Chapter 4 – Protection in General-Purpose Operating Systems Section 4.5 User Authentication.

Slides:



Advertisements
Similar presentations
Password Cracking Lesson 10. Why crack passwords?
Advertisements

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
7-1 Last time Protection in General-Purpose Operating Systems History Separation vs. Sharing Segmentation and Paging Access Control Matrix Access Control.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
95752:3-1 Access Control :3-2 Access Control Two methods of information control: –control access –control use or comprehension Access Control Methods.
CS470, A.SelcukAuthentication Systems1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
Chapter 9 Security Authentication Insider Attacks Exploiting Code Bugs.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.
Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
Lecture 19 Overview. User Authentication Systems often have to identify and authenticate users – OS when a user logs in – Web server before handing out.
CSC 386 – Computer Security Scott Heggen. Agenda Authentication.
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.
CIS 450 – Network Security Chapter 8 – Password Security.
File Protection Mechanisms  All-None Protection Lack of trustLack of trust All or nothingAll or nothing Timesharing issuesTimesharing issues ComplexityComplexity.
The Protection of Information in Computer Systems Part I. Basic Principles of Information Protection Jerome Saltzer & Michael Schroeder Presented by Bert.
10/8/20151 Computer Security Authentication. 10/8/20152 Entity Authentication Entity Authentication is the process of verifying a claimed identity It.
Three Basic Identification Methods of password Possession (“something I have”) Possession (“something I have”) Keys Passport Smart Card Knowledge (“Something.
Files are at risk from loss if your computer breaks or if you get a virus. Files can also become corrupted. Solutions: Make regular back ups of files Use.
1 Lecture 8: Authentication of People what you know (password schemes) what you have (keys, smart cards, etc.) what you are (voice recognition, fingerprints,
Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary.
Session 7 LBSC 690 Information Technology Security.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Security PS Evaluating Password Alternatives Bruce K. Marshall, CISSP, IAM Senior Security Consultant
G53SEC 1 Authentication and Identification Who? What? Where?
 Access Control 1 Access Control  Access Control 2 Access Control Two parts to access control Authentication: Are you who you say you are? – Determine.
Security in Operating Systems Cuiwei Zhao. Security in Operating System §Security breaches §Security goals §Protected objects of the general purpose operating.
Chapter 4 – Protection in General Purpose Operating Systems  Protection features provided by general-purpose operating systems— protecting memory, files,
Protection in General- Purpose OS Week-3. Our Main Concern In what way do operating systems protect one user’s process from inadvertent or malicious interaction.
Identification and Authentication CS432 - Security in Computing Copyright © 2005,2010 by Scott Orr and the Trustees of Indiana University.
Mitch Parks, GSEC/GCWN ITS Desktop Security Analyst
How Safe are They?. Overview Passwords Cracking Attack Avenues On-line Off-line Counter Measures.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
Security in Computing Protection in General-Purpose Operating Systems.
Authentication Issues and Solutions CSCI 5857: Encoding and Encryption.
G53SEC 1 Authentication and Identification Who? What? Where?
Codes & Ciphers Ltd 12 Duncan Road Richmond, Surrey TW9 2JD Information Security Group Royal Holloway, University of London Egham, Surrey TW20 0EX Impersonation.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
Chapter 1 – Introduction Part 4 1. Message Authentication Codes Allows for Alice and Bob to have data integrity, if they share a secret key. Given a message.
Computer Science and Engineering Computer System Security CSE 5339/7339 Lecture 14 October 5, 2004.
Lecture 7 Page 1 CS 236 Online Authentication CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Security fundamentals Topic 4 Encryption. Agenda Using encryption Cryptography Symmetric encryption Hash functions Public key encryption Applying cryptography.
Computer Security By Duncan Hall.
COEN 351 Authentication. Authentication is based on What you know Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card.
CSCE 201 Identification and Authentication Fall 2015.
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
1 Authentication Technologies Authentication Mechanisms –Something you know –Something you have –Something you are Features –Authenticator & Base secret.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
Host and Application Security Lesson 8: You are you… mostly.
Chapter Six: Authentication 2013 Term 2 Access Control Two parts to access control Authentication: Are you who you say you are?  Determine whether access.
Understanding Security Policies Lesson 3. Objectives.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
7/10/20161 Computer Security Protection in general purpose Operating Systems.
Understanding Security Policies
Chapter 6 – Users, Groups, and Permissions
Identification and Authentication
Password Cracking Lesson 10.
Operating Systems Security
Module 2 OBJECTIVE 14: Compare various security mechanisms.
Computer Security Authentication
From Passwords to Public keys Chapter 4 ~ Chapter 6
Computer Security Protection in general purpose Operating Systems
Presentation transcript:

Chapter 4 – Protection in General-Purpose Operating Systems Section 4.5 User Authentication

In this section Authentication Passwords Effective passwords Breaking passwords One-Time Systems Biometrics

User Authentication Most software and OS base there security on knowing who the user is Authentication based on 1 of 3 qualities: Something the user knows – Passwords, PIN, passphrase Something the user has – Key, license, badge, username Something the user is – physical characteristics or biometrics Two forms of these can be combined together

Passwords as Authenticators Most common authentication mechanism Password – a word unknown to users and computers Problems with passwords: Loss Use – time consuming if used on each file or access Disclosure – if Malory finds out the password might cause problems for everyone else. Revocation – revoke one persons right might cause problems with others

Additional Authentication Information Placing other condition in place can enforce the security of a password Other methods: Limiting the time of access Limiting the location of access Multifactor Authentication is using additional forms of authentication The more authentication factors cause more for the system and administrator to manage

Attacks on Passwords Figuring out a password Try all possible passwords Try frequently used passwords Try passwords likely for the user Search for the system password list Ask the user Loose-Lipped Systems Authentication system leaks information about the password or username Provides information at inconvenient times

Exhaustive Attack Brute force attack is when the attacker tries all possible passwords Example: 26 (A-Z)character password of length 1 to 8 characters One password per millisecond would take about two months But we would not need to try every password

Password Problems Probable Passwords Passwords Likely for a user Weakness is in the users choice Weakness is in the control of the system Look at table 4-2 on page 225

Figure 4-15 Users’ Password Choices.

Password Selection Criteria Use characters other than just A-Z Choose long passwords Avoid actual names or words Choose an unlikely password Change the password regularly Don’t write it down Don’t tell anyone else – beware of Social Engineering

One-Time Passwords Password that changes every time Also known as a challenge-response systems F(x)=x+1 - use of a function F(x)=r(x) – Seed to a random number generator F(a b c d e f g) = b d e g f a c – transformation of a character string F(E(x))=E( D (E (x)) + 1 ) – Encrypt value must be decrypted and run through a function

The Authentication Process Slow response from system Limited number of attempts Access limitations Fixing Flaws with a second level of protection Challenge-Response Impersonation of Login

Biometrics Biometrics are biological authenticators Problems with Biometrics Still a relatively new concept Can be costly Establishing a threshold Single point of failure False positives Speed can limit accuracy Forgeries are possible

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.