1 / 11

COEN 351

COEN 351. Authentication. Authentication. Authentication is based on What you know Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card What you are Biometrics: fingerprints, Iris, voice, … Where you are IP-address (not very secure), …

blaism
Télécharger la présentation

COEN 351

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. COEN 351 Authentication

  2. Authentication • Authentication is based on • What you know • Passwords, Pins, Answers to questions, … • What you have • (Physical) keys, tokens, smart-card • What you are • Biometrics: fingerprints, Iris, voice, … • Where you are • IP-address (not very secure), … • Who else trusts you • Certification by trusted third party, …

  3. Authentication • Passwords, Pins, … threatened by • External disclosure • Looking over the shoulder, social engineering • Guessing • Brute forcing, dictionary attack, … • Snooping • Finds unencrypted passwords • Circumvention through replay • Host compromise • That hands out password file.

  4. Authentication • Password protection mechanisms • Transformation: Password presented by user to client is hashed, hash is sent to server. Server compares with hash of password. • UNIX Salting: Each hash is different. • Challenge-response • Protects against replay attacks. • Time stamps • Authentication request from client to server depends on time. • Protects against replays. • One-time passwords • Digital Signature with every request. • Zero-Knowledge techniques

  5. Authentication Kerberos: • Authentication system based on symmetric cryptography • For patent reasons

  6. Kerberos • Every user / client / server shares a key with the authentication server. • Authentication server hands out tickets to all other servers.

  7. Kerberos • First exchange between user and Authentication Server establishes a session key. • This way, the same key is used only sparingly.

  8. Key Distribution Center • KDC: • Database of keys for all users • Invents and hands out keys for each transaction between clients. Alice KDC Bob Alice wants Bob KAlice{ KAB for Bob } KBob{KAB for Alice}

  9. Personal Tokens • Small hardware devices that use a pin to unlock. • Storage Token: contains a secret value. • Synchronous one-time password generator • Generates a new password once a minute. • Challenge Response: • Implements the calculation of the response from a challenge according to a secret algorithm. • Digital Signature Token: • Calculates digital signature from message MAC.

  10. Personal Tokens • Human Interface Token. • Handheld with digital display (and keyboard). • Smartcard • Dimensions and contacts standardized by ISO/IEC. • PCMCIA card • USB token

  11. Biometrics • Fingerprint recognition • Voice recognition • Handwriting recognition • Face recognition • Retinal scan • Hand geometry recognition

More Related