Presentation is loading. Please wait.

Presentation is loading. Please wait.

Marjie Rodrigues 411154.

Published byQuentin Kennedy Modified over 9 years ago

Similar presentations

Presentation on theme: "Marjie Rodrigues 411154."— Presentation transcript:

1 Marjie Rodrigues 411154

2 Topics: --> Security authentication --> Means of authentication
--> Token-Based Authentication --> Biometric Authentication

3 What is authentication ?
Positive verification of identity (man or machine) Verification of a person’s claimed identity Who are you? Prove it. Page no:668-69

4

5 Means of Authentication
There are four general means of authenticating a user’s identity, which can be used alone or in combination: • Something the individual knows: Examples includes a password, a personal identification number (PIN), or answers to a prearranged set of questions.

6 • Something the individual possesses:
Examples include electronic key cards, smart cards, and physical keys. This type of authenticator is referred to as a token. The process of verifying an identity claimed by or for a system entity. An authentication process consists of two steps: • Identification step: Presenting an identifier to the security system. (Identifiers should be assigned carefully, because authenticated identities are the basis for other security services, such as access control service.) • Verification step: Presenting or generating authentication information that corroborates the binding between the entity and the identifier.

7

8 Token-Based Authentication
Objects that a user possesses for the purpose of user authentication are called tokens. Page no:

9 1: Memory Cards Memory cards can store but not process data.
The most common such card is the bank card with a magnetic stripe on the back. A magnetic stripe can store only a simple security code, which can be read (and unfortunately reprogrammed) by an inexpensive card reader. There are also memory cards that include an internal electronic memory.

10 Memory cards can be used alone for physical access, such as a hotel room. For computer user authentication, such cards are typically used with some form of password or personal identification number (PIN). A typical application is an automatic teller machine (ATM). The memory card, when combined with a PIN or password, provides significantly greater security than a password alone. An adversary must gain physical possession of the card (or be able to duplicate it) plus must gain knowledge of the PIN

11 Among the potential drawbacks are the following :
• Requires special reader: This increases the cost of using the token and creates the requirement to maintain the security of the reader’s hardware and software. • Token loss: A lost token temporarily prevents its owner from gaining system access. Thus there is an administrative cost in replacing the lost token. In addition, if the token is found, stolen, or forged, then an adversary now need only determine the PIN to gain unauthorized access. • User dissatisfaction: Although users may have no difficulty in accepting the use of a memory card for ATM access, its use for computer access may be deemed inconvenient.

12 2)Strong Authentication – Smart Cards
Smart cards are one way to provide strong authentication of users. The card itself is the item that the user must possess. The second factor may be a PIN, a password, or even a thumbprint. Various existing systems have used all of these Authentication becomes even more rigorous by requiring a functional correlation between the two factors. The contents of the smart card cannot be accessed unless the value of the second factor is read by the smart card from the reading device. Specifically, when a user presents a smart card to a reading device such as a computer, the computer reads the PIN (or other second factor) and writes it to the smart card. Only if the PIN matches will the smart card allow the other information it contains to be accessed by the computer The most important information passed by the smart card to the computer is, of course, the identity of the user. When the computer receives that identity, the authentication is complete

13 Biometrics Verifies an identity by analyzing a unique person attribute or behavior (e.g., what a person “is”). Most expensive way to prove identity, also has difficulties with user acceptance. Many different types of biometric systems, know the most common. All references are from All in One Book (Shon Harris, 2005) Biometrics: Verifies an individual’s identity by analyzing a unique personal attribute or behavior. Is one of the most effective and accurate means of verifying identification. (p131) Scans attribute or behavior and compares it to a record that was created in an enrollment process. (p131) Very sophisticated technology and expensive to implement. (131) Biometrics is the most expensive method of verifying a person’s identity. (p132) When reviewing a biometric device for purchase, be sure to look at length of time that it actually takes to authenticate users. (132) Biometrics faces hurdles to common use, including user acceptance, enrollment timeframe, and throughput. (132) The enrollment phase requires an action to be performed several times to capture and clear and distinctive reference record. (133) Many types of different biometric systems. (p133) Fingerprint: Friction ridges and other detailed characteristics of the print are called minutiae. Distinctiveness of the minutiae is what gives each individual a unique print. (p133) Palm Scan: Scans and captures the creases, ridges, and grooves throughout the palm that are distinctive to the individual. (133) Hand Geometry: Defined by the shape of a person’s hand (length and width of hands and fingers). (134) Retina Scan: Scans the blood vessel pattern of the retina on the backside of the eyeball. (134) Iris Scan: Scans uniqueness in the characteristics of in individual’s iris. (134) Need to be aware of proper placement of optical unit for scan. (p134) Signature Dynamics (p134) Signature dynamics provides more information than a static signature, so there are more variables for measuring identity. (p134) Keep in mind that a digitized signature is just an electronic copy of someone’s signature and is not a biometric system that captures the speed of signing, the way the person holds the pen, and the pressure the signer exerts to generate the signature. Keyboard Dynamics (p134) This type of authentication is more effective than typing in a password because a password is easily obtainable. It is harder to repeat a person’s typing style. Each individual has a certain typing style and speed that is translated into unique signals. Voice Print: Uses subtle distinguishing differences in people’s speech sounds and patterns. Captures a voice print and compares it to the information captured in a reference file. (134) Facial Scan: Scan looks at bone structures, nose ridges, eye widths, forehead sizes, and chin shapes. (135) Hand Topography: Looks at the different peaks and valleys of the hand along with its overall shape and curvature. (136) This attribute is not unique enough to authenticate individuals by itself and is commonly used in conjunction with hand geometry. Page no:

14 Biometric Authentication
A biometric authentication system attempts to authenticate an individual based on his or her unique physical characteristics. These include static characteristics, such as fingerprints, hand geometry, facial characteristics, and retinal and iris patterns; and dynamic characteristics, such as voiceprint and signature. In essence, biometrics is based on pattern recognition. Compared to passwords and tokens, biometric authentication is both technically complex and expensive. While it is used in a number of specific applications, biometrics has yet to mature as a standard tool for user authentication to computer systems.

15 Physical Biometrics Advantages Disadvantages
Cannot be disclosed, lost, forgotten Disadvantages Cost, installation, maintenance Reliability of comparison algorithms False positive: Allow access to unauthorized person False negative: Disallow access to authorized person Privacy?

16 Fingerprint Iris Hand Geometry Finger Geometry Face Geometry Ear Shape Retina Smell Thermal Face Hand Vein Nail Bed DNA Palm Print

17 Behavioral Biometrics
Signature Voice Keystroke

18 • Facial characteristics:
The most common are the following: • Facial characteristics: Facial characteristics are the most common means of human-to-human identification; thus it is natural to consider them for identification by computer.The most common approach is to define characteristics based on relative location and shape of key facial features, such as eyes eyebrows, nose, lips, and chin shape. An alternative approach is to use an infrared camera to produce a face thermogram that correlates with the underlying vascular system in the human face

19 . Fingerprints: Fingerprints have been used as a means of identification for centuries, and the process has been systematized and automated particularly for law enforcement purposes. A fingerprint is the pattern of ridges and Furrows on the surface of the fingertip. Fingerprints are believed to be unique across the entire human population. In practice, automated fingerprint recognition and matching system extract a number of features from the fingerprint for storage as a numerical surrogate for the full fingerprint pattern. • Hand geometry: Hand geometry systems identify features of the hand, including shape, and lengths and widths of fingers.

20 • Retinal pattern: The pattern formed by veins beneath the retinal
surface is unique and therefore suitable for identification. A retinal biometric system obtains a digital image of the retinal pattern by projecting a low-intensity beam of visual or infrared light into the eye. • Iris: Another unique physical characteristic is the detailed structure of the iris.

21 • Signature: Each individual has a unique style of handwriting, and this is reflected
especially in the signature, which is typically a frequently written sequence. However, multiple signature samples from a single individual will not be identical. This complicates the task of developing a computer representation of the signature that can be matched to future samples. • Voice: Whereas the signature style of an individual reflects not only the unique physical attributes of the writer but also the writing habit that has developed, voice patterns are more closely tied to the physical and anatomical characteristics of the speaker. Nevertheless, there is still a variation from sample to sample over time from the same speaker, complicating the biometric recognition task.

22 Textbook: Operating Systems –William Stallings

23 questions: --> What d u mean by authentication???
-->what are the Means of authentication?? What are Token-Based Authentication -->explain Biometric Authentication

24 Thank u 

Download ppt "Marjie Rodrigues 411154."

Similar presentations

Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
ECE 5367 – Presentation Prepared by: Adnan Khan Pulin Patel

ECE 5367 – Presentation Prepared by: Adnan Khan Pulin Patel
Computer Security Computer Security is defined as:

Computer Security Computer Security is defined as:
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
BIOMETRIC VOTING SYSTEM

BIOMETRIC VOTING SYSTEM
BIOMETRICS By Lt Cdr V Pravin 05IT6019. BIOMETRICS  Forget passwords...  Forget pin numbers...  Forget all your security concerns...

BIOMETRICS By Lt Cdr V Pravin 05IT6019. BIOMETRICS  Forget passwords...  Forget pin numbers...  Forget all your security concerns...
AN OVERVIEW OF BIOMETRIC ATMs. WHY ? CONVENTIONAL ATMs -> BIOMETRIC ATMs Environmental Concerns Environmental Concerns Security Concerns Security Concerns.

AN OVERVIEW OF BIOMETRIC ATMs. WHY ? CONVENTIONAL ATMs -> BIOMETRIC ATMs Environmental Concerns Environmental Concerns Security Concerns Security Concerns.
BTC - 1 Biometrics Technology Centre (BTC) Biometrics Solution for Authentication Prof. David Zhang Director Biometrics Technology Centre (UGC/CRC) Department.

BTC - 1 Biometrics Technology Centre (BTC) Biometrics Solution for Authentication Prof. David Zhang Director Biometrics Technology Centre (UGC/CRC) Department.
By: Monika Achury and Shuchita Singh

By: Monika Achury and Shuchita Singh
BIOMETRICS AND NETWORK AUTHENTICATION Security Innovators.

BIOMETRICS AND NETWORK AUTHENTICATION Security Innovators.
FIT3105 Biometric based authentication and identity management

FIT3105 Biometric based authentication and identity management
Introduction to Biometrics Dr. Pushkin Kachroo. New Field Face recognition from computer vision Speaker recognition from signal processing Finger prints.

Introduction to Biometrics Dr. Pushkin Kachroo. New Field Face recognition from computer vision Speaker recognition from signal processing Finger prints.
PALM VEIN TECHNOLOGY.

PALM VEIN TECHNOLOGY.
Biometrics and Authentication Shivani Kirubanandan.

Biometrics and Authentication Shivani Kirubanandan.
B IOMETRICS Akash Mudubagilu Arindam Gupta. O VERVIEW What is Biometrics? Why Biometrics? General Biometric System Different types of Biometrics Uses.

B IOMETRICS Akash Mudubagilu Arindam Gupta. O VERVIEW What is Biometrics? Why Biometrics? General Biometric System Different types of Biometrics Uses.
Security-Authentication

Security-Authentication
A survey of image-based biometric identification methods: Face, finger print, iris, and others Presented by: David Lin ECE738 Presentation of Project Survey.

A survey of image-based biometric identification methods: Face, finger print, iris, and others Presented by: David Lin ECE738 Presentation of Project Survey.
DATA PROTECTION OFFICE TITLE:-THE CHALLENGES IMPOSED BY BIOMETRIC TECHNOLOGY ON DATA PROTECTION AND PRIVACY PRESENTED BY MRS DRUDEISHA CAULLYCHURN- MADHUB.

DATA PROTECTION OFFICE TITLE:-THE CHALLENGES IMPOSED BY BIOMETRIC TECHNOLOGY ON DATA PROTECTION AND PRIVACY PRESENTED BY MRS DRUDEISHA CAULLYCHURN- MADHUB.
Karthiknathan Srinivasan Sanchit Aggarwal

Karthiknathan Srinivasan Sanchit Aggarwal
Zachary Olson and Yukari Hagio CIS 4360 Computer Security November 19, 2008.

Zachary Olson and Yukari Hagio CIS 4360 Computer Security November 19, 2008.

Similar presentations

Ads by Google