Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 3.1 Overview of Authentication.

Published byCameron Jarrard Modified over 10 years ago

Similar presentations

Presentation on theme: "Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 3.1 Overview of Authentication."— Presentation transcript:

1 Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 3.1 Overview of Authentication

2 Computer Science CSC 474Dr. Peng Ning2 Authentication Authentication is the process of reliably verifying certain information. Examples –User authentication Allow a user to prove his/her identity to another entity (e.g., a system, a device). –Message authentication Verify that a message has not been altered without proper authorization. A related concept –identification

3 Computer Science CSC 474Dr. Peng Ning3 Identification Identification is a process through which one ascertains the identity of another person or entity. Authentication and identification are different. –Identification requires that the verifier check the information presented against all the entities it knows about, –Authentication requires that the information be checked for a single, previously identified, entity. –Identification must, by definition, uniquely identify a given entity, –Authentication does not necessarily require uniqueness.

4 Computer Science CSC 474Dr. Peng Ning4 Authentication Mechanisms Password-based authentication –Use a secret quantity (the password) that the prover states to prove he/she knows it. –Threat: password guessing/dictionary attack Alice Computer System Im Alice, the password is fiddlesticks

5 Computer Science CSC 474Dr. Peng Ning5 Authentication Mechanisms (Contd) Address-based authentication –Assume the identity of the source can be inferred based on the network address from which packets arrive. –Adopted early in UNIX and VMS Berkeley rtools (rsh, rlogin, etc) –/etc/hosts.equiv file List of computers –Per user.rhosts file List of Threat –Spoof of network address Not authentication of source addresses

6 Computer Science CSC 474Dr. Peng Ning6 Authentication Mechanisms (Contd) Cryptographic authentication protocols –Basic idea: A prover proves some information by performing a cryptographic operation on a quantity that the verifier supplies. –Usually reduced to the knowledge of a secret value A symmetric key The private key of a public/private key pair

7 Computer Science CSC 474Dr. Peng Ning7 Trusted Intermediaries Problem: authentication for large networks Key Distribution Center (KDC) –Secret key cryptography KDC A B C E D Disadvantages: high risk; single point of failure; performance bottleneck

8 Computer Science CSC 474Dr. Peng Ning8 Trusted Intermediaries Certification Authorities (CAs) –Public key cryptography Certificates –Signed messages that specify an identity and the corresponding public key –Signed with the well-known public key of a CA

9 Computer Science CSC 474Dr. Peng Ning9 CAs (Contd) Advantages –Doesnt have to be online –Lower risk compared with KDCs –Allow the network to operate even if CAs crash –Certificates can be public –A Compromised CA cannot decrypt previously secured traffic

10 Computer Science CSC 474Dr. Peng Ning10 CAs (Contd) Certificate revocation –Problem: how to deal with revoked certificates (before they expire) –Certificate Revocation List (CRL) List of revoked certificates –Timely and reliable distribion of CRLs is a critical and difficult problem.

11 Computer Science CSC 474Dr. Peng Ning11 Multiple Trusted Intermediaries Multiple KDC domains –KDCs share keys between each other KDC1 KDC2 KDC3 KDC4 KDC5

12 Computer Science CSC 474Dr. Peng Ning12 Multiple Trusted Intermediaries (Contd) Multiple CA domains –CAs issue certificates to each other CA1 CA2 CA3 CA4 CA5

Download ppt "Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 3.1 Overview of Authentication."

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.2: IPsec.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.2: IPsec.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 5.1 Malicious Logic.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 5.1 Malicious Logic.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.4 Public Key Infrastructure (PKI) Acknowledgment: Slides revised from.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.4 Public Key Infrastructure (PKI) Acknowledgment: Slides revised from.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.1 Firewalls.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.1 Firewalls.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.6 Kerberos.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.6 Kerberos.
AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.
CSC 474 Information Systems Security

CSC 474 Information Systems Security
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.

1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.
Outline User authentication –Password authentication, salt –Challenge-response authentication protocols –Biometrics –Token-based authentication Authentication.

Outline User authentication –Password authentication, salt –Challenge-response authentication protocols –Biometrics –Token-based authentication Authentication.
CS470, A.SelcukKerberos1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukKerberos1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

Similar presentations

Ads by Google