Presentation is loading. Please wait.

Presentation is loading. Please wait.

COEN 351 Authentication.

Published byFerdinand Salzmann Modified over 5 years ago

Similar presentations

Presentation on theme: "COEN 351 Authentication."— Presentation transcript:

1 COEN 351 Authentication

2 Authentication Authentication is based on What you know What you have
Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card What you are Biometrics: fingerprints, Iris, voice, … Where you are IP-address (not very secure), … Who else trusts you Certification by trusted third party, …

3 Authentication Passwords, Pins, … threatened by External disclosure
Looking over the shoulder, social engineering Guessing Brute forcing, dictionary attack, … Snooping Finds unencrypted passwords Circumvention through replay Host compromise That hands out password file.

4 Authentication Password protection mechanisms
Transformation: Password presented by user to client is hashed, hash is sent to server. Server compares with hash of password. UNIX Salting: Each hash is different. Challenge-response Protects against replay attacks. Time stamps Authentication request from client to server depends on time. Protects against replays. One-time passwords Digital Signature with every request. Zero-Knowledge techniques

5 Authentication Kerberos:
Authentication system based on symmetric cryptography For patent reasons

6 Kerberos Every user / client / server shares a key with the authentication server. Authentication server hands out tickets to all other servers.

7 Kerberos First exchange between user and Authentication Server establishes a session key. This way, the same key is used only sparingly.

8 Key Distribution Center
KDC: Database of keys for all users Invents and hands out keys for each transaction between clients. Alice KDC Bob Alice wants Bob KAlice{ KAB for Bob } KBob{KAB for Alice}

9 Personal Tokens Small hardware devices that use a pin to unlock.
Storage Token: contains a secret value. Synchronous one-time password generator Generates a new password once a minute. Challenge Response: Implements the calculation of the response from a challenge according to a secret algorithm. Digital Signature Token: Calculates digital signature from message MAC.

10 Personal Tokens Human Interface Token. Smartcard PCMCIA card USB token
Handheld with digital display (and keyboard). Smartcard Dimensions and contacts standardized by ISO/IEC. PCMCIA card USB token

11 Biometrics Fingerprint recognition Voice recognition
Handwriting recognition Face recognition Retinal scan Hand geometry recognition

Download ppt "COEN 351 Authentication."

Similar presentations

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.

Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science ©2002-2004 Matt.

Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
Sanjay Goel University at Albany, School of Business NYS Center for Information Forensics and Assurance 1 Password Protection.

Sanjay Goel University at Albany, School of Business NYS Center for Information Forensics and Assurance 1 Password Protection.
Sanjay Goel, School of Business/NYS Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/NYS Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
CS470, A.SelcukAuthentication Systems1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukAuthentication Systems1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesn’t scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesn’t scale Using public key cryptography (possible)
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Authentication.

Authentication.
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.

Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
Chapter-2 Identification & Authentication. Introduction  To secure a network the first step is to avoid unauthorized access to the network.  This can.

Chapter-2 Identification & Authentication. Introduction  To secure a network the first step is to avoid unauthorized access to the network.  This can.
COEN 250 Authentication. Between human and machine Between machine and machine.

COEN 250 Authentication. Between human and machine Between machine and machine.
Entity Authentication

Entity Authentication
Le Trong Ngoc Security Fundamentals Entity Authentication Mechanisms 4/2011.

Le Trong Ngoc Security Fundamentals Entity Authentication Mechanisms 4/2011.

Similar presentations

Ads by Google