1 / 19

8-Authentication

8-Authentication. Dr. John P. Abraham Professor UTPA. Authentication Attacks. Particularly attacks university computers Primarily originating from Korea, China, India, Japan, Iran and Taiwan. Authentication and Access Control Terminology.

pegeen
Download Presentation

8-Authentication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 8-Authentication Dr. John P. Abraham Professor UTPA

  2. Authentication Attacks • Particularly attacks university computers • Primarily originating from Korea, China, India, Japan, Iran and Taiwan

  3. Authentication and Access Control Terminology • Access control is the process by which resources or services are granted or denied • Identification – presentation of credentials • Authentication – verification of the credentials that they are genuine • Authorization – granting permission for admittance • Access – right to use specific resources • Accounting – measures the resources a user consumes. May provide evidence of problems from log files.

  4. One-time passwords • System generates a unique password on demand that is not reusable. • Time-synchronized OTP used in conjunction with a token. The token is something like a modern keyless car key. The server and the token uses similar algorithm to generate a key every 30 to 60 seconds. The key is only valid as long as it is displayed on the token. It can be used to login with a user name just once. • Challenge based OTP. When a user attempts to login, the server issues a random number. This number is entered into the token which generates a key.

  5. One-Time Passwords (continued) Security+ Guide to Network Security Fundamentals, Third Edition 5

  6. Standard Biometrics • A persons unique characteristics. • Fingerprints, faces, hands, irises and retinas.

  7. Standard Biometrics (continued) Security+ Guide to Network Security Fundamentals, Third Edition 7

  8. Behavioral biometrics • Keystroke dynamics • User’s unique typing rhythm – dwell time (time to press and release) and flight time (time between keystrokes) • Voice recognition • Computer footprinting (computer habits of a person). Suppose person usually access the bank record from home at certain time.

  9. Cognitive biometics • Related to the perception, thought process and understanding of the user. User’s life experiences. Such as memorable events, specific questions only the person would know.

  10. Authentication Models • Single and multi-factor authentication • Single sign-on – one authentication to access multiple accounts or applications. Example windows live id. • Windows live id was introduced in 1999 as .net passport. • When a user wants to log into a web site that supports windows live id, the user will first be redirected to the nearest authentication server, where he/she enters the name and password; once authenticated the user is given an encrypted time-limited global cookie that is stored along with an encrypted id tag. This id tag is then sent to the web site, which in turn checks the cookie on the users computer, and places its on cookie. The use of global and local cookies is the basis of live id.

  11. Windows CardSpace • Provides users with control of their digital identities. • Allows users to create and use virtual business cards that contain information that identifies the user. Websites can ask for their card rather than requiring them for username and password. • Users can download cards from identity providers such as their bank or e-commerce website (managed cards). Personal cards are general-purpose information card created by the user himself. http://www.microsoft.com/windows/products/winfamily/cardspace/default.mspx

  12. OpenId • decentralized authentication • Open source federated identity management • url based identity system. Example, myopenid.com creates a web url for you. http://jpabraham.myopenid.com/

  13. Authentication servers • Dedicated servers for AAA (authentication, authorization, accounting) • Example: Radius, Kerberos, CACACS+ • Also generic servers built on lightweight Directory Access Protocol (LDAP)

  14. RADIUS • Remote Authentication Dial in User Service • Developed in 1992 • Suitable for high-volume service such as dial in access to corporate network • Allows an organization to maintain user profiles in a central database that all remote servers can share

  15. KERBEROS • Developed by MIT • Can be used with vista, win 2008, apple mac os x, and linux • When user wants to use a network service, the user is issued a ticket by Kerberos (which is very similar to a driver license, used to cash checks)

  16. LDAP • Runs over TCP/IP, making it ideal for Internet and intranet application • Developed by Netscape communications and the university of mitchigan in 1996

  17. Remote Authentication and Security • Remote Access Services (RAS)-Microsoft’s built-in remote access modem tools for windows NT • VPNs - Remote-access vpn and virtual private dial-up network • Can be software based or hardware based.

  18. VPNs • Uses an unsecured public network such as the internet as if it were a secure network. • It does this by encrypting data that is transmitted between the remote device and the network. • Remote access VPN ( virtual private dialup network) • User-to-LAN • Site-to-site vpn: multiple sites connects together. (lan to lan) • VPN concentrator is a dedicated hardware which aggregates multiple connections

  19. Software VPNs • When VPNs on two ends are not controlled by the same company, it is better to use software based VPN. • Best for travelling people, because they do not have carry another hardware. • Does not have quite the security of the hardware devices. • Does not have the same performance as the hardware devices.

More Related