COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

Slides:



Advertisements
Similar presentations
Lecture 6 User Authentication (cont)
Advertisements

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 3 “User Authentication”.
Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
第十章 1 Chapter 10 Authentication of People. 第十章 2 Introduction This chapter deals with password-related issues like how to force users to choose unguessable.
95752:3-1 Access Control :3-2 Access Control Two methods of information control: –control access –control use or comprehension Access Control Methods.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
Chapter 9 Overview of Authentication System
CS470, A.SelcukAuthentication Systems1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
CMSC 414 Computer (and Network) Security Lecture 24 Jonathan Katz.
NS-H /11041 System Security. NS-H /11042 Authentication Verifying the identity of another entity Two interesting cases (for this class): –Computer.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
Strong Password Protocols
Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.
Chapter 2. Network Security Protocols
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.
Chapter-2 Identification & Authentication. Introduction  To secure a network the first step is to avoid unauthorized access to the network.  This can.
Authentication and Authorization Authentication is the process of verifying a principal’s identity (but how to define “identity”?) –Who the person is –Or,
COEN 250 Authentication. Between human and machine Between machine and machine.
10/8/20151 Computer Security Authentication. 10/8/20152 Entity Authentication Entity Authentication is the process of verifying a claimed identity It.
Lecture 11: Strong Passwords
David Evans CS150: Computer Science University of Virginia Computer Science Class 31: Cookie Monsters and Semi-Secure.
Lecture 19 Page 1 CS 111 Online Authentication for Operating Systems What is authentication? How does the problem apply to operating systems? Techniques.
1 Lecture 8: Authentication of People what you know (password schemes) what you have (keys, smart cards, etc.) what you are (voice recognition, fingerprints,
Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary.
Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.
Lecture 5 User Authentication modified from slides of Lawrie Brown.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
G53SEC 1 Authentication and Identification Who? What? Where?
Lecture 7 Page 1 CS 236, Spring 2008 Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know.
CSCE 522 Identification and Authentication. CSCE Farkas2Reading Reading for this lecture: Required: – Pfleeger: Ch. 4.5, Ch. 4.3 Kerberos – An Introduction.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.
1 Lecture 9: Cryptographic Authentication objectives and classification one-way –secret key –public key mutual –secret key –public key establishing session.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz
G53SEC 1 Authentication and Identification Who? What? Where?
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
Authentication Lesson Introduction ●Understand the importance of authentication ●Learn how authentication can be implemented ●Understand threats to authentication.
Authentication What you know? What you have? What you are?
COEN 351 Authentication. Authentication is based on What you know Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card.
Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.
1 Authentication Protocols Rocky K. C. Chang 9 March 2007.
CSCE 201 Identification and Authentication Fall 2015.
My topic is…………. - It is the fundamental building block and the primary lines of defense in computer security. - It is a basic for access control and.
Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.
Chapter 3 User Authentication 1. RFC 4949 RFC 4949 defines user authentication as: “The process of verifying an identity claimed by or for a system entity.”
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
Chapter Six: Authentication 2013 Term 2 Access Control Two parts to access control Authentication: Are you who you say you are?  Determine whether access.
Identification (User Authentication). Model Alice wishes to prove to Bob her identity in order to access a resource, obtain a service etc. Bob may ask.
@Yuan Xue Authentication Protocol and System Yuan Xue.
7/10/20161 Computer Security Protection in general purpose Operating Systems.
Identification and Authentication
Challenge/Response Authentication
Computer Security Authentication
Computer Security Protection in general purpose Operating Systems
COEN 351 Authentication.
Presentation transcript:

COEN 350: Network Security Authentication

Between human and machine Between machine and machine

Human Machine Authentication Authentication protocols are based on What you know. E.g. password, pass-phrase, (secret key, private key). What you have. Physical key, smart card. What you are. Biometrics. Where you are. E.g. trusted machine, access to room, …

Authentication Passwords Predate computers. As do some attacks (stealing, guessing) Older cell phone technology transmits originating number with a password. Password good, call goes through. Eavesdropper receives phone number – password combination. Eavesdropper can now clone the phone.

Authentication Password Attacks Guessing On-line Time consuming. Authentication attempts are usually logged. Can detect attack long before it is likely to succeed. Can disrupt the attack. Off-line Attacker needs to steal relevant data from which password(s) can be determined. Attacker can use arbitrary amount of computing power. Capturing Passwords Eavesdropping Login Trojan Horse

Authentication Passwords are stored On each server Alice uses. Centrally: Authentication Storage Node: Each server retrieves the information when it wants to authenticate Alice. Centrally: Authentication Facilitator Node: Each server takes Alice’s data and password and goes to the AFN.

Authentication Password can be stored Unencrypted Simple Dangerous Implicitly as hashes of passwords As in UNIX, VMS Encrypted Hashed and Encrypted

Authentication Example: Network Information Service (Yellow Pages) Directory service is the authentication storage node. Stores hashed passwords of users. Typically, hashed passwords list is world readable Access by claiming to be a server. NIS authentication storage node does not authenticate itself to users. Allows impersonation of authentication service.

Authentication Passwords for machine – machine communication can be made difficult to guess. Arbitrary length Truly random choice of characters. Human-machine passwords Guessable Subject to dictionary attack.

Authentication Dictionary attack Most passwords are natural language words. Or derived from natural language words. Guess the language. Use a dictionary to try out all words in the language. Start with common passwords first. Replace a single character in a word, attach a random character, etc.

Authentication Brute-Force Attack Generate all possible password. Sometimes make assumptions on the alphabet only printable character characters on a key-board

Authentication Salting Protects hashed passwords against an offline attack. Brute Force attack attacks all passwords in password file simultaneously.

Authentication Salting Store a salt with each password Hash depends on salt and password. Use different salts for different passwords. Store salt with password.

Authentication Salting Brute force attack, dictionary attack can only attack a single password.

Authentication Passwords are compromised: By obtaining password file. Safeguard by Hashing and Salting Encryption By eavesdropping on an exchange Use one-way passwords: Lamport Hash

Authentication Address Based Common in early UNIX Rtools:.rhosts In user home directory (Computer, Account) pairs These pairs are allowed access to the user’s account /etc/hosts.equiv List of network addresses of “equivalent” machines Account name on A is equivalent to account name on B. Users have to have identical account names.

Authentication Addressed based authentication threatened by Access escalation Attacker gains access to one hosts. Access cascades to equivalent hosts / rhosts. Spoofing addresses Very easy to spoof source address. Harder to intercept traffic back.

Authentication Ethernet network address impersonation Easy on the same link. Hubs do not protect. Switches can be spoofed through the ARP protocol. Routers are harder to fool, but can be attacked and provided with misleading routing data.

Authentication Cryptographic authentication Alice proves her identity to Bob by proving to Bob that she knows a secret. Hashes Secret key cryptography Public key cryptography.

Human Machine Authentication Initial password distribution to humans Pre-expired, strong passwords Through mail Derivable from common knowledge Student ID

Human Machine Authentication Authentication Token Possession of the token proves right to access. Magnetic stripe as on credit cards. Harder to reproduce “Impossible” to guess Demand special hardware Can be lost or stolen Add pin or password protection Are not safe against communication eavesdropping and forging

Human Machine Authentication Authentication Token Smart Card. Needs to be inserted in a smart card reader. Card authenticates to the smart card reader. PIN protected smart cards. Stops working after a number of false PINs. Cryptographic challenge / response cards Card contains a cryptographic key. Authenticating computer issues a challenge. Card solves the challenge after PIN is entered. Harder to crack than PIN protected smart cards because key is never revealed.

Human Machine Authentication Authentication Token Smart Card. Readerless smart card (Cryptographic calculator) Communicates with owner through mini-keyboard and display. Authenticating computer issues a challenge to Alice. Alice types in challenge into readerless smart card. Readerless smart card solves the challenge. After Alice puts in her password. Alice transfers the answer to the computer.

Human Machine Authentication Biometrics Retinal scanner Fingerprint reader Face recognition Iris scanner Handprint readers Voiceprints Keystroke timing Signatures

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.