CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.

Slides:



Advertisements
Similar presentations
1 Identification Who are you? How do I know you are who you say you are?
Advertisements

Lecture 6 User Authentication (cont)
Password Cracking Lesson 10. Why crack passwords?
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Access Control Methodologies
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Next Generation Two Factor Authentication. Laptop Home / Other Business PC Hotel / Cyber Café / Airport Smart Phone / Blackberry 21 st Century Remote.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Access Control and Site Security (Part 1) Thursday 1/17/2008) © Abdou Illia – Spring 2008.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
第十章 1 Chapter 10 Authentication of People. 第十章 2 Introduction This chapter deals with password-related issues like how to force users to choose unguessable.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.
Chapter 10: Authentication Guide to Computer Network Security.
Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.
CIS 450 – Network Security Chapter 8 – Password Security.
CSCE 201 Identification and Authentication Microsoft support Fall 2010.
10/8/20151 Computer Security Authentication. 10/8/20152 Entity Authentication Entity Authentication is the process of verifying a claimed identity It.
Lecture 11: Strong Passwords
Mark Shtern. Passwords are the most common authentication method They are inherently insecure.
29.1 Lecture 29 Security I Based on the Silberschatz & Galvin’s slides And Stallings’ slides.
Identification and Authentication University of Sunderland COM380 Harry R. Erwin, PhD.
Le Trong Ngoc Security Fundamentals Entity Authentication Mechanisms 4/2011.
Lecture 19 Page 1 CS 111 Online Authentication for Operating Systems What is authentication? How does the problem apply to operating systems? Techniques.
1 Lecture 8: Authentication of People what you know (password schemes) what you have (keys, smart cards, etc.) what you are (voice recognition, fingerprints,
Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
G53SEC 1 Authentication and Identification Who? What? Where?
 Access Control 1 Access Control  Access Control 2 Access Control Two parts to access control Authentication: Are you who you say you are? – Determine.
CSCE 522 Identification and Authentication. CSCE Farkas2Reading Reading for this lecture: Required: – Pfleeger: Ch. 4.5, Ch. 4.3 Kerberos – An Introduction.
Identification and Authentication CS432 - Security in Computing Copyright © 2005,2010 by Scott Orr and the Trustees of Indiana University.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
Security CS Introduction to Operating Systems.
Password Cracking By Allison Ramondetta & Christine Giordano.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CNIT 124: Advanced Ethical Hacking Ch 9: Password Attacks.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
Lecture 5 User Authentication modified from slides of Lawrie Brown.
Lecture 7 Page 1 CS 236 Online Authentication CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Authentication What you know? What you have? What you are?
INTRODUCTION TO BIOMATRICS ACCESS CONTROL SYSTEM Prepared by: Jagruti Shrimali Guided by : Prof. Chirag Patel.
Chapter 4- Part3. 2 Implementing User Profiles A local user profile is automatically created at the local computer when you log on with an account for.
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
CSCI 530 Lab Authorization. Review Authentication: proving the identity of someone Passwords Smart Cards DNA, fingerprint, retina, etc. Authorization:
COEN 351 Authentication. Authentication is based on What you know Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card.
Password Security Module 8. Objectives Explain Authentication and Authorization Provide familiarity with how passwords are used Identify the importance.
CSCE 201 Identification and Authentication Fall 2015.
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
My topic is…………. - It is the fundamental building block and the primary lines of defense in computer security. - It is a basic for access control and.
CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
By Kyle Bickel.  Securing a host computer is making sure that your computer is secure when it’s connected to the internet  This be done by several protective.
Computer Security Set of slides 8 Dr Alexei Vernitski.
Chapter Six: Authentication 2013 Term 2 Access Control Two parts to access control Authentication: Are you who you say you are?  Determine whether access.
CSEN 1001 Computer and Network Security Amr El Mougy Mouaz ElAbsawi.
7/10/20161 Computer Security Protection in general purpose Operating Systems.
I have edited and added material.
Password Cracking Lesson 10.
Kiran Subramanyam Password Cracking 1.
Cyber Operation and Penetration Testing Online Password Cracking Cliff Zou University of Central Florida.
Exercise: Hashing, Password security, And File Integrity
Computer Security Authentication
Computer Security Protection in general purpose Operating Systems
Outline Introduction Basic authentication mechanisms.
COEN 351 Authentication.
Outline Introduction Basic authentication mechanisms.
Presentation transcript:

CSCI 530 Lab Authentication

Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature is the authentication mechanism Different from Authorization Authorization states what he/she can do on a system

Authentication How do we authenticate: Something they know Password Something they are Retina Fingerprint DNA Something they own Smart Card Somewhere they are Login only works at certain terminals

How much authentication is needed? We can use either one or a combination of all the above Client systems Normally just a login Military top secret security base Name Badge Passcode Credit card purchases Driver’s license  Name  Picture

How can authentication be broken? For security purposes, we need to know how authentication can be broken so we know how to prevent against it Passwords Can be Guessed Can be Cracked Smartcards Can be copied or stolen Fingerprints Can be copied by using scotch tape

Password Breaking Dictionary attack List of dictionary words that are tried one after another Very quick If the password is not an exact match to a word on the list, then it will fail Hybrid attack Uses a dictionary list but can detect slight variations to words, or combinations of words. Example: if the word hello is in the database, but the password is Hello, a dictionary attack will not break the password, but a Hybrid attack will Generally finds many more words than a Dictionary attack Not as quick as Dictionary attack

Password Breaking Bruteforce attack Will try every character combination until it finds the password EXTREMELY SLOW Will always find the password These techniques can either be used against a system or a file containing the passwords

Rainbow Tables Philippe Oechslin Uses a reduce function to attempt to map a hash to a password Uses chains to determine the exact password For a good primer on Rainbow Tables, see: Pros Can break any password in a matter of minutes Cons Must have specific Rainbow Table for a particular hashing function Can be defeated using Salts

Detecting someone trying to break into a system Auto-logout If the user enters the wrong password n times, disable their account for a certain period of time Protect your password list on your system Make sure the administrator has access and no one else, so a normal user cannot copy it onto another system

This week’s lab Using a Virtual Linux system Login as root, create user names, then copy the password file to the Windows host system Use John the Ripper to break the passwords in the password file Must be done in lab since we are using a Linux virtual machine

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.