240 likes | 428 Vues
CS 736 A methodology for Analyzing the Performance of Authentication Protocol by Laseinde Olaoluwa Peter Department of Computer Science West Virginia University olaseind@mix.wvu.edu. Outline What is an authentication protocol? Password Authentication Scheme
 
                
                E N D
CS 736A methodology for Analyzing the Performance of Authentication ProtocolbyLaseinde Olaoluwa Peter Department of Computer ScienceWest Virginia Universityolaseind@mix.wvu.edu
Outline • What is an authentication protocol? • Password Authentication Scheme • Token Based Authentication (Smart card) • Biometric Authentication Protocol • Multiple Authentication System
What are authentication protocols? • The different schemes used to grant or decline access to a place/location. • Establish the identity of a person. • Establish a communication securely
Outline • What is an authentication protocol? • Password Authentication Scheme • Token Based Authentication (Smart card) • Biometric Authentication Protocol • Multiple Authentication System
Password Authentication scheme • Most widely used authentication protocol • Encryption and decryption of password are done using algorithms • Symmetric and Asymmetric encrypting techniques
Advantages • Least expensive authentication method to use. • No need to carry hardware device. • User IDs and passwords can be changed at the user's choice. Disadvantages • Not fully reliable when used for making financial transactions remotely, such as fund transfers and bill payments through an Internet banking channel. • Security depends on the users' ability to maintain the user ID and password secret.
Outline • What is an authentication protocol? • Password Authentication Scheme • Token Based Authentication (Smart card) • Biometric Authentication Protocol • Multiple Authentication System
Token based Authentication (smart card) • Takes the form of ID cards e.g. student card, debit/credit cards, insurance cards gives access to Laboratories and other facilities on campus, ATMs and Library. • Comes with single or multiple processors.
Advantages • More secure to use than the normal user ID or password. • Difficult for non-authorized users to extract the private key when stored on a smart card. Disadvantages • Requires users to carry a smart card. • Need for regular renewals
Outline • What is an authentication protocol? • Password Authentication Scheme • Token Based Authentication (Smart card) • Biometric Authentication Protocol • Multiple Authentication System
Biometric Authentication Defines “who you are” not “what you have” or “what you can remember”
Biological and behavioral characteristics • Finger prints Ridges and valleys Minutiae • Face • Hand/finger geometry • Iris • Voice
Definitions • False Acceptance Rate (FAR): Probability that a biometric system falsely recognizes different characteristics as identical, thus failing to reject, for example, a potential intruder. • False Rejection Rate (FRR): Probability that a biometric system falsely recognizes identical characteristics as being different, thus, for example refusing to accept an authorized person. • False Match Rate (FMR):This indicates the proportion of persons who, when comparing characteristics, were falsely accepted.
Definitions continued… • False Non-Match Rate (FNMR): This indicates the proportion of persons who, when comparing characteristics, were falsely not accepted. • Failure to Acquire (FTA): This is the attempts that were previously rejected due to a low quality of the image, this is also the proportion of times the biometric device fails to capture a sample when the biometric characteristic is presented to it. • Failure to Enroll (FTE):This is a measure of the proportion of users that cannot be successfully enrolled in a biometric system
Relationship between the False match rate and False non-match • Performance in terms of effectiveness
Performance in terms of effectiveness • A comparison of the false accept rate and the false reject rate
Advantages • Can be used for accessing high-security systems and sites • Different options are available, finger print, iris, voice, hand geometry, face. • You do not need to carry any physical item. Disadvantages • It could be expensive e.g cost of scanners, support and maintenance • High deployment cost • May not be suitable for mass-consumer deployment • Performance is not 100%
Outline • What is an authentication protocol? • Password Authentication Scheme • Token Based Authentication (Smart card) • Biometric Authentication Protocol • Multiple Authentication System
Multiple authentication System • Having a combination of two or more authentication protocols • ATM machine which makes use of both the smart card and also a pin for authentication.