Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authentication by Passwords

Published bySimon Norman Modified over 6 years ago

Similar presentations

Presentation on theme: "Authentication by Passwords"— Presentation transcript:

1 Authentication by Passwords
CS 5323 Authentication by Passwords Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture 16 © Ravi Sandhu World-Leading Research with Real-World Impact!

2 Authentication Techniques
Something you know password “secret” questions Something you have smartphone registered device Something you are fingerprint iris keyboard dynamics signature dynamics © Ravi Sandhu World-Leading Research with Real-World Impact! 2

3 Authentication Techniques
Something you know password “secret” questions Something you have smartphone registered device Something you are fingerprint iris keyboard dynamics signature dynamics single factor multi factor © Ravi Sandhu World-Leading Research with Real-World Impact! 3

4 Phishing Personalized image to authenticate webserver to user
© Ravi Sandhu World-Leading Research with Real-World Impact!

5 Phishing Man in the Middle
Personalized image passed through © Ravi Sandhu World-Leading Research with Real-World Impact!

6 Offline (Dictionary Attack)
Password Attacks Password Attacks Online Lock out Throttling Offline (Dictionary Attack) Complex passwords Salting © Ravi Sandhu World-Leading Research with Real-World Impact! 6

7 Password Storage and Verification
Password Verification User ID Plaintext Password User ID Stored Password Plaintext Password = ? User ID Stored Password Loss of stored passwords = Catastrophic failure © Ravi Sandhu World-Leading Research with Real-World Impact! 7

8 Password Storage and Verification
Password Verification User ID Plaintext Password User ID Plaintext Password Hashing Process Hashing Process Computed Hash User ID Stored Hash = ? Loss of stored hashes = Attack by single dictionary User ID Stored Hash © Ravi Sandhu World-Leading Research with Real-World Impact! 8

9 Password Storage and Verification
Password Verification User ID Random Salt Plaintext Password User ID Plaintext Password Hashing Process Hashing Process Computed Hash User ID Stored Salt Stored Hash = ? Loss of stored hashes = Attack by different dictionary for each salt value User ID Stored Salt Stored Hash © Ravi Sandhu World-Leading Research with Real-World Impact! 9

Download ppt "Authentication by Passwords"

Similar presentations

1 PANEL Solving the Access Control Puzzle: Finding the Pieces and Putting Them Together Ravi Sandhu Executive Director Endowed Professor June 2010

1 PANEL Solving the Access Control Puzzle: Finding the Pieces and Putting Them Together Ravi Sandhu Executive Director Endowed Professor June 2010
Symmetric Message Authentication Codes Prof. Ravi Sandhu.

Symmetric Message Authentication Codes Prof. Ravi Sandhu.
Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
1 Authentication with Passwords Prof. Ravi Sandhu Executive Director and Endowed Chair February 1, 2013 © Ravi.

1 Authentication with Passwords Prof. Ravi Sandhu Executive Director and Endowed Chair February 1, © Ravi.
1 Federated Identity and Single-Sign On Prof. Ravi Sandhu Executive Director and Endowed Chair February 15, 2013

1 Federated Identity and Single-Sign On Prof. Ravi Sandhu Executive Director and Endowed Chair February 15, 2013
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science ©2002-2004 Matt.

Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.

1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
1 Privacy and Access Control: How are These Two Concepts Related? Prof. Ravi Sandhu Executive Director and Endowed Chair SACMAT Panel June 3, 2015

1 Privacy and Access Control: How are These Two Concepts Related? Prof. Ravi Sandhu Executive Director and Endowed Chair SACMAT Panel June 3, 2015
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.

14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
1 Big Data Applications in Cloud and Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Professor UTSA COB Symposium on Big Data, Big Challenges.

1 Big Data Applications in Cloud and Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Professor UTSA COB Symposium on Big Data, Big Challenges.
Lecture 19 Page 1 CS 111 Online Authentication for Operating Systems What is authentication? How does the problem apply to operating systems? Techniques.

Lecture 19 Page 1 CS 111 Online Authentication for Operating Systems What is authentication? How does the problem apply to operating systems? Techniques.
1 Virtualization Prof. Ravi Sandhu Executive Director and Endowed Chair February 7, 2014 © Ravi Sandhu World-Leading.

1 Virtualization Prof. Ravi Sandhu Executive Director and Endowed Chair February 7, © Ravi Sandhu World-Leading.
Password authentication Basic idea –User has a secret password –System checks password to authenticate user Issues –How is password stored? –How does system.

Password authentication Basic idea –User has a secret password –System checks password to authenticate user Issues –How is password stored? –How does system.
1 The Quest for Single-Sign On Prof. Ravi Sandhu Executive Director and Endowed Chair February 8, 2013 © Ravi Sandhu.

1 The Quest for Single-Sign On Prof. Ravi Sandhu Executive Director and Endowed Chair February 8, © Ravi Sandhu.
1 Cloud Computing and Security Prof. Ravi Sandhu Executive Director and Endowed Chair April 19, 2013 © Ravi Sandhu.

1 Cloud Computing and Security Prof. Ravi Sandhu Executive Director and Endowed Chair April 19, © Ravi Sandhu.
Authentication Lesson Introduction ●Understand the importance of authentication ●Learn how authentication can be implemented ●Understand threats to authentication.

Authentication Lesson Introduction ●Understand the importance of authentication ●Learn how authentication can be implemented ●Understand threats to authentication.
COEN 351 Authentication. Authentication is based on What you know Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card.

COEN 351 Authentication. Authentication is based on What you know Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card.

Similar presentations

Ads by Google