Endowed Chair
Asymmetric Cryptography
Public-Key Certificates
Discretionary Access Control (DAC)
Executive Director and Endowed Chair
Attribute-Based Access Control (ABAC)
Cyber Security Research: Applied and Basic Combined*
Operating Systems Security
Security and Privacy in the Age of the Internet of Things:
Intersection of Data, Policy and Privacy
Authentication and Authorization Federation
Executive Director and Endowed Chair
Intrusion Detection Evaluation
Cyber Security and Privacy: An Optimist’s Perspective
Identity and Access Control in the
Big Data and Privacy Panel Prof. Ravi Sandhu
Executive Director and Endowed Chair
Exercise: Hashing, Password security, And File Integrity
Challenge-Response Authentication
Cyber Security Research: A Personal Perspective
Cyber Security Research: Applied and Basic Combined*
COEN 351 Authentication.
Attribute-Based Access Control (ABAC)
World-Leading Research with Real-World Impact!
Presentation transcript:

Authentication by Passwords CS 5323 Authentication by Passwords Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture 16 ravi.utsa@gmail.com www.profsandhu.com © Ravi Sandhu World-Leading Research with Real-World Impact!

Authentication Techniques Something you know password “secret” questions Something you have smartphone registered device Something you are fingerprint iris keyboard dynamics signature dynamics © Ravi Sandhu World-Leading Research with Real-World Impact! 2

Authentication Techniques Something you know password “secret” questions Something you have smartphone registered device Something you are fingerprint iris keyboard dynamics signature dynamics single factor multi factor © Ravi Sandhu World-Leading Research with Real-World Impact! 3

Phishing Personalized image to authenticate webserver to user © Ravi Sandhu World-Leading Research with Real-World Impact!

Phishing Man in the Middle Personalized image passed through © Ravi Sandhu World-Leading Research with Real-World Impact!

Offline (Dictionary Attack) Password Attacks Password Attacks Online Lock out Throttling Offline (Dictionary Attack) Complex passwords Salting © Ravi Sandhu World-Leading Research with Real-World Impact! 6

Password Storage and Verification Password Verification User ID Plaintext Password User ID Stored Password Plaintext Password = ? User ID Stored Password Loss of stored passwords = Catastrophic failure © Ravi Sandhu World-Leading Research with Real-World Impact! 7

Password Storage and Verification Password Verification User ID Plaintext Password User ID Plaintext Password Hashing Process Hashing Process Computed Hash User ID Stored Hash = ? Loss of stored hashes = Attack by single dictionary User ID Stored Hash © Ravi Sandhu World-Leading Research with Real-World Impact! 8

Password Storage and Verification Password Verification User ID Random Salt Plaintext Password User ID Plaintext Password Hashing Process Hashing Process Computed Hash User ID Stored Salt Stored Hash = ? Loss of stored hashes = Attack by different dictionary for each salt value User ID Stored Salt Stored Hash © Ravi Sandhu World-Leading Research with Real-World Impact! 9

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.