Lecture 5 User Authentication modified from slides of Lawrie Brown.

Slides:



Advertisements
Similar presentations
Chapter 15 Computer Security Techniques
Advertisements

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 3: User Authentication.
Lecture 6 User Authentication (cont)
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 3 “User Authentication”.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Cryptography and Network Security Chapter 20 Intruders
1 Ola Flygt Växjö University, Sweden Intruders.
6/1/20151 Chapter 4 Authentication Methods and Protocols Stallings chapters 3,22.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
CSE331: Introduction to Networks and Security Lecture 23 Fall 2002.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
Security+ Guide to Network Security Fundamentals, Third Edition
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Information System Security, Intruders and password protection Presented by: Yanal Kilani Presented to: Dr. Lo’ai Tawalbeh Summer 2006.
Lecture 7 Access Control
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture 3: Cryptographic Tools modified from slides of Lawrie Brown.
Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Password Management. Password Protection Virtually all multiuser systems require that a user provide not only a name or identifier (ID) but also a password.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.
CIS 450 – Network Security Chapter 8 – Password Security.
10/8/20151 Computer Security Authentication. 10/8/20152 Entity Authentication Entity Authentication is the process of verifying a claimed identity It.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 3 – User Authentication.
Lecture 11: Strong Passwords
Implementing a Port Knocking System in C Honors Thesis Defense by Matt Doyle.
Lecture 5 User Authentication modified from slides of Lawrie Brown.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Password authentication Basic idea –User has a secret password –System checks password to authenticate user Issues –How is password stored? –How does system.
CSCE 522 Identification and Authentication. CSCE Farkas2Reading Reading for this lecture: Required: – Pfleeger: Ch. 4.5, Ch. 4.3 Kerberos – An Introduction.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.
Cody Brookshear Andy Borman
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
1 Chapter 9 Intruders. 2 Outline Intruders –Intrusion Techniques –Password Protection –Password Selection Strategies –Intrusion Detection Statistical.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
Chapter 9 Intruders.
Authentication What you know? What you have? What you are?
Password cracking Patrick Sparrow, Matt Prestifillipo, Bill Kazmierski.
CSCE 201 Identification and Authentication Fall 2015.
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
My topic is…………. - It is the fundamental building block and the primary lines of defense in computer security. - It is a basic for access control and.
Approaches to Intrusion Detection statistical anomaly detection – threshold – profile based rule-based detection – anomaly – penetration identification.
CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.
CIS 450 – Network Security Chapter 10 – UNIX Password Crackers.
Chapter 3 User Authentication 1. RFC 4949 RFC 4949 defines user authentication as: “The process of verifying an identity claimed by or for a system entity.”
Chapter 3 User Authentication
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
IDS And Tripwire Rayhan Mir COSC 356. What is IDS IDS - Intrusion detection system Primary function – To monitor network or host resources to detect intrusions.
CSEN 1001 Computer and Network Security Amr El Mougy Mouaz ElAbsawi.
Network Security Overview
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
7/10/20161 Computer Security Protection in general purpose Operating Systems.
Chapter 9 Intruders.
Authentication CSE 465 – Information Assurance Fall 2017 Adam Doupé
CS 465 PasswordS Last Updated: Nov 7, 2017.
Chapter 9 Intruders.
Authentication CSE 365 – Information Assurance Fall 2018 Adam Doupé
Computer Security: Principles and Practice
Computer Security Authentication
Computer Security Protection in general purpose Operating Systems
Authentication CSE 365 – Information Assurance Fall 2019 Adam Doupé
Presentation transcript:

Lecture 5 User Authentication modified from slides of Lawrie Brown

RFC 2828: user authentication “The process of verifying an identity claimed by or for a system entity.”

Authentication Process fundamental building block and primary line of defense basis for access control and user accountability identification step – presenting an identifier to the security system verification step – presenting or generating authentication information that corroborates the binding between the entity and the identifier

User Authentication the four means of authenticating user identity are based on:

Password Authentication widely used line of defense against intruders – user provides name/login and password – system compares password with the one stored for that specified login the user ID: – determines that the user is authorized to access the system – determines the user’s privileges – is used in discretionary access control

electronic monitoring password guessing against single user Password Vulnerabilities offline dictionary attack specific account attack popular password attack workstation hijacking exploiting user mistakes exploiting multiple password use

Countermeasures controls to prevent unauthorized access to password file intrusion detection measures rapid reissuance of compromised passwords account lockout mechanisms policies to inhibit users from selecting common passwords training in and enforcement of password policies automatic workstation logout policies against similar passwords on network devices

Use of Hashed Passwords prevents duplicate passwords from being visible in the password file. greatly increases the difficulty of offline dictionary attacks. For a salt of length b bits, the number of possible passwords is increased by a factor of 2b. becomes nearly impossible to find out whether a person with passwords on two or more systems has used the same password on all of them.

UNIX Implementation original scheme – up to eight printable characters in length – 12-bit salt used to modify DES encryption into a one-way hash function – zero value repeatedly encrypted 25 times – output translated to 11 character sequence now regarded as inadequate – still often required for compatibility with existing account management software or multivendor environments

Improved Implementations much stronger hash/salt schemes available for Unix recommended hash function is based on MD5 – salt of up to 48-bits – password length is unlimited – produces 128-bit hash – uses an inner loop with 1000 iterations to achieve slowdown OpenBSD uses Blowfish block cipher based hash algorithm called Bcrypt – most secure version of Unix hash/salt scheme – uses 128-bit salt to create 192-bit hash value

Password Cracking dictionary attacks – develop a large dictionary of possible passwords and try each against the password file – each password must be hashed using each salt value and then compared to stored hash values rainbow table attacks – pre-compute tables of hash values for all salts – a mammoth table of hash values – can be countered by using a sufficiently large salt value and a sufficiently large hash length

Observed Password Lengths Purdue University study on 54 systems and 7000 users

Passwords Cracked from a Sample Set of 13,797 Accounts Compiled 3M dictionary words and their variations. The more words that need to be tested for a match, the lower the cost/benefit ratio.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.