Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSCE 522 Identification and Authentication

Published byHenry Fields Modified over 7 years ago

Similar presentations

Presentation on theme: "CSCE 522 Identification and Authentication"— Presentation transcript:

1 CSCE 522 Identification and Authentication

2 Reading Reading for this lecture: Required: Pfleeger: Ch. 2.1
An Introduction to Computer Security: The NIST Handbook, : Chapter 16, Identification and Authentication, pages Interesting read: Thanasis Petsas, Giorgos Tsirantonakis, Elias Athanasopoulos, and Sotiris Ioannidis Two-factor authentication: is the world ready?: quantifying 2FA adoption. In Proceedings of the Eighth European Workshop on System Security (EuroSec '15). ACM, New York, NY, USA, , Article 4 , 7 pages., Smart Card Alliance, Entrust, authentication news Certificate Authority GlobalSign Loses Critical Data to ComodoHacker, , Sept 8, 2011 Reading for next lecture: Pfleeger: Ch. 2.2 CSCE Farkas

3 Identification Establishes the identity of an individual/system/ap-plication/etc. Proof of identity: password, driver’s license, Id card, etc. CSCE Farkas

4 Authentication Allows an entity (a user or a system) to prove its identity within a context, e.g., computer system Typically, the entity whose identity is verified reveals knowledge of some secret S to the verifier Strong authentication: the entity reveals knowledge of S to the verifier without revealing S to the verifier CSCE Farkas

5 Authentication Information
Must be securely maintained by the system. CSCE Farkas

6 Authentication Requirements
Network must ensure Data exchange is established with addressed peer entity not with an entity that masquerades or replays previous messages Network must ensure data source is the one claimed Authentication generally follows identification Establish validity of claimed identity Provide protection against fraudulent transactions CSCE Farkas

7 User Authentication What the user knows What the user possesses
Password, personal information What the user possesses Physical key, ticket, passport, token, smart card What the user is (biometrics) Fingerprints, voiceprint, signature dynamics CSCE Farkas

8 Passwords Commonly used method
For each user, system stores (user name, F(password)), where F is some transformation (e.g., one-way hash) in a password file F(password) is easy to compute From F(password), password is difficult to compute Password is not stored in the system When user enters the password, system computes F(password); match provides proof of identity CSCE Farkas

9 Vulnerabilities of Passwords
Inherent vulnerabilities Easy to guess or snoop No control on sharing Practical vulnerabilities Visible if unencrypted in distributed and network environment Susceptible for replay attacks if encrypted naively Password advantage Easy to modify compromised password. CSCE Farkas

10 Attacks on Password Guessing attack/dictionary attack
Social Engineering Sniffing Trojan login Van Eck sniffing CSCE Farkas

11 Password Management Policy
Educate users to make better choices Define rules for good password selection and ask users to follow them Ask or force users to change their password periodically Actively attempt to break user’s passwords and force users to change broken ones Screen password choices CSCE Farkas

12 Use the password exactly once!
One-time Password Use the password exactly once! The first use of the password would grant access; a second or subsequent use of the same password would not CSCE Farkas

13 Time Synchronized There is a hand-held authenticator
It contains an internal clock, a secret key, and a display Display outputs a function of the current time and the key It changes about once per minute User supplies the user id and the display value Host uses the secret key, the function and its clock to calculate the expected output Login is valid if the values match CSCE Farkas

14 Time Synchronized Problem: Need time synchronization between
device and server Secret key Time DES One Time Password CSCE Farkas

15 Challenge Response Network Work station Host
Non-repeating challenges from the host is used The device requires a keypad Network Work station Host User ID Challenge Response CSCE Farkas

16 Challenge Response Secret key Challenge DES One Time Password
CSCE Farkas

17 Devices with Personal Identification Number (PIN)
Devices are subject to theft, some devices require PIN (something the user knows) PIN is used by the device to authenticate the user Problems with challenge/response schemes Key database is extremely sensitive This can be avoided if public key algorithms are used CSCE Farkas

18 Smart Cards Portable devices with a CPU, I/O ports, and some nonvolatile memory Can carry out computation required by public key algorithms and transmit directly to the host Some use biometrics data about the user instead of the PIN CSCE Farkas

19 Biometrics Fingerprint Retina scan Voice pattern Signature
Typing style CSCE Farkas

20 Problems with Biometrics
Expensive Retina scan (min. cost) about $ 2,200 Voice (min. cost) about $ 1,500 Signature (min. cost) about $ 1,000 False readings Retina scan 1/10,000,000+ Signature 1/50 Fingerprint 1/500 Can’t be modified when compromised CSCE Farkas

21 Identity Management Distributed, heterogeneous domain User credentials
Performance pswd pswd System 1 System 2 I am Ann. Here is my Password1. I am Ann. Here is my Password2. pswd I am Ann. Here is my Password3. System 3 CSCE Farkas

22 Identity Management cont.
Need verifiable proof of identity – without being authenticated during every single interaction Digital certificate: links identity and public key together A user can prove his/her identity by signing the messages with his/her private key CSCE Farkas

23 Digital Certificates Most common digital certificate: X.509
Initially issued in 1988 Rely on PKI and hierarchy of certificate authorities Certificate Authority: issue and revoke digital certificates, accepts user notifications, publishes revocation list CSCE Farkas

24 Digital Certificates Basic Content
Issuer Validity Not Before Not After Subject Subject Public Key Info Public Key Algorithm Subject Public Key Certificate Signature Algorithm Certificate Signature CSCE Farkas

25 Problem with X.509 Large file
Long duration  needs validation of certificate for revocation Why are digital certificates revoked? Exposure of private key Incorrect/unauthorized issuance Termination of assignment CSCE Farkas

26 Return to Multiple Authentication
Verify Certificate System 1 System 2 I am Ann. Here is my X.509 I am Ann. Here is my X.509 I am Ann. Here is my X.509 System 3 CSCE Farkas

27 Single Sign On Verify Certificate SAML token SAML token SAML token
I am Ann. Here is my X Give me a locally verifiable token. System 1 System 2 I am Ann. Here is my SAML token SAML token I am Ann. Here is my SAML token System 3 CSCE Farkas

Download ppt "CSCE 522 Identification and Authentication"

Similar presentations

Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSC 474 Information Systems Security

CSC 474 Information Systems Security
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Authentication & Kerberos

Authentication & Kerberos
Cryptography and Network Security Chapter 15 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
CS470, A.SelcukAuthentication Systems1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukAuthentication Systems1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.

RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.

Similar presentations

Ads by Google