Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authentication: Overview

Published byRandell Bradford Modified over 9 years ago

Similar presentations

Presentation on theme: "Authentication: Overview"— Presentation transcript:

1 Authentication: Overview
Paul Bui

2 What is authentication?
Positive verification of identity (man or machine) Verification of a person’s claimed identity Who are you? Prove it. 3 Categories: What you know What you have Who you are

3 What you know Password Passphrase PIN

4 What you have Digital authentication Common examples:
physical devices to aid authentication Common examples: eToken smart cards RFID

5 eToken Can be implemented on a USB key fob or a smart card
Data physically protected on the device itself On the client side, the token is accessed via password Successful client-side authentication with the password invokes the token to generate a stored or generated passcode, which is sent to the server-side for authentication.

6 eToken May store credentials such as passwords, digital signatures and certificates, and private keys Can offer on-board authentication and digital signing

7 Smart cards Size of a credit card
Usually an embedded microprocessor with computational and storage capabilities Programmable platforms: C/C++ Visual Basic Java .Net (beta)

8 Smart Cards cont’d Contact vs. contactless Memory vs. microprocessor

9 RFID RFID - Radio Frequency IDentification
Integrated circuit(s) with an antenna that can respond to an RF signal with identity information No power supply necessary—IC uses the RF signal to power itself Susceptible to replay attacks and theft Examples: Smart Tag, EZPass Garage parking permits

10 RFID 13.56Mhz read/write support
May communicate with a variety of transponders (ISO15693, ISO14443 Type A & B, TagIt, Icode, etc.) Reader is controlled via PCMCIA interface using an ASCII protocol

11 Who you are Biometric authentication Biometric reading
Use of a biometric reading to confirm that a person is who he/she claims to be Biometric reading A recording of some physical or behavioral attribute of a person

12 Physical Biometrics Fingerprint Iris Hand Geometry Finger Geometry
Face Geometry Ear Shape Retina Smell Thermal Face Hand Vein Nail Bed DNA Palm Print

13 Behavioral Biometrics
Signature Voice Keystroke Gait

14 Fingerprints Vast amount of data available on fingerprint pattern matching Data originally from forensics Over 100 years of data to draw on Thus far all prints obtained have been unique

15 Fingerprint Basics Global features Local features
Features that can be seen with the naked eye Basic ridge patterns Local features Minutia points Tiny unique characteristics of fingerprint ridges used for positive identification

16 Basic Ridge Patterns Loop Arch Whorl 65% of all fingerprints
Plain and tented arch Whorl 30% of all fingerprints One complete circle

17 Local Features Also known as minutia points
Used for positive identification Two or more individuals may have the same global features, but different minutia Minutia points do not have to be inside the pattern area

18 Types of Minutia Ridge ending Ridge bifurcation Ridge divergence
Dot or island – ridge so short it appears to be a dot Enclosure – ridge separates and then reunites around an area of ridge-less skin Short ridge – bigger than a dot

19 Minutia Characteristics
Orientation The direction the minutia is facing Spatial frequency How far apart the ridges are around the point Curvature Rate of change of orientation Position X,Y location relative to some fixed points

20 Algorithms Image-based Pattern-based Minutia-based

21 Fingerprint Scanners Digital Persona U.are.U Pro HP IPAQ
IBM Thinkpad T42

22 Biometric Authentication Terms
False Acceptance Rate (FAR) False Match Rate (FMR) Percentage of access attempts by unauthorized individuals which are nevertheless successful False Rejection Rate (FRR) False Non-Match Rate (FNMR) Percentage of access attempts by enrolled individuals who are nevertheless rejected Equal Error Rate FAR = FRR

23 Review: Three Categories
What you know Password PIN What you have e-Token RFID Who you are Biometrics

24 Enrollment

25 Verification

26 Motivation Real-world considerations: What you know and what you have
Can be stolen or forgotten Susceptible to replay attacks Who you are Unique biometrics that hinder replay attacks and imposters Privacy issues arise

27 Authentication Token Formats
A security token (authentication token) is a representation of security-related data (not to be confused with an e-Token) Examples: X.509 certificates Kerberos tickets Custom security tokens

28 X.509 Certificates Use of digital certificates issued by a trusted Certificate Authority (e.g. VeriSign) A Digital Certificate contains information to assert an identity claim Name Serial number Expiration dates Certificate holder’s public key (used for encrypting/decrypting messages and digital signatures) Digital signature of Certificate Authority (so recipient knows that the certificate is valid) The recipient may confirm the identity of the sender with the Certificate Authority

29 Kerberos Tickets Clients share secret symmetric key with server
Clients login to authentication server Server returns a Ticket-Granting Ticket (TGT) encrypted with client’s key Client sends decrypted TGT to Ticket Granting Service TGS sends ticket authorizing network access and certain services Session ticket data: Name Network address Time stamp Expiration dates Session key

30 Custom Security Tokens
May contain additional context information: Access method wired, local terminal wired remote terminal wireless PDA Authentication method Password e-Token Fingerprint Trust level

31 Trust Level Extension Different trust levels for devices with different levels of implementation reliability Still very abstract and should be further developed definition representation storage exchange verification translation across trust domains

32

33 Example Authentication (Security) Token Request
<AuthenticationToken> <CreatedAt>08/03/2004 8:00:00 AM</CreatedAt> <ExpiresAt>08/03/2004 5:00:00 PM</ExpiresAt> <Username>Weaver</Username> <KeyStr>FINGERPRINT_KEY_STRING</KeyStr> <Technology>Fingerprint</Technology> </AuthenticationToken>

34 Example Authentication (Security) Token Reply
<TrustLevelSecToken> <CreatedAt>08/03/2004 8:00:00 AM</CreatedAt> <ExpiresAt>08/03/2004 5:00:00 PM</ExpiresAt> <UserID>5323</UserID> <TrustLevel>Fingerprint</TrustLevel> <TokenIssuer> <TrustAuthority> </TrustLevelSecToken>

35 Bibliography Authentication Kerberos CS453 class slides
L. O’Gorman, “Comparing Passwords, Tokens, and Biometrics for User Authentication,” Proc. IEEE, Vol. 91, No. 12, Dec. 2003, pp Kerberos CS453 class slides

Download ppt "Authentication: Overview"

Similar presentations

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
(Biometrics Consortium)

(Biometrics Consortium)
Authentication Chapter 2. Learning Objectives Create strong passwords and store them securely Understand the Kerberos authentication process Understand.

Authentication Chapter 2. Learning Objectives Create strong passwords and store them securely Understand the Kerberos authentication process Understand.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Authentication & Kerberos

Authentication & Kerberos
ELECTRONIC PRESCRIPTIONS Basia Korel Kendra Wadsworth.

ELECTRONIC PRESCRIPTIONS Basia Korel Kendra Wadsworth.
BIOMETRICS AND NETWORK AUTHENTICATION Security Innovators.

BIOMETRICS AND NETWORK AUTHENTICATION Security Innovators.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Department of Electrical and Computer Engineering Physical Biometrics Matthew Webb ECE 8741.

Department of Electrical and Computer Engineering Physical Biometrics Matthew Webb ECE 8741.
Introduction to Biometrics Dr. Pushkin Kachroo. New Field Face recognition from computer vision Speaker recognition from signal processing Finger prints.

Introduction to Biometrics Dr. Pushkin Kachroo. New Field Face recognition from computer vision Speaker recognition from signal processing Finger prints.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
SE571 Security in Computing

SE571 Security in Computing
Biometrics and Authentication Shivani Kirubanandan.

Biometrics and Authentication Shivani Kirubanandan.
Marjie Rodrigues 411154.

Marjie Rodrigues
Security-Authentication

Security-Authentication
1J. M. Kizza - Ethical And Social Issues Module 16: Biometrics Introduction and Definitions Introduction and Definitions The Biometrics Authentication.

1J. M. Kizza - Ethical And Social Issues Module 16: Biometrics Introduction and Definitions Introduction and Definitions The Biometrics Authentication.
Module 14: Biometrics Introduction and Definitions The Biometrics Authentication Process Biometric System Components The Future of Biometrics J. M. Kizza.

Module 14: Biometrics Introduction and Definitions The Biometrics Authentication Process Biometric System Components The Future of Biometrics J. M. Kizza.

Similar presentations

Ads by Google