Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 4 – Protection in General-Purpose Operating Systems Section 4.5 User Authentication.

Published byPamela Park Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 4 – Protection in General-Purpose Operating Systems Section 4.5 User Authentication."— Presentation transcript:

1 Chapter 4 – Protection in General-Purpose Operating Systems Section 4.5 User Authentication

2 In this section Authentication Passwords Effective passwords Breaking passwords One-Time Systems Biometrics

3 User Authentication Most software and OS base there security on knowing who the user is Authentication based on 1 of 3 qualities: Something the user knows – Passwords, PIN, passphrase Something the user has – Key, license, badge, username Something the user is – physical characteristics or biometrics Two forms of these can be combined together

4 Passwords as Authenticators Most common authentication mechanism Password – a word unknown to users and computers Problems with passwords: Loss Use – time consuming if used on each file or access Disclosure – if Malory finds out the password might cause problems for everyone else. Revocation – revoke one persons right might cause problems with others

5 Additional Authentication Information Placing other condition in place can enforce the security of a password Other methods: Limiting the time of access Limiting the location of access Multifactor Authentication is using additional forms of authentication The more authentication factors cause more for the system and administrator to manage

6 Attacks on Passwords Figuring out a password Try all possible passwords Try frequently used passwords Try passwords likely for the user Search for the system password list Ask the user Loose-Lipped Systems Authentication system leaks information about the password or username Provides information at inconvenient times

7 Exhaustive Attack Brute force attack is when the attacker tries all possible passwords Example: 26 (A-Z)character password of length 1 to 8 characters One password per millisecond would take about two months But we would not need to try every password

8 Password Problems Probable Passwords Passwords Likely for a user Weakness is in the users choice Weakness is in the control of the system Look at table 4-2 on page 225

9 Figure 4-15 Users’ Password Choices.

10 Password Selection Criteria Use characters other than just A-Z Choose long passwords Avoid actual names or words Choose an unlikely password Change the password regularly Don’t write it down Don’t tell anyone else – beware of Social Engineering

11 One-Time Passwords Password that changes every time Also known as a challenge-response systems F(x)=x+1 - use of a function F(x)=r(x) – Seed to a random number generator F(a b c d e f g) = b d e g f a c – transformation of a character string F(E(x))=E( D (E (x)) + 1 ) – Encrypt value must be decrypted and run through a function

12 The Authentication Process Slow response from system Limited number of attempts Access limitations Fixing Flaws with a second level of protection Challenge-Response Impersonation of Login

13 Biometrics Biometrics are biological authenticators Problems with Biometrics Still a relatively new concept Can be costly Establishing a threshold Single point of failure False positives Speed can limit accuracy Forgeries are possible

Download ppt "Chapter 4 – Protection in General-Purpose Operating Systems Section 4.5 User Authentication."

Similar presentations

Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
7-1 Last time Protection in General-Purpose Operating Systems History Separation vs. Sharing Segmentation and Paging Access Control Matrix Access Control.

7-1 Last time Protection in General-Purpose Operating Systems History Separation vs. Sharing Segmentation and Paging Access Control Matrix Access Control.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
95752:3-1 Access Control. 95752:3-2 Access Control Two methods of information control: –control access –control use or comprehension Access Control Methods.

95752:3-1 Access Control :3-2 Access Control Two methods of information control: –control access –control use or comprehension Access Control Methods.
CS470, A.SelcukAuthentication Systems1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukAuthentication Systems1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
Chapter 9 Security 9.4 - 9.6 Authentication Insider Attacks Exploiting Code Bugs.

Chapter 9 Security Authentication Insider Attacks Exploiting Code Bugs.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.

MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.
Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.

Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.

14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
Lecture 19 Overview. User Authentication Systems often have to identify and authenticate users – OS when a user logs in – Web server before handing out.

Lecture 19 Overview. User Authentication Systems often have to identify and authenticate users – OS when a user logs in – Web server before handing out.
CSC 386 – Computer Security Scott Heggen. Agenda Authentication.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication.
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.

CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.
CIS 450 – Network Security Chapter 8 – Password Security.

CIS 450 – Network Security Chapter 8 – Password Security.

Similar presentations

Ads by Google