Taxonomies of User-Authenticated Methods in Computer Networks Göran Pulkkis, Arcada Polytechnic, Finland Kaj J. Grahn, Arcada Polytechnic, Finland Jonny.

Slides:



Advertisements
Similar presentations
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Advertisements

Access Control Methodologies
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
FIT3105 Smart card based authentication and identity management Lecture 4.
802.1x EAP Authentication Protocols
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.
Security-Authentication
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Chapter 10: Authentication Guide to Computer Network Security.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
WIRELESS LAN SECURITY Using
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
CIS 450 – Network Security Chapter 8 – Password Security.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Chapter 21 Distributed System Security Copyright © 2008.
Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.
Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.
UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Secure Authentication System for Public WLAN Roaming Ana Sanz Merino, Yasuhiko.
Networking and Health Information Exchange Unit 9b Privacy, Confidentiality, and Security Issues and Standards.
EVALUATING SECURITY OF SMART PHONE MESSAGING APPLICATIONS PRESENTED BY SUDHEER AKURATHI.
1 Lect. 20. Identification. 2  Entity Authentication (Identification) Over the communication network, one party, Alice, shows to another party, Bob,
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Security Planning and Administrative Delegation Lesson 6.
ICC Module 3 Lesson 5 – IT Security 1 / 4 © 2015 Ph. Janson Information, Computing & Communication Security – Clip 0 – Introduction School of Computer.
ICOS BOF EAP Applicability Bernard Aboba IETF 62, Minneapolis, MN.
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements.
INTRODUCTION TO BIOMATRICS ACCESS CONTROL SYSTEM Prepared by: Jagruti Shrimali Guided by : Prof. Chirag Patel.
Privilege Management Chapter 22.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
SEC835 Identity and Access Management Overview. Tasks of IAM Specify the rules of electronic identity Maintain identity Validate identity Define access.
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
DHCP Vrushali sonar. Outline DHCP DHCPv6 Comparison Security issues Summary.
My topic is…………. - It is the fundamental building block and the primary lines of defense in computer security. - It is a basic for access control and.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
Network Security Overview
- Richard Bhuleskar “At the end of the day, the goals are simple: safety and security” – Jodi Rell.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.
Understand User Authentication LESSON 2.1A Security Fundamentals.
Security Methods and Practice CET4884
SECURITY in IT ~Shikhar Agarwal.
(ITI310) SESSIONS 6-7-8: Active Directory.
Security in Networking
Module 2 OBJECTIVE 14: Compare various security mechanisms.
(Authentication / Authorization)
Presentation transcript:

Taxonomies of User-Authenticated Methods in Computer Networks Göran Pulkkis, Arcada Polytechnic, Finland Kaj J. Grahn, Arcada Polytechnic, Finland Jonny Karlsson, Arcada Polytechnic, Finland Presented By, T.R.Santhosh

4/28/ Outline Definitions Classifications of user-authentication methods based on five different taxonomies. –User identification-based taxonomy. –Authentication methodology-based taxonomy. –Authentication quality-based taxonomy. –Authentication complexity-based taxonomy. –Authentication scope-based taxonomy. Elements of User Authentication Methods. –User identification. –Authentication protocol. –Registration of legitimate users.

4/28/ Definitions Authentication: –User authentication is a process where a computer, computer program, or another user attempts to confirm that a user trying to set up a communication, is the person he or she claims to be. Identification: –Identification is a way of providing a user with a unique identifier for an automated system. During the authentication process, the system validates the authenticity of the claimed user identity by comparing identification data with data stored in a user registry. Authorization: –Authorization is a process of assigning rights to an authenticated user to perform certain actions in the system.

4/28/ User Identification-Based Taxonomy This taxonomy of user authentication is based on how a user identifies himself or herself. This classification has four main branches, as shown in Figure

4/28/ User Identification-Based Taxonomy Contd., The three first branches represent well- known user identification methods: –“something you know” — knowledge-based user authentication –“something you have” — token-based user authentication –“something you are” — biometric-user authentication –The fourth branch, recognition-based user authentication, is a method in which the network authentication system discovers a unique user feature like the MAC address of the user computer.

4/28/ Authentication Methodology- Based Taxonomy The taxonomy of user authentication based on the authentication methodology has branches for: –cryptographic authentication. –non-cryptographic authentication. –open access.

4/28/ Authentication Quality-Based Taxonomy From the quality point-of-view, user authentication can be classified in the following categories: –Insecure authentication = unacceptable security risks –Weak authentication = significant security risks –Strong authentication = small security risks.

4/28/ Authentication Complexity- Based Taxonomy An authentication complexity based taxonomy classifies authentication methods as: –Single-factor authentication. –Multiple-factor authentication. Multiple-factor authentication means that a user is identified by more than one method. –Token-based authentication is the best-known example of two-factor authentication, since token use is authorized by a PIN or by a passphrase or even biometrically.

4/28/ Authentication Scope-Based Taxonomy An authentication scope-based taxonomy classifies authentication methods as, –Service bound methods. –Single sign-on (SSO) methods. Service-bound authentication gives a legitimate user access to one service or to one computer or to one network. A SSO authentication opens user access to a set of services and/or computers and/or networks in which this user has been registered.

4/28/ Elements of an User- Authentication Method A user authentication method consists of three key elements: –User identification. –Authentication protocol. –Registration of legitimate users.

4/28/ User Identification User Passwords –A user password is a character string known only by the user. Security risks are related to password quality and password privacy. Improved password security is achieved by password renewal policies. –Best password security is achieved by one-time passwords. Exclusive User Ownership of a Token –Exclusive user ownership of a token means exclusive access to a private key in public key cryptography or exclusive access to a generator of successive access codes (timed token or authenticator). –Security risks with tokens generating access-code sequences are related to secrecy of the seed of generation algorithms. Biometric User Identification

4/28/ Authentication Protocols Extensible Authentication Protocol (EAP) –EAP handles the transportation of authentication messages between a client and an Authentication, Authorization, and Accounting (AAA) server over the link layer.

4/28/ Registration of Legitimate Users Registration in a File System Registration in a Directory System Registration in a Data Base

4/28/ Conclusion Secure user-authentication mechanisms are cornerstones in the design and implementation of computer networks or network services containing important and confidential information. User-authentication needs are dependent on several factors, such as the size of the network, number of users, and the needed security level. When planning a taxonomy, it is important to consider user perspectives, expectations, sources of information, and uses of information.

4/28/ References Enterprise Information Systems Assurance and System Security –Merrill Warkentin –Rayford Vaughn