Presentation is loading. Please wait.

Presentation is loading. Please wait.

Exercise: Password Auditing

Published byDương Nam Tú Modified over 5 years ago

Similar presentations

Presentation on theme: "Exercise: Password Auditing"— Presentation transcript:

1 Exercise: Password Auditing
2016 GenCyber JMU Bootcamp for High School Teachers

2 The IFF Problem Identify friend or foe (IFF) “Who is there?
F22 stealth bomber “Who is there? Identify yourself” “I am your friend. Do not shoot me!”

3 Entity Authentication
Verification F22 stealth bomber Prove it! “Who the heck are you?”

4 Authentication Factors
How to authenticate an entity? Something that you know {proof by knowledge}: password, PIN code, combinations to locks Something that you have {proof by possession} : physical key, membership card, cell phone Security Identity Module (SIM) card, smart card, hardware token: USB token, smart card Something that you are {proof by property; physical characteristic recognition (PCR)}  biometric Something that you do (behavioral characteristic recognition [BCR]): writing speed, writing pressure, typing speed/intervals between key strokes  biometric The place that you are: IP address (on-line digital database: ACM, IEEE, Springer), location by Global Positioning System (GPS) Easy to revoke Sharable Easy to revoke Transferable This slide lists five different levels of authentication. Hard to revoke Non-transferable

5 Password Authentication: Necessary Evil
PVD v w Alice memorizes a password Computer stores password verification data (PVD, password verifier) Local authentication Alice gives her password to the computer for authentication In a password-based authentication system, a client memorizes a password and a server stores the related password verification data (PVD). Typically, the password verification data is the hash of the password, user ID and a random salt (a public value).

6 Remote Password Authentication
PVD v Harder v has to be calculated from w Many ways Microsoft Windows: LM, NTLM Linux Database On the web How does the one-time password scheme work? After Alice picks a reusable password, p, the server picks an integer n and calculates the PVD as hn(p). Please pay attention to the definition of hn(p) The server stores both n and PVD.

7 What will we do in this exercise?
PVD v A bad guy steals v from (MS Windows, MySQL database) Can the bad guy recover w? How to make it harder for the bad guy? How does the one-time password scheme work? After Alice picks a reusable password, p, the server picks an integer n and calculates the PVD as hn(p). Please pay attention to the definition of hn(p) The server stores both n and PVD.

Download ppt "Exercise: Password Auditing"

Similar presentations

Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Authentication. Terminology  Authentication التثبت من الهوية  Access Control (authorization) التحكم في الوصول  Note the difference between the two.

Authentication. Terminology  Authentication التثبت من الهوية  Access Control (authorization) التحكم في الوصول  Note the difference between the two.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
CS470, A.SelcukAuthentication Systems1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukAuthentication Systems1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Outline User authentication –Password authentication, salt –Challenge-response authentication protocols –Biometrics –Token-based authentication Authentication.

Outline User authentication –Password authentication, salt –Challenge-response authentication protocols –Biometrics –Token-based authentication Authentication.
Outline User authentication

Outline User authentication
Security-Authentication

Security-Authentication
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
Authentication, Authorization and Accounting

Authentication, Authorization and Accounting
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.

14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
Information Security for Managers (Master MIS)

Information Security for Managers (Master MIS)
© 2005-07 NeoAccel, Inc. TWO FACTOR AUTHENTICATION Corporate Presentation.

© NeoAccel, Inc. TWO FACTOR AUTHENTICATION Corporate Presentation.
IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.

IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.
EMBEDDED SECURITY EEN 417 Fall 2013 9/6/13, Dr. Eric Rozier, V1.0, ECE Thanks to Edward Lee and Sanjit Seshia of UC Berkeley.

EMBEDDED SECURITY EEN 417 Fall /6/13, Dr. Eric Rozier, V1.0, ECE Thanks to Edward Lee and Sanjit Seshia of UC Berkeley.
Le Trong Ngoc Security Fundamentals Entity Authentication Mechanisms 4/2011.

Le Trong Ngoc Security Fundamentals Entity Authentication Mechanisms 4/2011.
Three Basic Identification Methods of password Possession (“something I have”) Possession (“something I have”) Keys Passport Smart Card Knowledge (“Something.

Three Basic Identification Methods of password Possession (“something I have”) Possession (“something I have”) Keys Passport Smart Card Knowledge (“Something.

Similar presentations

Ads by Google