Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identification (User Authentication). Model Alice wishes to prove to Bob her identity in order to access a resource, obtain a service etc. Bob may ask.

Published bySolomon Richards Modified over 8 years ago

Similar presentations

Presentation on theme: "Identification (User Authentication). Model Alice wishes to prove to Bob her identity in order to access a resource, obtain a service etc. Bob may ask."— Presentation transcript:

1 Identification (User Authentication)

2 Model Alice wishes to prove to Bob her identity in order to access a resource, obtain a service etc. Bob may ask the following: –Who are you? (prove that you’re Alice) –Who the **** is Alice? Eve wishes to impersonate Alice: –One time impersonation –Full impersonation (identity theft)

3 Identification Scenarios Local identification –Human authenticator –Device Remote identification –Human authenticator –Corporate environment (LAN, database etc.), similarly Telecom Operator environment –E-commerce environment

4 Initial Authentication The problem: how does Alice initially convince anyone that she’s Alice? The solution must often involve a “real- world” type of authentication – id card, driver’s license etc. Errors due to human factor are numerous Example – the Microsoft-Verisign fiasco Example - phishing

5 Closed Environments

6 Model The initial authentication problem is fully solved by a trusted party, Carol Carol can distribute the identification material in a secure fashion, e.g by hand, or over encrypted and authenticated lines Example – a corporate environment Example – an operator’s network Eve’s attack avenue is the Alice-Bob connection We begin by looking at remote authentication

7 Passwords Model 1: –Alice is assigned a password, PWD, by Carol in a secure manner –Bob receives the pair from Carol in a secure manner –Alice authenticates herself to Bob by sending the pair

8 Problems with Model 1 Bob needs to hold a username, password database If Eve has access to Bob’s database (for instance by a Trojan horse), she can impersonate Alice Eve can eavesdrop, capture the pair and impersonate Alice Human-chosen and memorized passwords are vulnerable to guessing attacks Bob can impersonate Alice

9 Improvements to Model 1 The internal database contains pairs of, where h is a one way function Example – Unix systems The database is often held at a central location Advantage – less space, Bob can’t impersonate Alice Disadvantage – new attack avenues

10 Architecture 1 Carol Bob Alice 1.Black lines – secure initial connection 2.White lines – online authentication

11 Architecture 2 Carol Bob Alice 1.Black lines – secure initial connection 2.White lines – online authentication DB

12 Solving Eavesdropping First solution: –Use encrypted and authenticated lines –Advantage – attacks by Eve are very difficult –Disadvantages – need encryption and authentication in place for every transaction. Infrastructure and performance overhead Second solution: challenge and response protocols

13 Challenge – Response (Model 2) PWD is used as a key Protocol: –Alice sends authentication request using her name –Bob retrieves PWD –Bob sends random challenge, r –Alice replies with h PWD (r) –Bob tests authenticity

14 Pros and Cons Pros: –PWD is not passed in the clear –No need for encryption and authentication Cons: –Database has to be managed by Bob –Guessing attacks are still possible Caution: Challenges must not be repeated. Sequence numbers or time should be used

15 Summary Challenge and response model is sufficient for closed, non-flexible environments. Main security problems: impersonation by database administrator (Bob), guessing attacks. Operational problems: adding and removing authorized users

16 GSM Authentication Mobile Station (cell-phone) authenticates to mobile operator (PLMN) Mobile Station (MS) stores a symmetric authentication key k i in the SIM. Same key is stored by Home PLMN Problem: authentication to visited PLMN that doesn’t have key, without exposing key over air Solution: first - billing agreement between HPLMN and visited PLMN. Second – challenge response protocol

17 GSM Authentication Components MS BS VLR HLR AUC Visited PLMN HPLMN

18 GSM Authentication Protocol MS sends IMSI to visited PLMN, identifying MS and HPLMN. HPLMN sends n triplets in the clear over land lines or Microwave. Visited PLMN sends to MS the challenge, RAND MS response SRES=A3 ki (RAND) MS passes authentication if XRES=SRES Traffic between MS and BS is encrypted using A5 algorithm with the key k c = A8 ki (RAND)

19 Local Authentication Device Level

20 Local ID Technologies Passwords Tokens: smart-cards, Secure-ID, USB tokens Biometric identification: –Fingerprints –Voice recognition –Face recognition Multi-Factor authentication

21 Tokens: Pros and Cons Pros –Stronger security than passwords –Even physical attacks are difficult Cons –Require extra hardware –Require standardization –Easily lost

22 Biometrics: Pros and Cons Pros –Large key, reasonable amount of entropy –Not easily lost –Not easily transferable Cons –Invasion of privacy –Can’t be changed –False positives and negatives –Susceptible to many types of physical attacks

23 Biometrics (cont.) Technology is not mature yet Fingerprint technology is the most mature: –Less false positives and negatives –Not as easy to fool (really?!) The technology’s fate is still unclear Example – be careful with biometrics. Remote access using biometric information as password is problematic

Download ppt "Identification (User Authentication). Model Alice wishes to prove to Bob her identity in order to access a resource, obtain a service etc. Bob may ask."

Similar presentations

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,

An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
SMUCSE 5349/7349 GSM Security. SMUCSE 5349/7349 GSM Security Provisions Anonymity Authentication Signaling protection User data protection.

SMUCSE 5349/7349 GSM Security. SMUCSE 5349/7349 GSM Security Provisions Anonymity Authentication Signaling protection User data protection.
1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.

1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Dr. Sarbari Gupta Electrosoft Services Tel: (703)757-9096 Security Characteristics of Cryptographic.

Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Introduction to Modern Cryptography, Lecture 7/6/07 Zero Knowledge and Applications.

Introduction to Modern Cryptography, Lecture 7/6/07 Zero Knowledge and Applications.

Similar presentations

Ads by Google