Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething."— Presentation transcript:

1 Authentication

2 Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething you are Smart Card, TokenSomething you have Password, SecretsSomething you know

3 The authentication process Authentication Ask the user for credentials Verification Verify this credentials agains something previously known Authorization Mark the user as authenticated Commonly here also the AC rights are assigned

4 Password A secret (word) know by the user and the system

5 Password Username Some name under which the user is known to the system – hardly secret Secret Password The secret connected to the user name

6 Entropy for passwords Entropy represents the uncertainty of the password This represents how likely it is to guess the password The entropy is calculated from the reciprocal probability of each observed character in the password H = -Σ p i * ld p i

7 Good and bad passwords Linkable names (own, child's,...)‏ Linkable numbers (telephone, birthdays, …)‏ Related words (like the car -> Ferrari)‏ Common words from dictionaries Common patterns (qwerty, 123456, …)‏ Fashion words Containing big an small letters Containing numbers and special characters > 8 characters Can be written fast First 3 prevent the search 4 is to prevent observation

8 Password verification Compatre the input with a stored value Passwords need to be stored Plain Encrypted One way Bi-directional Passwords need to be transfered Plain Encyrpted

9 Security of Passwords Security is based mainly on the user but also how it is implemented in the system Systems can implement additional functions to harden passwords

10 Attacks against passwordsystems Test all possible passwords Guess likely words – lexical attacks Social engineering Looking for the systems password list Attacking the authentication mechanism Ask the user

11 Ways to harden Limited number of tries Wrong inputs slow down the process Challenge Respond Authorize also the system Combining different systems Harden the process Require passwords with high entropy

12 One time passwords A password is only valid one‘s Technqiues Transaction numbers (TAN)‏ Hashed with time stamp

13 Cryptographic techniques Cryptography for authentication purpose Popular techniques Kerberos Certificates X.509 Challenge Respond Systems Problems Complex Infrastructure dependent

14 Security token Something you have Popular Representative Cryptographic Token SmartCards Problems Costly Technical Infrastructure

15 Smart Cards A card with a chip Not necessarily for authentication Different types ROM Cards EEPROM Cards Microprocessor cards

16 Smart cards Prominent Examples Bank cards Credit cards Mobile phone cards

17 Attacks against Smart cards Protocol attacks the communication between the smart card and the card reader Blocking signaling block Signals (for example erase signals Freeze or reset the card make the content of the RAM readable

18 Attacks against Smart cards Physical Probing reading data directly from the hardware Damage part of the chip for example the address counter Reverse engineering reveal the chip design and gain knowledge

19 Biometrics The security relies on the property of a human being Measuring some aspects of the human anatomy or physiology and compare it with previously recorded values Problems: Humans change over time

20 Concepts Physical DNA Face Fingerprint Iris Hand geometry Behavioral Voice Signature Verification

21 Conventional biometrics Face recognition - ID Cards The oldest and probably most accepted method Average security – result of studies Handwritten signatures Is in Europe highly accepted Good enough security

22 Fingerprints Look at the friction ridges that cover fingertips Branches and end points geometry – commonly 16 Pores of the skin Easy to deployed and relative limited resistance Problems There is a statistical probability of mismatch – the number of variation is limited Fingerprints are mostly „noisy“ Alteration is easy

23 Iris Scan Patterns in the Iris are recognized Iris codes provide the lowest false accept rates of any known system – US Study Problems Get people to put there eye into a scanner Systems might be ulnerable to simple photographies

24 Problems with biometrics Not exact enough False positives and Positive False are common Technical difficult The technology is new Privacy problems Sicknesses can be recognized Social problems Usage of system Revelation generates problems Data leak out incidentally When the use became widespread your data will be known by a lot of people

25 Singel Sign-on Only one sign-on for all applications Techniques Save password – but how Issue a ticket Trends Identity managment systems

26 26 Identity Management Types of IdM (Systems)‏ by user herself/himself supported by service providers Management of own identities: chosen identity (= Tier1) ‏ Type 3 by organisation Profiling: derived identity abstracted identity (= Tier 3) Type 2 by organisation Account Management: assigned identity (= Tier 2) ‏ Type 1  There are hybrid systems that combine characteristics

27 27 “Identity” is changing IT puts more HighTech on ID cards Biometrics to bind them closer to a human being Chips to add services (such as a PKI)‏ Profiles may make the „traditional“ ID concept obsolete People are represented not by numbers or ID keys any more but by data sets. Identities become “a fuzzy thing”. New IDs and ID management systems are coming up Mobile communication (GSM) has introduced a globally interoperable „ID token“: the Subscriber Identity Module Ebay lets people trade using Pseudonyms. Europe (the EU) consider joint ID and ID management systems European countries have different traditions on identity card use Compatibility of ID systems is not trivial Work on new standards for Identity management systems and entity authentication are initiated by ISO and ITU

28 28 Identity Concepts Partial Identities Illustrated AnonymityWorkPublicAuthority Health Care foreign languages education address capabilities salary name income credit cards tax status denomination account number birthdate marital status hobbies insurance nickname (dis)likes phone number health status blood group Shopping Leisure Identities Management

29 29 Changing borders of (partial) identities AnonymityWorkPublicAuthority Health Care foreign languages education address capabilities salary name income credit cards tax status denomination account number birthdate marital status hobbies insurance nickname (dis)likes phone number health status blood group Shopping Leisure Borders are blurring

30 30 Changing borders of (partial) identities (cont.)‏ AnonymityWorkPublicAuthority Health Care foreign languages education address capabilities salary name income credit cards tax status denomination account number birthdate marital status hobbies insurance nickname (dis)likes phone number health status blood group Shopping Leisure Communication and contacts

31 Questions ?

Download ppt "Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething."

Similar presentations

Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
1 Security in Wireless Protocols Bluetooth, 802.11, ZigBee.

1 Security in Wireless Protocols Bluetooth, , ZigBee.
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
BIOMETRICS AND NETWORK AUTHENTICATION Security Innovators.

BIOMETRICS AND NETWORK AUTHENTICATION Security Innovators.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Authentication. Terminology  Authentication التثبت من الهوية  Access Control (authorization) التحكم في الوصول  Note the difference between the two.

Authentication. Terminology  Authentication التثبت من الهوية  Access Control (authorization) التحكم في الوصول  Note the difference between the two.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Introduction to Biometrics Dr. Pushkin Kachroo. New Field Face recognition from computer vision Speaker recognition from signal processing Finger prints.

Introduction to Biometrics Dr. Pushkin Kachroo. New Field Face recognition from computer vision Speaker recognition from signal processing Finger prints.
GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz.

GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Security-Authentication

Security-Authentication
Security systems need to be able to distinguish the “white hats” from the “black hats”. This all begins with identity. What are some common identifiers.

Security systems need to be able to distinguish the “white hats” from the “black hats”. This all begins with identity. What are some common identifiers.
Karthiknathan Srinivasan Sanchit Aggarwal

Karthiknathan Srinivasan Sanchit Aggarwal
Zachary Olson and Yukari Hagio CIS 4360 Computer Security November 19, 2008.

Zachary Olson and Yukari Hagio CIS 4360 Computer Security November 19, 2008.
OV 11 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.

Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.
CS 736 A methodology for Analyzing the Performance of Authentication Protocol by Laseinde Olaoluwa Peter Department of Computer Science West Virginia.

CS 736 A methodology for Analyzing the Performance of Authentication Protocol by Laseinde Olaoluwa Peter Department of Computer Science West Virginia.

Similar presentations

Ads by Google