1 / 13

Chapter 4 (Part 2) Network Security

Chapter 4 (Part 2) Network Security. Chapter 4 – Protection in General-Purpose Operating Systems Section 4.5 User Authentication. In this section . Authentication Passwords Effective passwords Breaking passwords One-Time Systems Biometrics. User Authentication.

overton
Télécharger la présentation

Chapter 4 (Part 2) Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 4 (Part 2)Network Security Chapter 4 – Protection in General-Purpose Operating Systems Section 4.5 User Authentication

  2. In this section • Authentication • Passwords • Effective passwords • Breaking passwords • One-Time Systems • Biometrics

  3. User Authentication • Most software and OS base there security on knowing who the user is • Authentication based on 1 of 3 qualities: • Something the user knows – Passwords, PIN, passphrase • Something the user has – Key, license, badge, username • Something the user is – physical characteristics or biometrics • Two forms of these can be combined together

  4. Passwords as Authenticators • Most common authentication mechanism • Password – a word unknown to users and computers • Problems with passwords: • Loss • Use – time consuming if used on each file or access • Disclosure – if Malory finds out the password might cause problems for everyone else. • Revocation – revoke one persons right might cause problems with others

  5. Additional Authentication Information • Placing other condition in place can enforce the security of a password • Other methods: • Limiting the time of access • Limiting the location of access • Multifactor Authentication is using additional forms of authentication • The more authentication factors cause more for the system and administrator to manage

  6. Attacks on Passwords • Figuring out a password • Try all possible passwords • Try frequently used passwords • Try passwords likely for the user • Search for the system password list • Ask the user • Loose-Lipped Systems • Authentication system leaks information about the password or username • Provides information at inconvenient times

  7. Exhaustive Attack • Brute force attack is when the attacker tries all possible passwords • Example: • 26 (A-Z)character password of length 1 to 8 characters • One password per millisecond would take about two months • But we would not need to try every password

  8. Password Problems • Probable Passwords • Passwords Likely for a user • Weakness is in the users choice • Weakness is in the control of the system • Look at table 4-2 on page 225

  9. Figure 4-15  Users’ Password Choices.

  10. Password Selection Criteria • Use characters other than just A-Z • Choose long passwords • Avoid actual names or words • Choose an unlikely password • Change the password regularly • Don’t write it down • Don’t tell anyone else – beware of Social Engineering

  11. One-Time Passwords • Password that changes every time • Also known as a challenge-response systems • F(x)=x+1 - use of a function • F(x)=r(x) – Seed to a random number generator • F(a b c d e f g) = b d e g f a c – transformation of a character string • F(E(x))=E( D (E (x)) + 1 ) – Encrypt value must be decrypted and run through a function

  12. The Authentication Process • Slow response from system • Limited number of attempts • Access limitations • Fixing Flaws with a second level of protection • Challenge-Response • Impersonation of Login

  13. Biometrics • Biometrics are biological authenticators • Problems with Biometrics • Still a relatively new concept • Can be costly • Establishing a threshold • Single point of failure • False positives • Speed can limit accuracy • Forgeries are possible

More Related