Authentication Approaches over Internet Jia Li

Slides:



Advertisements
Similar presentations
Lecture 6 User Authentication (cont)
Advertisements

Biometry and Security: Secure Biometric Authentication for Weak Computational Devices Author: Zelenevskiy Vladimir Based on the research by M.J. Atallah.
BIOMETRIC VOTING SYSTEM
1 Cypak core technology New convenient security solutions for online gaming Combat fraud and keep your customer happy.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Security-Authentication
Security systems need to be able to distinguish the “white hats” from the “black hats”. This all begins with identity. What are some common identifiers.
Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.
Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication.
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
DNSSEC Cryptography Review Track 2 Workshop July 3, 2010 American Samoa Hervey Allen.
Chapter 10: Authentication Guide to Computer Network Security.
Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
1 The SpaceWire Internet Tunnel and the Advantages It Provides For Spacecraft Integration Stuart Mills, Steve Parkes Space Technology Centre University.
.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.
CS 736 A methodology for Analyzing the Performance of Authentication Protocol by Laseinde Olaoluwa Peter Department of Computer Science West Virginia.
CIS 450 – Network Security Chapter 8 – Password Security.
Chapter-2 Identification & Authentication. Introduction  To secure a network the first step is to avoid unauthorized access to the network.  This can.
CSCE 201 Identification and Authentication Microsoft support Fall 2010.
Encryption Objective 1: Explain data encryption procedures.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Cryptography, Authentication and Digital Signatures
David Evans CS150: Computer Science University of Virginia Computer Science Class 31: Cookie Monsters and Semi-Secure.
Biometrics The Password You’ll Never Forget Shadi Azoum & Roy Donaldson CIS 4360 – Introduction to Computer Security.
Types of Electronic Infection
Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.
1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
SEC835 Runtime authentication Secure session management Secure use of cryptomaterials.
Strong Security for Distributed File Systems Group A3 Ka Hou Wong Jahanzeb Faizan Jonathan Sippel.
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
CSCE 522 Identification and Authentication. CSCE Farkas2Reading Reading for this lecture: Required: – Pfleeger: Ch. 4.5, Ch. 4.3 Kerberos – An Introduction.
Biometrics Authentication Technology
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Encryption. Introduction The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live.
Pertemuan #9 Security in Practice Kuliah Pengaman Jaringan.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
1 Kerberos – Private Key System Ahmad Ibrahim. History Cerberus, the hound of Hades, (Kerberos in Greek) Developed at MIT in the mid 1980s Available as.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
PPP Configuration.
Authentication What you know? What you have? What you are?
INTRODUCTION TO BIOMATRICS ACCESS CONTROL SYSTEM Prepared by: Jagruti Shrimali Guided by : Prof. Chirag Patel.
1 State and Session Management HTTP is a stateless protocol – it has no memory of prior connections and cannot distinguish one request from another. The.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
Internet2 Base CAMP Topics in Middleware: Authentication.
CSCE 201 Identification and Authentication Fall 2015.
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
My topic is…………. - It is the fundamental building block and the primary lines of defense in computer security. - It is a basic for access control and.
CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
BOPS – Biometric Open Protocol Standard Emilio J. Sanchez-Sierra.
By Kyle Bickel. Road Map Biometric Authentication Biometric Factors User Authentication Factors Biometric Techniques Conclusion.
Biometric ATM Created by:. Introduction Biometrics refers to the automatic identification of a person based on his physiological/behavioral characteristics.
Information Systems Design and Development Security Precautions Computing Science.
1 Example security systems n Kerberos n Secure shell.
Dr. Nermin Hamza.  Attacks:  Traffic Analysis : traffic analysis occurs when an eavesdroppers observes message traffic on network. Not understand the.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Authentication.
PPP – Point to Point Protocol
Network Security Unit-VI
ONLINE SECURE DATA SERVICE
Operating Systems Concepts
Presentation transcript:

Authentication Approaches over Internet Jia Li

What is authentication? Authentication is a process by which the identity of a user accessing a network or other source of information is verified. Why do we need authentication? To prevent sniffers from counterfeiting the identity of legal users

Authentication approaches ● Username/password Authentication ● Device-based Authentication ○ USB-Key Authentication ○ Dynamic Password Authentication ● Biometric Authentication

Username/password Authentication Basic mechanism PAP (password Authentication Protocol)

Obvious disadvantages ● Passwords are exposed over Internet when transmitted from client to server ● Sniffer can easily steal and read the password, and then counterfeit as the user to send password to the server A way to prevent plaintext password? 

Improved mechanism Encrypt passwords by hash function and random variable ● Hash Function ○ takes in arbitrary block of data and returns a fix-sized bit string as hash value ○ one-way function: extremely difficult to inverse the function and to get its original input data from hash value ○ impossible to modify the original data without changing its hash value ○ there are never two messages having the same hash value

● Authentication Process client: send passwords encrypted by hash function to the server server: compute the expected hash value and compare it with the received hash value from the client

● Advantages ○ passwords are not exposed directly over Internet ○ sniffer cannot know the original password even if he catches the hash value ● disadvantage Sniffers can still counterfeit user’s identity by sending the hash value it caught to the server without knowing the real password (because password remains the same)

● Random variable To make password different and unique every time it is sent to the server

● Advantage Sniffers cannot use the information he captured in the previous communication to login as the user because password is changeable. ● Disadvantage If final password is still transmitted in plain text, the random variable will not make any sense, because real password is fixed in every different password. Problem solved by combination 

● Combination of hash function and random variable ● password is changeable ● sniffers cannot get original password from hash value

Device-based Authentication USB-key authentication ● Device ○ a hardware device with USB interface ○ stores user’s key in memory disk (PIN) ○ memory space cannot be read or written directly

● Authentication Process (impulse/response) 1.User enters PIN on web page 2.USB-key applies MD5 to the random series numbers and user’s key 3.Generate a hash value

● Advantages ○ user’s key is neither exposed onto Internet nor stored in the computer ○ the value in every response is different ● Disadvantage Since PIN is still entered via website, sniffers can get it easily. Once the user failed to push out USB-key in time, sniffers can use PIN they caught to get the authority of the USB-key.

Dynamic password authentication ● Device ○ A small hardware having a LCD with its own battery ○ password generation chip in it can apply a special algorithm to device ID, user’s key and the present time, and then display the password on LCD

● Authentication process

● Advantages ○ device ID and user’s key is neither exposed over Internet nor stored in the computer ○ the generated password is changeable every minute ● Disadvantage The synchronization mechanism should perform very well so that the result computed by the server can correspond to the received value.

Biometric Authentication What is biometric authentication Biometric authentication is a kind of technique that authenticates user’s identity by using everyone’s unique biological characteristics, such as face, fingerprint, retina, voice and even action postures. ■ Most reliable because it is unique and cannot be counterfeited

Fingerprint- an ideal way for biometric authentication ● unique, guarantee the one-to-one reflection between user and authentication information ● stable and will not change easily, guarantee the long time validity of the authentication information ● can be scanned quickly and conveniently ● ten different fingerprints, increase the level of security ● the authentication information is not necessary the integrated fingerprint image but can be some essential features. Save storage space in the server.

Authentication process 1.Scanner captures the image of fingerprint 2.The image is put into feature extraction template 3.Full image is translated into reduced presentation of major features

Advantage Reliable! ■ Disadvantage ● device costs much ● the installation and portability of the device on the client is a problem ● getting the sample of biometric characters is sometimes not convenient

Conclusion

Thank you!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.