CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.

Slides:



Advertisements
Similar presentations
1 Identification Who are you? How do I know you are who you say you are?
Advertisements

Password Cracking Lesson 10. Why crack passwords?
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
Access Control Methodologies
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Next Generation Two Factor Authentication. Laptop Home / Other Business PC Hotel / Cyber Café / Airport Smart Phone / Blackberry 21 st Century Remote.
Access Control and Site Security (Part 1) Thursday 1/17/2008) © Abdou Illia – Spring 2008.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
第十章 1 Chapter 10 Authentication of People. 第十章 2 Introduction This chapter deals with password-related issues like how to force users to choose unguessable.
95752:3-1 Access Control :3-2 Access Control Two methods of information control: –control access –control use or comprehension Access Control Methods.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Password Attacks Mike. Guessing Default Passwords Many applications and operating systems include built-in default passwords. Lazy administrators Database.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
1 Securing Passwords Against Dictionary Attacks Base on an article by Benny Pinkas & Tomas Sander 2002 Presented by Tomer Conforti.
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
Chapter 10: Authentication Guide to Computer Network Security.
Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.
IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.
CIS 450 – Network Security Chapter 8 – Password Security.
CSCE 201 Identification and Authentication Microsoft support Fall 2010.
10/8/20151 Computer Security Authentication. 10/8/20152 Entity Authentication Entity Authentication is the process of verifying a claimed identity It.
Lecture 11: Strong Passwords
29.1 Lecture 29 Security I Based on the Silberschatz & Galvin’s slides And Stallings’ slides.
Identification and Authentication University of Sunderland COM380 Harry R. Erwin, PhD.
Lecture 19 Page 1 CS 111 Online Authentication for Operating Systems What is authentication? How does the problem apply to operating systems? Techniques.
Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Demi Leigh.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
Physical ways of keeping your system secure. Unit 7 – Assignment 2. (Task1) By, Rachel Fiveash.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
INTRUDERS BY VISHAKHA RAUT TE COMP OUTLINE INTRODUCTION TYPES OF INTRUDERS INTRUDER BEHAVIOR PATTERNS INTRUSION TECHNIQUES QUESTIONS ON INTRUDERS.
G53SEC 1 Authentication and Identification Who? What? Where?
 Access Control 1 Access Control  Access Control 2 Access Control Two parts to access control Authentication: Are you who you say you are? – Determine.
CSCE 522 Identification and Authentication. CSCE Farkas2Reading Reading for this lecture: Required: – Pfleeger: Ch. 4.5, Ch. 4.3 Kerberos – An Introduction.
MAT 105 Spring  An identification number is a sequence of letters and/or numbers that identifies an object, person, place, or concept  The number.
Security CS Introduction to Operating Systems.
Password Cracking By Allison Ramondetta & Christine Giordano.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
Page 1 User Accounts Lecture 3 Hassan Shuja 09/21/2004.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Firewall firewalls Is a program on your computer to protect your computer from all types of threats and if you have a server and you wasn’t to protect.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
Lecture 7 Page 1 CS 236 Online Authentication CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Authentication What you know? What you have? What you are?
INTRODUCTION TO BIOMATRICS ACCESS CONTROL SYSTEM Prepared by: Jagruti Shrimali Guided by : Prof. Chirag Patel.
Access Control / Authenticity Michael Sheppard 11/10/10.
CSCI 530 Lab Authorization. Review Authentication: proving the identity of someone Passwords Smart Cards DNA, fingerprint, retina, etc. Authorization:
COEN 351 Authentication. Authentication is based on What you know Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card.
Password Security Module 8. Objectives Explain Authentication and Authorization Provide familiarity with how passwords are used Identify the importance.
CSCE 201 Identification and Authentication Fall 2015.
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
My topic is…………. - It is the fundamental building block and the primary lines of defense in computer security. - It is a basic for access control and.
CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
By Kyle Bickel.  Securing a host computer is making sure that your computer is secure when it’s connected to the internet  This be done by several protective.
Computer Security Set of slides 8 Dr Alexei Vernitski.
Todays’ Agenda Private vs. Personal Information Take out your notebook and copy the following information. Private information – information that can be.
Information Systems Design and Development Security Precautions Computing Science.
Chapter Six: Authentication 2013 Term 2 Access Control Two parts to access control Authentication: Are you who you say you are?  Determine whether access.
7/10/20161 Computer Security Protection in general purpose Operating Systems.
Password Cracking Lesson 10.
Security in Networking
Resource Management Chapter 19 9/20/2018 Crowley OS Chap. 19.
Computer Security Authentication
Computer Security Protection in general purpose Operating Systems
Outline Introduction Basic authentication mechanisms.
COEN 351 Authentication.
Outline Introduction Basic authentication mechanisms.
Presentation transcript:

CSCI 530 Lab Authentication

Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature is the authentication mechanism Different from Authorization Authorization states what he/she can do on a system

Authentication How do we authenticate: Something they know Password Something they are Retina Fingerprint DNA Something they own Smart Card Somewhere they are Login only works at certain terminals

How much authentication is needed? We can use either one or a combination of all the above Client systems Normally just a login Military top secret security base Name Badge Passcode Credit card purchases Driver’s license  Name  Picture

How can authentication be broken? For security purposes, we need to know how authentication can be broken so we know how to prevent against it Passwords Can be Guessed Can be Cracked Smartcards Can be copied or stolen Fingerprints Can be copied by using scotch tape

Password Breaking Dictionary attack List of dictionary words that are tried one after another Very quick If the password is not an exact match to a word on the list, then it will fail Hybrid attack Uses a dictionary list but can detect slight variations to words, or combinations of words. Example: if the word hello is in the database, but the password is Hello, a dictionary attack will not break the password, but a Hybrid attack will Generally finds many more words than a Dictionary attack Not as quick as Dictionary attack

Password Breaking Bruteforce attack Will try every character combination until it finds the password EXTREMELY SLOW Will always find the password These techniques can either be used against a system or a file containing the passwords

Detecting someone trying to break into a system Auto-logout If the user enters the wrong password n times, disable their account for a certain period of time Protect your password list on your system Make sure the administrator has access and no one else, so a normal user cannot copy it onto another system

This week’s lab Using a Virtual Linux system Login as root, create user names, then copy the password file to the Windows host system Use John the Ripper to break the passwords in the password file Must be done in lab since we are using a Linux virtual machine