1 / 23

Authentication Approaches over Internet

Authentication Approaches over Internet. Jia Li jl3272@columbia.edu. What is authentication? Authentication is a process by which the identity of a user accessing a network or other source of information is verified. Why do we need authentication?

kimball
Télécharger la présentation

Authentication Approaches over Internet

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Authentication Approaches over Internet Jia Li jl3272@columbia.edu

  2. What is authentication? Authentication is a process by which the identity of a user accessing a network or other source of information is verified. • Why do we need authentication? To prevent sniffers from counterfeiting the identity of legal users

  3. Authentication approaches ● Username/password Authentication ● Device-based Authentication ○ USB-Key Authentication ○ Dynamic Password Authentication ● Biometric Authentication

  4. Username/password Authentication • Basic mechanism PAP (password Authentication Protocol)

  5. Obvious disadvantages ● Passwords are exposed over Internet when transmitted from client to server ● Sniffer can easily steal and read the password, and then counterfeit as the user to send password to the server A way to prevent plaintext password? 

  6. Improved mechanism Encrypt passwords by hash function and random variable ● Hash Function ○ takes in arbitrary block of data and returns a fix-sized bit string as hash value ○ one-way function: extremely difficult to inverse the function and to get its original input data from hash value ○ impossible to modify the original data without changing its hash value ○ there are never two messages having the same hash value

  7. ● Authentication Process client: send passwords encrypted by hash function to the server server: compute the expected hash value and compare it with the received hash value from the client

  8. ● Advantages ○ passwords are not exposed directly over Internet ○ sniffer cannot know the original password even if he catches the hash value ● disadvantage Sniffers can still counterfeit user’s identity by sending the hash value it caught to the server without knowing the real password (because password remains the same)

  9. ● Random variable To make password different and unique every time it is sent to the server

  10. ● Advantage Sniffers cannot use the information he captured in the previous communication to login as the user because password is changeable. ● Disadvantage If final password is still transmitted in plain text, the random variable will not make any sense, because real password is fixed in every different password. Problem solved by combination 

  11. ● Combination of hash function and random variable ● password is changeable ● sniffers cannot get original password from hash value

  12. Device-based Authentication • USB-key authentication ● Device ○ a hardware device with USB interface ○ stores user’s key in memory disk (PIN) ○ memory space cannot be read or written directly

  13. ● Authentication Process (impulse/response) • User enters PIN on web page • USB-key applies MD5 to the random series numbers and user’s key • Generate a hash value

  14. ● Advantages ○ user’s key is neither exposed onto Internet nor stored in the computer ○ the value in every response is different ● Disadvantage Since PIN is still entered via website, sniffers can get it easily. Once the user failed to push out USB-key in time, sniffers can use PIN they caught to get the authority of the USB-key.

  15. Dynamic password authentication ● Device ○ A small hardware having a LCD with its own battery ○ password generation chip in it can apply a special algorithm to device ID, user’s key and the present time, and then display the password on LCD

  16. ● Authentication process

  17. ● Advantages ○ device ID and user’s key is neither exposed over Internet nor stored in the computer ○ the generated password is changeable every minute ● Disadvantage The synchronization mechanism should perform very well so that the result computed by the server can correspond to the received value.

  18. Biometric Authentication • What is biometric authentication Biometric authentication is a kind of technique that authenticates user’s identity by using everyone’s unique biological characteristics, such as face, fingerprint, retina, voice and even action postures. ■ Most reliable because it is unique and cannot be counterfeited

  19. Fingerprint- an ideal way for biometric authentication ● unique, guarantee the one-to-one reflection between user and authentication information ● stable and will not change easily, guarantee the long time validity of the authentication information ● can be scanned quickly and conveniently ● ten different fingerprints, increase the level of security ● the authentication information is not necessary the integrated fingerprint image but can be some essential features. Save storage space in the server.

  20. Authentication process • Scanner captures the image of fingerprint • The image is put into feature extraction template • Full image is translated into reduced presentation of major features

  21. Advantage Reliable! ■ Disadvantage ● device costs much ● the installation and portability of the device on the client is a problem ● getting the sample of biometric characters is sometimes not convenient

  22. Conclusion

  23. Thank you!

More Related