Section 2.3 – Authentication Technologies 1. Authentication The determination of identity, usually based on a combination of – something the person has.

Slides:



Advertisements
Similar presentations
RFID Access Control System March, 2003 Softrónica.
Advertisements

Section 2.3 – Authentication Technologies 1. Authentication The determination of identity, usually based on a combination of – something the person has.
Physical Security Locks & Safes Authentication Technologies
Lecture 6 User Authentication (cont)
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
Biometrics By: Ashley Rodriguez. Biometrics An automated method of recognizing a person based on physical or behavioral traits. Consist of two main classes.
TPS – UNIQUE HARDWARE ( Option 1: Transaction Processing Systems.
Chapter 2: Physical Security 1. Section 2.2 – Locks and Keys Digital security often begins with physical security… 2.
Automatic Data Capture Devices & Methods
HARDWARE INPUT DEVICES ITGS. Strand 3.1 Hardware Input Devices Keyboards Pointing devices: Mice Touch pads Reading tools: Optical mark recognition (OMR)
Automatic Finger Print Identification System with Multi biometric Options A smart presentation On AFIS System.
Section – Biometrics 1. Biometrics Biometric refers to any measure used to uniquely identify a person based on biological or physiological traits.
BIOMETRICS AND NETWORK AUTHENTICATION Security Innovators.
FIT3105 Smart card based authentication and identity management Lecture 4.
AUTOMATIC DATA CAPTURE  a term to describe technologies which aim to immediately identify data with 100 percent accuracy.
RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.
Physical-layer Identification of RFID Devices Authors: Boris Danev, Thomas S. Heyde-Benjamin, and Srdjan Capkun Presented by Zhitao Yang 1.
Your Interactive Guide to the Digital World Discovering Computers 2012.
Adapted from CTAE Resources Network PROFITT Curriculum Basic Computer Skills Module 1 Hardware.
1J. M. Kizza - Ethical And Social Issues Module 16: Biometrics Introduction and Definitions Introduction and Definitions The Biometrics Authentication.
Module 14: Biometrics Introduction and Definitions The Biometrics Authentication Process Biometric System Components The Future of Biometrics J. M. Kizza.
Security systems need to be able to distinguish the “white hats” from the “black hats”. This all begins with identity. What are some common identifiers.
Cs490ns-cotter1 Physical Security Digital security often begins with physical security… Locks and Keys Authentication 1.
Karthiknathan Srinivasan Sanchit Aggarwal
What’s Happening with RFID? Faith Lamprey Aurora Technologies (401) NEMUG November, 2009.
Zachary Olson and Yukari Hagio CIS 4360 Computer Security November 19, 2008.
Authentication Approaches over Internet Jia Li
By: Piyumi Peiris 11 EDO. Swipe cards are a common type of security device used by many people. They are usually a business-card-sized plastic card with.
Chapter 10: Authentication Guide to Computer Network Security.
WELCOME TO THE SEMINAR ON Money Pad, The Future Wallet
Information Security for Managers (Master MIS)
Radio Frequency Identification By Bhagyesh Lodha Vinit Mahedia Vishnu Saran Mitesh Bhawsar.
OCR GCSE ICT DATA CAPTURE METHODS. LESSON OVERVIEW In this lesson you will learn about the various methods of capturing data.
CS 736 A methodology for Analyzing the Performance of Authentication Protocol by Laseinde Olaoluwa Peter Department of Computer Science West Virginia.
Smart Card Application. Smart-card is a plastic card, the size of a standard credit card, with one or several integrated circuits (chips) capable to store.
IT’s private. Ofcom report 80% of UK homes have access to the Internet 76% of UK homes have broadband 40% of UK adults use a smartphone Image by: VEER/Corina.
Smart Card Technology & Features
Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.
Radio-frequency identification (RFID) is an automatic identification method, relying on storing and remotely retrieving data using devices called RFID.
RFID: Radio Frequency Identification Amanda Di Maso Shreya Patel Tresit Tarko.
28 th International Traffic Records Forum Biometrics/SmartCard Workshop 28 th International Traffic Records Forum August 4, 2002 Orlando, Florida.
Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?
Discovering Computers Fundamentals, Third Edition CGS 1000 Introduction to Computers and Technology Fall 2006.
Power Point Project Michael Bennett CST 105Y01 ONLINE Course Editor-Paulette Gannett.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
PRESENTATION ON BIOMETRICS
THE INTERNET OF THINGS (IOT). THE INTERNET OF THINGS Objects can transmit and share information without any human intervention.
Biometrics Chuck Cook Matthew Etten Jeremy Vaughn.
IDENTITY NUMBERS BY A.M.VILLAVAN M.TECH(COS). RFID Acronymn: Radio Frequency Identification Device RFID is a technology, whose origins are found in the.
My topic is…………. - It is the fundamental building block and the primary lines of defense in computer security. - It is a basic for access control and.
I’m back ! Had a nice Holiday? I’m back ! Had a nice Holiday? Today we are talking PROXIMITY TECHNOLOGY Today we are talking PROXIMITY TECHNOLOGY.
By Kyle Bickel. Road Map Biometric Authentication Biometric Factors User Authentication Factors Biometric Techniques Conclusion.
Electronic Banking & Security Electronic Banking & Security.
Biometric ATM Created by:. Introduction Biometrics refers to the automatic identification of a person based on his physiological/behavioral characteristics.
Shital ghule..  INTRODUCTION: This paper proposes an ATM security model that would combine a physical access card,a pin and electronic facial recognition.
Introduction to Input Devices. Input Devices Units that gather information and transform that information into a series of electronic signals for the.
A smart card is a credit card sized plastic card embedded with an integrated circuit chip that makes it "smart". This made between a convenient plastic.
Challenge/Response Authentication
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
AGENDA Introduction Kind of information smart card contain
Input Devices.
Authentication.
Smart Card Technology Why is a Smart Card So Smart?
Biometrics Reg: AMP/HNDIT/F/F/E/2013/067.
Security Barriers Asset Proper Access Attack Security System
Biometric technology.
Chapter 2: Physical Security
Module 2 OBJECTIVE 14: Compare various security mechanisms.
Operating Systems Concepts
Security in Wide Area Networks
Presentation transcript:

Section 2.3 – Authentication Technologies 1

Authentication The determination of identity, usually based on a combination of – something the person has (like a smart card or a radio key fob storing secret keys), – something the person knows (like a password), – something the person is (like a human with a fingerprint). 2 Something you are Something you know Something you have radio token with secret keys password=ucIb()w1V mother=Jones pet=Caesar human with fingers and eyes

Barcodes Developed in the 20th century to improve efficiency in grocery checkout. First-generation barcodes represent data as a series of variable-width, vertical lines of ink, which is essentially a one-dimensional encoding scheme. Some more recent barcodes are rendered as two-dimensional patterns using dots, squares, or other symbols that can be read by specialized optical scanners, which translate a specific type of barcode into its encoded information. 3

Authentication via Barcodes Since 2005, the airline industry has been incorporating two-dimensional barcodes into boarding passes, which are created at flight check-in and scanned before boarding. In most cases, the barcode is encoded with an internal unique identifier that allows airport security to look up the corresponding passenger’s record with that airline. Staff then verifies that the boarding pass was in fact purchased in that person’s name (using the airline’s database), and that the person can provide photo identification. In most other applications, however, barcodes provide convenience but not security. Since barcodes are simply images, they are extremely easy to duplicate. 4 Public domain image from Two-dimensional barcode

Magnetic Stripe Cards Plastic card with a magnetic stripe containing personalized information about the card holder. The first track of a magnetic stripe card contains the cardholder’s full name in addition to an account number, format information, and other data. The second track may contain the account number, expiration date, information about the issuing bank, data specifying the exact format of the track, and other discretionary data. 5 Public domain image by Alexander Jones from

Mag Stripe Card Security One vulnerability of the magnetic stripe medium is that it is easy to read and reproduce. Magnetic stripe readers can be purchased at relatively low cost, allowing attackers to read information off cards. When coupled with a magnetic stripe writer, which is only a little more expensive, an attacker can easily clone existing cards. So, many uses require card holders to enter a PIN to use their cards (e.g., as in ATM and debit cards in the U.S.). 6

Smart Cards Smart cards incorporate an integrated circuit, optionally with an on-board microprocessor, which microprocessor features reading and writing capabilities, allowing the data on the card to be both accessed and altered. Smart card technology can provide secure authentication mechanisms that protect the information of the owner and are extremely difficult to duplicate. 7 Public domain image from Circuit interface

Smart Card Authentication They are commonly employed by large companies and organizations as a means of strong authentication using cryptography, US government CAC cards, e.g. Smart cards may also be used as a sort of “electronic wallet,” containing funds that can be used for a variety of services, including parking fees, public transport, and other small retail transactions. 8

PCMCIA Card Authentication These have active circuits powered when plugged into a computer or PCMCIA card reader Often these have cryptographic algorithms and keys stored on them, which can only be accessed through a limited interface Example: Fortezza cards with public key certificates and private key(s) encrypted with Skipjack 9

SIM Cards Many mobile phones use a special smart card called a subscriber identity module card (SIM card). A SIM card is issued by a network provider. It maintains personal and contact information for a user and allows the user to authenticate to the cellular network of the provider. 10

SIM Card Security(1) SIM cards contain several pieces of information that are used to identify the owner and authenticate to the appropriate cell network. Each SIM card corresponds to a record in the database of subscribers maintained by the network provider. A SIM card features an integrated circuit card ID (ICCID), which is a unique 18-digit number used for hardware identification. 11

SIM Card Security (2) Next, a SIM card contains a unique international mobile subscriber identity (IMSI), which identifies the owner’s country, network, and personal identity. SIM cards also contain a 128-bit secret key. This key is used for authenticating a phone to a mobile network. As an additional security mechanism, many SIM cards require a PIN before allowing any access to information on the card. 12

GSM Challenge-Response Protocol 1.When a cellphone wishes to join a cellular network it connects to a local base station owned by the network provider and transmits its IMSI. 2.If the IMSI matches a subscriber’s record in the network provider’s database, the base station transmits a 128-bit random number to the cellphone. 13 IMSI = (this phone’s ID) R = a 128-bit random number (the challenge)

GSM Challenge-Response Protocol 1.This random number is then encoded by the cellphone with the subscriber’s secret key stored in the SIM card using a proprietary encryption algorithm known as A3, resulting in a ciphertext sent back to the base station. 2.The base station then performs the same computation, using its stored value for the subscriber’s secret key. If the two ciphertexts match, the cellphone is authenticated to the network and is allowed to make and receive calls. 14 IMSI = (this phone’s ID) R = a 128-bit random number (the challenge) EK(R) = the 128-bit random number encrypted using the subscriber’s secret key K (the response)

RFIDs Radio frequency identification, or RFID, is a rapidly emerging technology that relies on small transponders to transmit identification information via radio waves. RFID chips feature an integrated circuit for storing information, and a coiled antenna to transmit and receive a radio signal. 15

RFID Technology RFID tags must be used in conjunction with a separate reader or writer. While some RFID tags require a battery, many are passive and do not. The effective range of RFID varies from a few centimeters to several meters, but in most cases, since data is transmitted via radio waves, it is not necessary for a tag to be in the line of sight of the reader. 16

RFID Technology This technology is being deployed in a wide variety of applications. Many vendors are incorporating RFID for consumer-product tracking. Car key fobs. Electronic toll transponders. Logistics tracking. 17

Passports Modern passports of several countries, including the United States, feature an embedded RFID chip that contains information about the owner, including a digital facial photograph that allows airport officials to compare the passport’s owner to the person who is carrying the passport. 18 e-Passport symbol RFID chip and antenna is embedded in the cover

Passport Security All RFID communications encrypted with a secret key. Often secret key is passport number, holder’s date of birth, and expiration date, in that order. – All of this information is printed on the card, either in text or using a barcode etc. – While this secret key is intended to be only accessible to those with physical access to the passport, an attacker with information on the owner, including when their passport was issued, may be able to easily reconstruct this key, especially since passport numbers are typically issued sequentially. 19

Biometrics Biometric refers to any measure used to uniquely identify a person based on biological or physiological traits. Generally, biometric systems incorporate some sort of sensor or scanner to read in biometric information and then compare this information to stored templates of accepted users before granting access. 20 Image from used with permission under the Creative Commons Attribution 3.0 Unported license

Requirements for Biometric Identification Universality. Almost every person should have this characteristic. Distinctiveness. Each person should have noticeable differences in the characteristic. Permanence. The characteristic should not change significantly over time. Collectability. The characteristic should have the ability to be effectively determined and quantified. 21

Biometric Identification 22 Feature vector Reference vector Comparison algorithm matchesdoesn’t match Biometric Reader

Candidates for Biometric IDs Fingerprints Retinal/iris scans DNA “Blue-ink” signature Voice recognition Face recognition Gait recognition Let us consider how each of these scores in terms of universality, distinctiveness, permanence, and collectability… 23 Public domain image from Public domain image from Public domain image from

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.