1 / 24

User Authentication

User Authentication. Overview. Means of Authentication. Something the individual: Knows Password, Pin, answer to questions Possesses Keycards, smart cards, physical keys Is (static biometric) Fingerprints, retina(iris), face Does (dynamic biometrics) Voice, handwriting,typing rhythm.

karl
Télécharger la présentation

User Authentication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. User Authentication

  2. Overview

  3. Means of Authentication • Something the individual: • Knows • Password, Pin, answer to questions • Possesses • Keycards, smart cards, physical keys • Is (static biometric) • Fingerprints, retina(iris), face • Does (dynamic biometrics) • Voice, handwriting,typing rhythm

  4. Password • ‘Normal ‘ • Hashed password • Using salt • Shadow password file • Token based password • Often combined with cards / PINs etc

  5. Hashed password

  6. Password using salt

  7. Some Password Attacks • Offline dictionary attack • Distr.Password-cracking, OPHcrack • Need the passwordfile (<> access control to file) • Specific account attack • Need a userid (<> # trials) • Popular password attack • Need userID(s) (<> non trivial passwords) • Password guessing against one user • Need knowlegde of a user (<> non trivial passwords) • Computer hijacking • Need physical acces to a foreign computer (<> timeout lockout) • Exploiting user mistakes • Need user mistaks like password on ‘postITs’

  8. Password choices

  9. Control passwords • User education • Computer generated • Reactive password checking • Proactive password checking • Size, Characters, dictionary

  10. Biometrics • Faced problems • Positive, Negative • False Positive, False Negative

  11. Access control

  12. Access Control Policies • Discretionary Access control (DAC) • User <-> ressource (linux/unix) • Mandatory Access control (MAC) • User level <-> ressource level (millitary) • Role-Based Access control (RBAC) • Users role <-> ressource (windows)

  13. DAC

  14. Example Unix classic

  15. RBAC

  16. RBAC cont

  17. Windows Active Directory • The windows X.500 (directory service) • Same information structures as DNS • E.g. tree – laerer.rhs.dk • Integrated with windows domain concepts • Primary doamin server, Backup domain servers • Domain = tree of information • Several domains = forest  • Activating: Normally part of installation • When install windows server – asked to install domain (i.e. also define SoA of DNS (=tree root))

  18. Example Figure 1.10 Distinguished Name for the User Object JSmith Note

  19. Users and groups (for RBAC) • Users are created – lots of attributes / information possible to added • Create groups – less attributes • Mostly members etc. • Consider type of group • Universal group – logical (spanning the forest) • Global group – logical (spanning one domain) • Domain Local group (for physical access control)

  20. User create

  21. Different groups

  22. New user - passwords

  23. Access rights

More Related