1 / 0

Computer Security Set of slides 6

Computer Security Set of slides 6. Dr Alexei Vernitski. Methods of user authentication. Knowledge-based (‘what the user knows’) Token-based (‘what the user has’) Identity-based (‘what the user is’). Knowledge-based user authentication. Passwords Any other examples?.

darrin
Download Presentation

Computer Security Set of slides 6

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer SecuritySet of slides 6

    Dr Alexei Vernitski
  2. Methods of user authentication Knowledge-based (‘what the user knows’) Token-based (‘what the user has’) Identity-based (‘what the user is’)
  3. Knowledge-based user authentication Passwords Any other examples?
  4. Token-based user authentication Smartcards Electronic key fobs Other examples?
  5. Identity-based user authentication Fingerprint scanning Iris scanning Other examples?
  6. For discussion One recent research project studies whether a user can be authenticated by the way they sing. What type of user authentication is this? What are the advantages and disadvantages of this way of user authentication?
  7. For discussion Let us look at an example not directly related to computer security One typically thinks of DNA as the best possible way of biometric authentication What are possible issues with DNA-based authentication? A recent example: the cost of a DNA analysis to distinguish two persons is ‘upwards of 1m euros’ http://www.bbc.co.uk/news/world-europe-21401200
  8. For discussion Which ways of user authentication are cheaper? Which are more expensive? Which ways of user authentication are more usable?
  9. For discussion Which ways of user authentication are likely to result in false positives? Which ways of user authentication are likely to result in false negatives?
  10. For discussion Which ways of user authentication involve something that can be stolen? Or, can be lost? Or, can be copied? Or, can be forged?
  11. Challenge-response authentication This is done to protect passwords as they are entered For example, this is how smartcards are authenticated Pattern-based authentication is another example
  12. Challenge-response authentication smartcard authenticator The number is encrypted, with the password used as the key A random number is chosen The number is encrypted, with the password used as the key The cipher is sent back to the authenticator The two ciphers are compared
  13. Challenge-response authentication The image is taken from the paper: A pattern for successful authentication, by Stephen Howes, Computer Fraud & Security, Volume 2011, Issue 10, October 2011, Pages 13–15. What are the advantages and disadvantages of this authentication scheme?
  14. Combination of user authentication techniques How would you classify the authentication by an ATM? What are its advantages? Some airports authenticate passengers by the boarding pass and the hand scan – how would you classify this? What other useful combinations of authentication methods can you propose?
  15. Attacks against passwords Social engineering Shoulder-surfing More: passwords left on post-it notes unencrypted files containing passwords, note books with passwords in etc. computers left on trains etc. computers disposed incorrectly with files not deleted passwords may be sent over the network unencrypted passwords may be encrypted but are accessible in the encrypted form
  16. For discussion Banks can provide you with a special device which you can use for additional protection when you log in into the bank’s web site. How does this approach work? How would you classify it within the range of authentication methods?
  17. For discussion Password manager – good or bad?for example: https://lastpass.com/
  18. Baby monitoring cameras Hacker 'shouts abuse' via Foscam baby monitoring camera http://www.bbc.co.uk/news/technology-23693460
  19. An example of a phishing tweet The URL which appears in the tweet redirects the user to a fake Twitter login page http://precog.iiitd.edu.in/Publications_files/AA_AR_PK_eCRS_2012.pdf
  20. Hackers Say They’ve Cracked the iPhone’s Fingerprint Lock http://techland.time.com/2013/09/23/fantastisch-german-hackers-say-theyve-cracked-the-iphones-fingerprint-lock/
  21. Paypal bank account confirmation We’ll send 2 random deposits (both between 1p and 99p) to your bank account. You'll find them on your online bank statement within 2-3 working days, or on your next paper statement. How exactly does this protocol authenticates you? What types of fraud does it prevent? What types of fraud does it not prevent?
  22. Fridge sends spam emails as attack hits smart gadgets http://www.bbc.co.uk/news/technology-25780908 How could smart gadgets be prevented from being included in a botnet?
  23. Picture taken from: http://xkcd.com/936/
  24. Sample exam questions Name three main methods of user authentication and show how they can be combined for better security A company explains how one of their products works (example shown below):Entrust's patented grid card is a credit card-sized authenticator consisting of numbers and/or characters in a row-column format. Upon login, users are presented with a coordinate challenge and must respond with the information in the corresponding cells from the unique grid card they possess.Explain how this technology can improve your security.
More Related