Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 13 Access Control

Published byVincent Clinton Douglas Modified over 6 years ago

Similar presentations

Presentation on theme: "Chapter 13 Access Control"— Presentation transcript:

1 Chapter 13 Access Control
BIS 4113/6113

2 Chapter Overview Types of Access Control (7) Accountability
Identification and Authentication Passwords Biometrics Tokens Single Sign-On Access Control Techniques Access Control Administration

3 Access Control Not merely controlling user access to files or services
PAGES Access Control Not merely controlling user access to files or services The relationship between subjects and objects Subjects Receives information from the object User, program, process, file, computer, database, etc. Objects File, database, computer, system, etc. Provides information to the subject Mission: Protect the confidentiality, integrity, and availability of objects

4 “Defense-in-Depth” Layered resources -Siemens

5 The Process of Access Control
PAGE 563 The Process of Access Control Identification of subject Authentication Type 1: What you know Type 2: What you have Type 3: What you are Authorization of access Assigned rights and privileges Auditing

6 Type 1 Authentication Something You Know
What are examples of how you authenticate yourself with something you know? Passwords Passphrases Security questions PINs Combination lock

7 Password Authentication
PAGE 564 Password Authentication Passwords Strings of characters Typed to authenticate someone wanting to use a username (account) on a computer Benefits Ease of use for users (familiar) Inexpensive because built in to operating systems <Read the slide.>

8 Passwords: Bad? Easy to remember = easy to guess or crack Brute Force
Dictionary attacks Hard to remember = easy to write down One in 3 written down (MSNBC) Easy to forget Often transmitted in clear text Probable Password Trend Analysis

9

10 Example: Twitter Hack January 6, 2009
18 year old hacker “GMZ” Accounts belonging to Pres-Elect Obama, Britney Spears, Bill O’Reilly Identified a moderator account Dictionary attack No maximum password attempt Could reset any account holder’s password with moderator privileges Reset account passwords, distributed on message board

11

12 Example: Gmail Phishing Attacks December 2016 - January 2017
Avoidance Look for digital certificate icon URL should start with HTTPS Two-factor authentication (1) “Panic Mode” (2) Image, not attachment More info at The Daily Dot

13 Strong Password Policy
Static Passwords Eight characters minimum, mixed case & characters No reuse of names, add, emp#, SSN Each added character increases the brute force search time by a factor of about 70 Password rotation Dynamic Passwords Useful for specified period of time See “Tokens” later Passphrases Phrase: I like to watch Andy Griffith at 7:30 Password:

14 Password Authentication
Critique each of the following passwords, tell what attack can break it, and tell how difficult it will be for the attack to guess the password. swordfish Processing1 SeAtTLe R7%t& 4h*6tU9$^l

15 PAGE 566 Cognitive Passwords Primarily used for phone- or web-based applications Security question “What is your mother’s maiden name?” Weak security control “What is your favorite color?”

16 Type 2 Authentication Something You Have
What are examples of ways you authenticate yourself with something you have? Smart Card ID Badge Memory Card Token Device Key Digital Certificate

17 Token authentication Static Physical means (“what you have”)
PAGE 567 Token authentication Static Physical means (“what you have”) Synchronous dynamic password Password generated at time intervals Asynchronous dynamic password One-time password Detriments to Tokens

18 Single Sign-On One ID, one authentication needed for roaming network/website access Kerberos Ticket-granting service Facebook login Popular in healthcare Critical to have rigid authentication standards Multi-use computers

19 Type 3 Authentication Something You Are
What are examples of ways you authenticate yourself with something you are? Biometrics Fingerprint Handprint Facial Recognition Voice Recognition AFIS/Livescan

20 Biometric Authentication
PAGE 568 Biometric Authentication Authentication based on bodily measurements Promises to eliminate passwords Fingerprint Scanning Simple and inexpensive Substantial error rate (misidentification) Often can be fooled fairly easily by determined impostors Not a problem for low-risk situations like home computers AFIS/Livescan Automated Fingerprint Identification System <Read the slide.>

21 Biometric Authentication
Iris Scanners Scan the iris (colored part of the eye) with a camera (not a laser beam) Irises are complex, so very strong authentication Expensive Face Recognition Camera allows analysis of facial structure Can be done surreptitiously—without the knowledge or consent of person being scanned Very high error rate and easy to deceive <Read the slide.>

22 Acceptance of biometrics, from most to least:
Iris scan Keystroke Signature Voice Facial Fingerprint Hand scan Retina scan

23 Biometrics: Privacy Issues
According to the ACLU: Expansion of gov’t power Documented cases of misuse “Hawthorne effect” Not reliable enough to justify use

24 Biometric Factor Ratings
PAGE 571 Biometric Factor Ratings Subject Seeks Authentication Type 1 error Valid subject is not authenticated False Rejection Rate Type 2 error Invalid subject is authenticated False Acceptance Rate Equal Error Rate FRR = FAR Low on the graph is most accurate Not Authenticated Authenticated Correct Acceptance False Rejection Valid Subject Access Rights False Acceptance Correct Rejection Invalid FAR FRR % EER Sensitivity of Device

25 Multifactor Authentication
PAGE 572 Increases Effectiveness Decreases Efficiency Perfect accuracy? Type 4 Authentication Somewhere You Are PAGE 563

26 Vendor Rights: Target Security Breach of 2013
Fazio Mechanical Services Access to internal contract & billing system “SCADA” attack Supervisory Control and Data Acquisition

27 Access Control Methodologies
Centralized Managed by a team or individual Single location Single point of failure Decentralized Managed by several teams or individuals Multiple locations Administration is difficult

28 Access Control Administration
User Account Management Enrollment Maintenance Activity Tracking Access Rights & Privileges Principal of Least Privilege Excessive Privilege & Creeping Privileges (box on page 32) “Need to Know” access

29 Segregation of duties

Download ppt "Chapter 13 Access Control"

Similar presentations

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
Access Control Methodologies

Access Control Methodologies
Authentication Chapter 2. Learning Objectives Create strong passwords and store them securely Understand the Kerberos authentication process Understand.

Authentication Chapter 2. Learning Objectives Create strong passwords and store them securely Understand the Kerberos authentication process Understand.
3D-password A more secured authentication G.Suresh babu Roll no:08H71A05C2 Computer science & engineering Mic college of technology Guide:Mrs A.Jaya Lakshmi.

3D-password A more secured authentication G.Suresh babu Roll no:08H71A05C2 Computer science & engineering Mic college of technology Guide:Mrs A.Jaya Lakshmi.
Biometrics Technology Jie Meng. What is Biometrics ? Biometrics is the science and technology of measuring and analyzing biological data. In information.

Biometrics Technology Jie Meng. What is Biometrics ? Biometrics is the science and technology of measuring and analyzing biological data. In information.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Introduction to Biometrics Dr. Pushkin Kachroo. New Field Face recognition from computer vision Speaker recognition from signal processing Finger prints.

Introduction to Biometrics Dr. Pushkin Kachroo. New Field Face recognition from computer vision Speaker recognition from signal processing Finger prints.
GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz.

GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Biometric Authentication Presenter: Yaoyu, Zhang Presenter: Yaoyu, Zhang.

Biometric Authentication Presenter: Yaoyu, Zhang Presenter: Yaoyu, Zhang.
1J. M. Kizza - Ethical And Social Issues Module 16: Biometrics Introduction and Definitions Introduction and Definitions The Biometrics Authentication.

1J. M. Kizza - Ethical And Social Issues Module 16: Biometrics Introduction and Definitions Introduction and Definitions The Biometrics Authentication.
Module 14: Biometrics Introduction and Definitions The Biometrics Authentication Process Biometric System Components The Future of Biometrics J. M. Kizza.

Module 14: Biometrics Introduction and Definitions The Biometrics Authentication Process Biometric System Components The Future of Biometrics J. M. Kizza.
Karthiknathan Srinivasan Sanchit Aggarwal

Karthiknathan Srinivasan Sanchit Aggarwal
Tonight 1) Where we are 2) Article Presentation(s) 3) Quiz 4) Lecture 5) In-class lab(s)

Tonight 1) Where we are 2) Article Presentation(s) 3) Quiz 4) Lecture 5) In-class lab(s)
CS 736 A methodology for Analyzing the Performance of Authentication Protocol by Laseinde Olaoluwa Peter Department of Computer Science West Virginia.

CS 736 A methodology for Analyzing the Performance of Authentication Protocol by Laseinde Olaoluwa Peter Department of Computer Science West Virginia.
Chapter-2 Identification & Authentication. Introduction  To secure a network the first step is to avoid unauthorized access to the network.  This can.

Chapter-2 Identification & Authentication. Introduction  To secure a network the first step is to avoid unauthorized access to the network.  This can.
CSCE 201 Identification and Authentication Microsoft support Fall 2010.

CSCE 201 Identification and Authentication Microsoft support Fall 2010.
Three Basic Identification Methods of password Possession (“something I have”) Possession (“something I have”) Keys Passport Smart Card Knowledge (“Something.

Three Basic Identification Methods of password Possession (“something I have”) Possession (“something I have”) Keys Passport Smart Card Knowledge (“Something.

Similar presentations

Ads by Google