SlideShare una empresa de Scribd logo

Iss lecture 5

Descargar como PPT, PDF
Ali Habeeb
Ali Habeeb
TecnologíaEmpresariales
1 de 26
Information System SecurityInformation System Security Lecture 5Lecture 5 User Authentication andUser Authentication and Cryptographic Key InfrastructureCryptographic Key Infrastructure
22 OutlineOutline  Entity AuthenticationEntity Authentication  Entity Authentication FunctionsEntity Authentication Functions – Something you haveSomething you have – Something you areSomething you are – Something you knowSomething you know  PasswordsPasswords  OTPOTP  Challenge-ResponseChallenge-Response  Cryptographic Key InfrastructureCryptographic Key Infrastructure
33 1. Entity Authentication1. Entity Authentication  The aim of this lecture is to present some techniques that allowsThe aim of this lecture is to present some techniques that allows one party (theone party (the verifierverifier) to gain assurances that the identity of) to gain assurances that the identity of another (theanother (the claimantclaimant) is as declared, thereby preventing) is as declared, thereby preventing impersonation.impersonation.  These techniques are referred to asThese techniques are referred to as identificationidentification,, entityentity authenticationauthentication, and, and identity verificationidentity verification..  Entity authentication is the process whereby one party is assuredEntity authentication is the process whereby one party is assured of the identity of a second party involved in a protocol, and thatof the identity of a second party involved in a protocol, and that the second has actually participated.the second has actually participated.
44 Entity authentication: UsesEntity authentication: Uses 1.1. Access controlAccess control – An entity, often human user, must provide assurance of their identity inAn entity, often human user, must provide assurance of their identity in real time in order to have access to either physical or virtual resources.real time in order to have access to either physical or virtual resources. 1.1. As part of a more complex cryptographic process:As part of a more complex cryptographic process: – Typically established at the start of a connection: an entity must provideTypically established at the start of a connection: an entity must provide assurance of their identity in real time in order for the extended processassurance of their identity in real time in order for the extended process to complete satisfactorily.to complete satisfactorily. – For example, the process of establishing a symmetric key that two usersFor example, the process of establishing a symmetric key that two users can use to immediately communicate with one another commonlycan use to immediately communicate with one another commonly involves mutual entity authentication in order to provide the two usersinvolves mutual entity authentication in order to provide the two users with sufficient assurance that they have agreed a key with the “correct”with sufficient assurance that they have agreed a key with the “correct” person.person.
55 Entity authentication: TypesEntity authentication: Types  Types of entity authentication:Types of entity authentication: – Unilateral entity authentication is assurance of the identity of one entity to another (and not vice-versa).  Examples: – Online shopping – File downloading – Mutual entity authentication occurs if both communicating entities provide each other with assurance of their identity.  Examples:Examples: – Online BankingOnline Banking – E-learningE-learning
66 2. Entity Authentication Functions2. Entity Authentication Functions  The most common ways of providing entity authentication are by using (a combination of) the following: – Something that you have – Something that you are – Something that you know
77 Something you haveSomething you have  Dumb tokens:Dumb tokens: – Any physical device without a memory that can be used as a type ofAny physical device without a memory that can be used as a type of electronic key.electronic key. – Dumb tokens typically operate with a reader that extracts someDumb tokens typically operate with a reader that extracts some information from the token and then indicates whether the informationinformation from the token and then indicates whether the information authenticates the entity or not.authenticates the entity or not. – A good example of a dumb token is a plastic card with a magnetic stripe.A good example of a dumb token is a plastic card with a magnetic stripe. The security of the card is based entirely on the difficulty of extractingThe security of the card is based entirely on the difficulty of extracting the information from the magnetic stripe.the information from the magnetic stripe. – It is common to combine the use of a dumb token with another entityIt is common to combine the use of a dumb token with another entity authentication technique, such as one based on something you know.authentication technique, such as one based on something you know.
88 Something you haveSomething you have  Smart cards:Smart cards: – A plastic card that contains a chip, which gives the card a limited amountA plastic card that contains a chip, which gives the card a limited amount of memory and processing power.of memory and processing power. – A smart card can store secret data more securely, and can also engage inA smart card can store secret data more securely, and can also engage in cryptographic processes that require some computations to be performedcryptographic processes that require some computations to be performed (e.g. challenge/response).(e.g. challenge/response). – Smart cards have limited memory and processing power, thus restrictingSmart cards have limited memory and processing power, thus restricting the types of operation that they can comfortably perform.the types of operation that they can comfortably perform. – Smart cards are widely used in most countries for banking operations,Smart cards are widely used in most countries for banking operations, electronic ticketing applications, etc.electronic ticketing applications, etc.
99 Something you areSomething you are  BiometricsBiometrics – Techniques for human user authentication that are based on physicalTechniques for human user authentication that are based on physical characteristics of the human body.characteristics of the human body. – A biometric control typically converts a physical characteristic into aA biometric control typically converts a physical characteristic into a digital template that is stored on a database. When the user physicallydigital template that is stored on a database. When the user physically presents themselves for entity authentication, the physical characteristic ispresents themselves for entity authentication, the physical characteristic is measured by a reader, digitally encoded, and then compared with themeasured by a reader, digitally encoded, and then compared with the template.template.
1010 Something you areSomething you are  Biometric system modelBiometric system model Raw data Extracted features Template Authentication decision Data collection Signal processing Matching Storage Match score DecisionApplication
1111 Something you areSomething you are  BiometricsBiometrics – StaticStatic (unchanging) measurements include fingerprints, hand geometry,(unchanging) measurements include fingerprints, hand geometry, face recognition, retina scan.face recognition, retina scan. – DynamicDynamic (changing) measurements include handwriting measurements(changing) measurements include handwriting measurements and voice recognition.and voice recognition. – There are many implementation issues and as yet entity authentication isThere are many implementation issues and as yet entity authentication is not widely provided using these techniques.not widely provided using these techniques.
1212 Something you areSomething you are Optical fingerprint sensor [Fingerprint Identification Unit FIU-001/500 by Sony] Fingerprints
1313 Something you knowSomething you know  Passwords: – Passwords are probably the most popular technique for providing entity authentication, despite concerns about how secure they actually are.  A password may be a sequence of charactersA password may be a sequence of characters – Examples: 10 digits, a string of letters,Examples: 10 digits, a string of letters, etcetc.. – Generated randomly, by user, by computer with user inputGenerated randomly, by user, by computer with user input  A password may be a sequence of wordsA password may be a sequence of words – Examples: pass-phrasesExamples: pass-phrases – AA pass-phrasepass-phrase is a sequence of characters that it is too long to be ais a sequence of characters that it is too long to be a password and it is thus turned into a shorter virtual password by thepassword and it is thus turned into a shorter virtual password by the password systempassword system  AlgorithmsAlgorithms – Examples: one-time passwords, challenge-response.Examples: one-time passwords, challenge-response.
1414 Password storagePassword storage  Passwords stored in plaintext filesPasswords stored in plaintext files – If password file compromised, all passwords are revealedIf password file compromised, all passwords are revealed – Usually password files are read- and write- protectedUsually password files are read- and write- protected  Passwords stored in encrypted filePasswords stored in encrypted file – Encrypted/hashed versions of passwords are stored in a password fileEncrypted/hashed versions of passwords are stored in a password file  Examples:Examples: – A Windows password is stored as a MD4 hash value.A Windows password is stored as a MD4 hash value. – A Unix password is stored as a Unix DES Encryption.A Unix password is stored as a Unix DES Encryption.
1515 Unix PasswordUnix Password  Example: Original UnixExample: Original Unix – A password is up to eight charactersA password is up to eight characters – The password is truncated to its first 8 ASCII characters, forming theThe password is truncated to its first 8 ASCII characters, forming the Unix DES keyUnix DES key – The key is used to encrypt the 64-bit constant 0.The key is used to encrypt the 64-bit constant 0. – The Unix DES is a variation of the standard DES.The Unix DES is a variation of the standard DES.  A 12-bitA 12-bit saltsalt is used to modify the expansion function in DES,is used to modify the expansion function in DES,  Then DES is iterated 25 timesThen DES is iterated 25 times – Thus the UNIX password is referred to asThus the UNIX password is referred to as salted passwordsalted password – Unix passwords are stored in fileUnix passwords are stored in file /etc/passwd/etc/passwd
1616 Attack on passwordsAttack on passwords  Replay of passwordsReplay of passwords – Specially when passwords are transmitted in cleartextSpecially when passwords are transmitted in cleartext  Exhaustive password searchExhaustive password search – Trying all possible passwordsTrying all possible passwords  Dictionary attackDictionary attack – Most users select passwords from a small subset of the password spaceMost users select passwords from a small subset of the password space (e.g., short passwords, dictionary words, proper names)(e.g., short passwords, dictionary words, proper names) – Dictionary attack: the attacker tries all possible words, found in anDictionary attack: the attacker tries all possible words, found in an available or on-line listavailable or on-line list
1717 Password selectionPassword selection  Problem: people pick easy to guess passwordsProblem: people pick easy to guess passwords – Based on account names, user names, computer names, place namesBased on account names, user names, computer names, place names – Too short, digits only, letters onlyToo short, digits only, letters only – License plates, acronyms, social security numbersLicense plates, acronyms, social security numbers – Personal characteristics (nicknames, job characteristics,Personal characteristics (nicknames, job characteristics, etcetc.).)  Good passwords can be constructed in several waysGood passwords can be constructed in several ways – Example: A password containing at least one digit, one letter, oneExample: A password containing at least one digit, one letter, one punctuation symbol, and one control character is usually a strongpunctuation symbol, and one control character is usually a strong passwordpassword
1818 One-Time PasswordsOne-Time Passwords  Problem with fixed passwords:Problem with fixed passwords: – If an attacker sees a password, he/she can laterIf an attacker sees a password, he/she can later replayreplay the passwordthe password  A partial solution: one-time passwordsA partial solution: one-time passwords – Password that can be used exactlyPassword that can be used exactly onceonce – After use, it is immediately invalidatedAfter use, it is immediately invalidated  ProblemsProblems – Synchronization of user and systemSynchronization of user and system – Generation of good random passwordsGeneration of good random passwords – Password distribution problemPassword distribution problem
1919 Challenge-ResponseChallenge-Response (Strong authentication)(Strong authentication)  Another alternative is to authenticate in such a way that theAnother alternative is to authenticate in such a way that the transmitted password changes each timetransmitted password changes each time  Let a userLet a user uu wishing to authenticate himself to a systemwishing to authenticate himself to a system SS. Let. Let uu andand SS have an agreed-on secret functionhave an agreed-on secret function ff. A. A challenge-responsechallenge-response authentication system is one in whichauthentication system is one in which SS sends a random messagesends a random message mm (the(the challengechallenge) to) to uu, and, and uu replies with the transformationreplies with the transformation rr == ff((mm) (the) (the responseresponse).). SS then validatesthen validates rr by computing itby computing it separately.separately.  TheThe challengechallenge may be a nonce, timestamp, sequence number, ormay be a nonce, timestamp, sequence number, or any combination.any combination.
2020 Challenge-ResponseChallenge-Response ((by symmetric-key techniques)  The user and system share a secret function f (in practice, f can be a known function with unknown parameters, such as a cryptographic key).  This called challenge-response by symmetric-key techniques. user system request to authenticate user system random message r (the challenge) user system f(r) (the response)
2121 Challenge-ResponseChallenge-Response (by public-key techniques)(by public-key techniques)  AA identifiesidentifies BB by checking whetherby checking whether BB holds the secret (private)holds the secret (private) keykey KRKRBB that matches the public keythat matches the public key KUKUBB  AA chooses a random challenge (nonce)chooses a random challenge (nonce) rrAA.. BB uses its randomuses its random noncenonce rrBB.. BB applies its public-key system for authenticationapplies its public-key system for authentication  Message sequence:Message sequence: 1.1. A → BA → B:: rrAA.. 2.2. B → AB → A:: rrBB,, EEKRKRBB (( rrAA,r,rBB))
2222 Cryptographic KeyCryptographic Key InfrastructureInfrastructure
2323 Cryptographic Key InfrastructureCryptographic Key Infrastructure  Goal: bind identity to keyGoal: bind identity to key  Symmetric Cryptography:Symmetric Cryptography: – Not possible as all keys are sharedNot possible as all keys are shared  Public key Cryptography:Public key Cryptography: – Bind identity to public keyBind identity to public key – Crucial as people will use key to communicate with principal whoseCrucial as people will use key to communicate with principal whose identity is bound to keyidentity is bound to key – Erroneous binding means no secrecy between principalsErroneous binding means no secrecy between principals – Assume principal identified by an acceptable nameAssume principal identified by an acceptable name
2424 CertificatesCertificates  A certificate is a token (message) containingA certificate is a token (message) containing – Identity of principal (e.g., Alice)Identity of principal (e.g., Alice) – Corresponding public keyCorresponding public key – Timestamp (when issued)Timestamp (when issued) – Other information (perhaps identity of signer)Other information (perhaps identity of signer) – Signature of a trusted authority (e.g., Cathy)Signature of a trusted authority (e.g., Cathy) CCAA == DDkvkv((KKpp || Alice |||| Alice || TT )) DDkvkv is Cathy’s private keyis Cathy’s private key CCAA is A’s certificateis A’s certificate
2525 Certificate UseCertificate Use  Bob gets Alice’s certificateBob gets Alice’s certificate – If he knows Cathy’s public key, he can validate the certificateIf he knows Cathy’s public key, he can validate the certificate  When was certificate issued?When was certificate issued?  Is the principal Alice?Is the principal Alice? – Now Bob has Alice’s public keyNow Bob has Alice’s public key  Problem:Problem: – Bob needs Cathy’s public key to validateBob needs Cathy’s public key to validate AliceAlice’s certificate’s certificate – Many solutions:Many solutions:  Public Key Infrastructure (PKI),Public Key Infrastructure (PKI),  Trust-based certificatesTrust-based certificates
2626 X.509 certificateX.509 certificate  Key certificate fields in X.509v3:Key certificate fields in X.509v3: – VersionVersion – Serial number (unique)Serial number (unique) – Signature algorithm identifier: hash algorithmSignature algorithm identifier: hash algorithm – Issuer’s name; uniquely identifies issuerIssuer’s name; uniquely identifies issuer – Interval of validityInterval of validity – Subject’s name; uniquely identifies subjectSubject’s name; uniquely identifies subject – Subject’s public keySubject’s public key – Signature:Signature:  Identifies algorithm used to sign the certificateIdentifies algorithm used to sign the certificate  Signature (enciphered hash)Signature (enciphered hash)  Issuer is called Certificate Authority (CA)Issuer is called Certificate Authority (CA)

Recomendados

Key management
Key managementKey management
Key managementSujata Regoti
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Dr. Kapil Gupta
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notesgangadhar9989166446
 
Classical Encryption Techniques
Classical Encryption TechniquesClassical Encryption Techniques
Classical Encryption Techniquesuniversity of education,Lahore
 
Chapter- I introduction
Chapter- I introductionChapter- I introduction
Chapter- I introductionDr.Florence Dayana
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
Steganography
Steganography Steganography
Steganography Uttam Jain
 
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)Intrusion Detection System(IDS)
Intrusion Detection System(IDS)shraddha_b
 

Recomendados

Key management
Key managementKey management
Key managementSujata Regoti
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Dr. Kapil Gupta
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notesgangadhar9989166446
 
Classical Encryption Techniques
Classical Encryption TechniquesClassical Encryption Techniques
Classical Encryption Techniquesuniversity of education,Lahore
 
Chapter- I introduction
Chapter- I introductionChapter- I introduction
Chapter- I introductionDr.Florence Dayana
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
Steganography
Steganography Steganography
Steganography Uttam Jain
 
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)Intrusion Detection System(IDS)
Intrusion Detection System(IDS)shraddha_b
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1RAMESHBABU311293
 
Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric keyTriad Square InfoSec
 
Legal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityLegal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityCarl Ceder
 
IP Security
IP SecurityIP Security
IP SecurityKeshab Nath
 
Chapter 5
Chapter 5Chapter 5
Chapter 5sivadnolram
 
Security services
Security servicesSecurity services
Security servicesGayan Geethanjana
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.pptZaheer720515
 
block ciphers
block ciphersblock ciphers
block ciphersAsad Ali
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Computer security overview
Computer security overviewComputer security overview
Computer security overviewCAS
 
Network attacks
Network attacksNetwork attacks
Network attacksManjushree Mashal
 
data hiding techniques.ppt
data hiding techniques.pptdata hiding techniques.ppt
data hiding techniques.pptMuzamil Amin
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanismspriya_trehan
 
Data Encryption Standard (DES)
Data Encryption Standard (DES)Data Encryption Standard (DES)
Data Encryption Standard (DES)Haris Ahmed
 
PPT steganography
PPT steganographyPPT steganography
PPT steganographyparvez Sharaf
 
Information security
Information securityInformation security
Information securityLJ PROJECTS
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
Internet Key Exchange Protocol
Internet Key Exchange ProtocolInternet Key Exchange Protocol
Internet Key Exchange ProtocolPrateek Singh Bapna
 
Iss lecture 1
Iss lecture 1Iss lecture 1
Iss lecture 1Ali Habeeb
 
Block cipher modes of operation
Block cipher modes of operation Block cipher modes of operation
Block cipher modes of operation harshit chavda
 

Más contenido relacionado

La actualidad más candente

CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1RAMESHBABU311293
 
Legal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityLegal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityCarl Ceder
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.pptZaheer720515
 
block ciphers
block ciphersblock ciphers
block ciphersAsad Ali
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Computer security overview
Computer security overviewComputer security overview
Computer security overviewCAS
 
data hiding techniques.ppt
data hiding techniques.pptdata hiding techniques.ppt
data hiding techniques.pptMuzamil Amin
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanismspriya_trehan
 
Data Encryption Standard (DES)
Data Encryption Standard (DES)Data Encryption Standard (DES)
Data Encryption Standard (DES)Haris Ahmed
 
Information security
Information securityInformation security
Information securityLJ PROJECTS
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 

La actualidad más candente (20)

CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
 
Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric key
 
Legal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityLegal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information Security
 
IP Security
IP SecurityIP Security
IP Security
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
Security services
Security servicesSecurity services
Security services
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.ppt
 
block ciphers
block ciphersblock ciphers
block ciphers
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
 
Network attacks
Network attacksNetwork attacks
Network attacks
 
data hiding techniques.ppt
data hiding techniques.pptdata hiding techniques.ppt
data hiding techniques.ppt
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanisms
 
Data Encryption Standard (DES)
Data Encryption Standard (DES)Data Encryption Standard (DES)
Data Encryption Standard (DES)
 
PPT steganography
PPT steganographyPPT steganography
PPT steganography
 
Information security
Information securityInformation security
Information security
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
 
Internet Key Exchange Protocol
Internet Key Exchange ProtocolInternet Key Exchange Protocol
Internet Key Exchange Protocol
 

Destacado

Block cipher modes of operation
Block cipher modes of operation Block cipher modes of operation
Block cipher modes of operation harshit chavda
 
Block Ciphers Modes of Operation
Block Ciphers Modes of OperationBlock Ciphers Modes of Operation
Block Ciphers Modes of OperationRoman Oliynykov
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocolsOnline
 
Classical Encryption Techniques in Network Security
Classical Encryption Techniques in Network SecurityClassical Encryption Techniques in Network Security
Classical Encryption Techniques in Network Securitybabak danyal
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Ali Raw
 

Destacado (9)

Iss lecture 1
Iss lecture 1Iss lecture 1
Iss lecture 1
 
Block cipher modes of operation
Block cipher modes of operation Block cipher modes of operation
Block cipher modes of operation
 
Block Ciphers Modes of Operation
Block Ciphers Modes of OperationBlock Ciphers Modes of Operation
Block Ciphers Modes of Operation
 
Block Ciphers Modes of Operation
Block Ciphers Modes of OperationBlock Ciphers Modes of Operation
Block Ciphers Modes of Operation
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
 
DES
DESDES
DES
 
Classical Encryption Techniques in Network Security
Classical Encryption Techniques in Network SecurityClassical Encryption Techniques in Network Security
Classical Encryption Techniques in Network Security
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
 

Similar a Iss lecture 5

Two-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanTwo-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanAsad Zaman
 
Eds user authenticationuser authentication methods
Eds user authenticationuser authentication methodsEds user authenticationuser authentication methods
Eds user authenticationuser authentication methodslapao2014
 
Network security
Network securityNetwork security
Network securityAli Kamil
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYDEEPAK948083
 
Basic Security Chapter 1
Basic Security Chapter 1Basic Security Chapter 1
Basic Security Chapter 1AfiqEfendy Zaen
 
Basic security concepts_chapter_1
Basic security concepts_chapter_1Basic security concepts_chapter_1
Basic security concepts_chapter_1abdifatah said
 
Network Security
Network SecurityNetwork Security
Network SecurityBeth Hall
 
Biometric Authentication Technology - Report
Biometric Authentication Technology - ReportBiometric Authentication Technology - Report
Biometric Authentication Technology - ReportNavin Kumar
 
CHAPTER 7 Authentication and Authorization On
CHAPTER 7 Authentication and Authorization OnCHAPTER 7 Authentication and Authorization On
CHAPTER 7 Authentication and Authorization OnMaximaSheffield592
 
Cryptograpy Exam
Cryptograpy ExamCryptograpy Exam
Cryptograpy ExamLisa Olive
 
You may be compliant, but are you really secure?
You may be compliant, but are you really secure?You may be compliant, but are you really secure?
You may be compliant, but are you really secure?Thomas Burg
 
You may be compliant...
You may be compliant...You may be compliant...
You may be compliant...Greg Swedosh
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_faHai Nguyen
 
Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)Ali Habeeb
 
Use GFA To Make Someone Fall In Love With You
Use GFA To Make Someone Fall In Love With YouUse GFA To Make Someone Fall In Love With You
Use GFA To Make Someone Fall In Love With YouCameronTait3
 

Similar a Iss lecture 5 (20)

Two-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanTwo-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _Zaman
 
Eds user authenticationuser authentication methods
Eds user authenticationuser authentication methodsEds user authenticationuser authentication methods
Eds user authenticationuser authentication methods
 
Network security
Network securityNetwork security
Network security
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
 
Basic Security Chapter 1
Basic Security Chapter 1Basic Security Chapter 1
Basic Security Chapter 1
 
Basic security concepts_chapter_1
Basic security concepts_chapter_1Basic security concepts_chapter_1
Basic security concepts_chapter_1
 
Network Security
Network SecurityNetwork Security
Network Security
 
Biometric Authentication Technology - Report
Biometric Authentication Technology - ReportBiometric Authentication Technology - Report
Biometric Authentication Technology - Report
 
CHAPTER 7 Authentication and Authorization On
CHAPTER 7 Authentication and Authorization OnCHAPTER 7 Authentication and Authorization On
CHAPTER 7 Authentication and Authorization On
 
Cryptograpy Exam
Cryptograpy ExamCryptograpy Exam
Cryptograpy Exam
 
120 i143
120 i143120 i143
120 i143
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
You may be compliant, but are you really secure?
You may be compliant, but are you really secure?You may be compliant, but are you really secure?
You may be compliant, but are you really secure?
 
You may be compliant...
You may be compliant...You may be compliant...
You may be compliant...
 
IS - User Authentication
IS - User AuthenticationIS - User Authentication
IS - User Authentication
 
What Is "Secure"?
What Is "Secure"?What Is "Secure"?
What Is "Secure"?
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_fa
 
C02
C02C02
C02
 
Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)
 
Use GFA To Make Someone Fall In Love With You
Use GFA To Make Someone Fall In Love With YouUse GFA To Make Someone Fall In Love With You
Use GFA To Make Someone Fall In Love With You
 

Más de Ali Habeeb

Anonymous Connections And Onion Routing
Anonymous Connections And Onion RoutingAnonymous Connections And Onion Routing
Anonymous Connections And Onion RoutingAli Habeeb
 
Opinion Mining
Opinion MiningOpinion Mining
Opinion MiningAli Habeeb
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAli Habeeb
 
Data-Centric Routing Protocols in Wireless Sensor Network: A survey
Data-Centric Routing Protocols in Wireless Sensor Network: A surveyData-Centric Routing Protocols in Wireless Sensor Network: A survey
Data-Centric Routing Protocols in Wireless Sensor Network: A surveyAli Habeeb
 
Secure erasure code based distributed storage system with secure data forwarding
Secure erasure code based distributed storage system with secure data forwardingSecure erasure code based distributed storage system with secure data forwarding
Secure erasure code based distributed storage system with secure data forwardingAli Habeeb
 
Organizing User Search Histories
Organizing User Search HistoriesOrganizing User Search Histories
Organizing User Search HistoriesAli Habeeb
 
Detecting and Resolving Firewall Policy Anomalies
Detecting and Resolving Firewall Policy AnomaliesDetecting and Resolving Firewall Policy Anomalies
Detecting and Resolving Firewall Policy AnomaliesAli Habeeb
 
Bit Torrent Protocol
Bit Torrent ProtocolBit Torrent Protocol
Bit Torrent ProtocolAli Habeeb
 
A study of Data Quality and Analytics
A study of Data Quality and AnalyticsA study of Data Quality and Analytics
A study of Data Quality and AnalyticsAli Habeeb
 
Adhoc and Sensor Networks - Chapter 10
Adhoc and Sensor Networks - Chapter 10Adhoc and Sensor Networks - Chapter 10
Adhoc and Sensor Networks - Chapter 10Ali Habeeb
 
Adhoc and Sensor Networks - Chapter 09
Adhoc and Sensor Networks - Chapter 09Adhoc and Sensor Networks - Chapter 09
Adhoc and Sensor Networks - Chapter 09Ali Habeeb
 
Adhoc and Sensor Networks - Chapter 08
Adhoc and Sensor Networks - Chapter 08Adhoc and Sensor Networks - Chapter 08
Adhoc and Sensor Networks - Chapter 08Ali Habeeb
 
Adhoc and Sensor Networks - Chapter 07
Adhoc and Sensor Networks - Chapter 07Adhoc and Sensor Networks - Chapter 07
Adhoc and Sensor Networks - Chapter 07Ali Habeeb
 
Adhoc and Sensor Networks - Chapter 06
Adhoc and Sensor Networks - Chapter 06Adhoc and Sensor Networks - Chapter 06
Adhoc and Sensor Networks - Chapter 06Ali Habeeb
 
Adhoc and Sensor Networks - Chapter 05
Adhoc and Sensor Networks - Chapter 05Adhoc and Sensor Networks - Chapter 05
Adhoc and Sensor Networks - Chapter 05Ali Habeeb
 
Adhoc and Sensor Networks - Chapter 04
Adhoc and Sensor Networks - Chapter 04Adhoc and Sensor Networks - Chapter 04
Adhoc and Sensor Networks - Chapter 04Ali Habeeb
 

Más de Ali Habeeb (20)

Anonymous Connections And Onion Routing
Anonymous Connections And Onion RoutingAnonymous Connections And Onion Routing
Anonymous Connections And Onion Routing
 
Opinion Mining
Opinion MiningOpinion Mining
Opinion Mining
 
WAP
WAPWAP
WAP
 
USB 3.0
USB 3.0USB 3.0
USB 3.0
 
Blue Eyes
Blue EyesBlue Eyes
Blue Eyes
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Data-Centric Routing Protocols in Wireless Sensor Network: A survey
Data-Centric Routing Protocols in Wireless Sensor Network: A surveyData-Centric Routing Protocols in Wireless Sensor Network: A survey
Data-Centric Routing Protocols in Wireless Sensor Network: A survey
 
Web Security
Web SecurityWeb Security
Web Security
 
Secure erasure code based distributed storage system with secure data forwarding
Secure erasure code based distributed storage system with secure data forwardingSecure erasure code based distributed storage system with secure data forwarding
Secure erasure code based distributed storage system with secure data forwarding
 
Organizing User Search Histories
Organizing User Search HistoriesOrganizing User Search Histories
Organizing User Search Histories
 
Detecting and Resolving Firewall Policy Anomalies
Detecting and Resolving Firewall Policy AnomaliesDetecting and Resolving Firewall Policy Anomalies
Detecting and Resolving Firewall Policy Anomalies
 
Bit Torrent Protocol
Bit Torrent ProtocolBit Torrent Protocol
Bit Torrent Protocol
 
A study of Data Quality and Analytics
A study of Data Quality and AnalyticsA study of Data Quality and Analytics
A study of Data Quality and Analytics
 
Adhoc and Sensor Networks - Chapter 10
Adhoc and Sensor Networks - Chapter 10Adhoc and Sensor Networks - Chapter 10
Adhoc and Sensor Networks - Chapter 10
 
Adhoc and Sensor Networks - Chapter 09
Adhoc and Sensor Networks - Chapter 09Adhoc and Sensor Networks - Chapter 09
Adhoc and Sensor Networks - Chapter 09
 
Adhoc and Sensor Networks - Chapter 08
Adhoc and Sensor Networks - Chapter 08Adhoc and Sensor Networks - Chapter 08
Adhoc and Sensor Networks - Chapter 08
 
Adhoc and Sensor Networks - Chapter 07
Adhoc and Sensor Networks - Chapter 07Adhoc and Sensor Networks - Chapter 07
Adhoc and Sensor Networks - Chapter 07
 
Adhoc and Sensor Networks - Chapter 06
Adhoc and Sensor Networks - Chapter 06Adhoc and Sensor Networks - Chapter 06
Adhoc and Sensor Networks - Chapter 06
 
Adhoc and Sensor Networks - Chapter 05
Adhoc and Sensor Networks - Chapter 05Adhoc and Sensor Networks - Chapter 05
Adhoc and Sensor Networks - Chapter 05
 
Adhoc and Sensor Networks - Chapter 04
Adhoc and Sensor Networks - Chapter 04Adhoc and Sensor Networks - Chapter 04
Adhoc and Sensor Networks - Chapter 04
 

Último

Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 

Último (20)

Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 

Iss lecture 5

  • 1. Information System SecurityInformation System Security Lecture 5Lecture 5 User Authentication andUser Authentication and Cryptographic Key InfrastructureCryptographic Key Infrastructure
  • 2. 22 OutlineOutline  Entity AuthenticationEntity Authentication  Entity Authentication FunctionsEntity Authentication Functions – Something you haveSomething you have – Something you areSomething you are – Something you knowSomething you know  PasswordsPasswords  OTPOTP  Challenge-ResponseChallenge-Response  Cryptographic Key InfrastructureCryptographic Key Infrastructure
  • 3. 33 1. Entity Authentication1. Entity Authentication  The aim of this lecture is to present some techniques that allowsThe aim of this lecture is to present some techniques that allows one party (theone party (the verifierverifier) to gain assurances that the identity of) to gain assurances that the identity of another (theanother (the claimantclaimant) is as declared, thereby preventing) is as declared, thereby preventing impersonation.impersonation.  These techniques are referred to asThese techniques are referred to as identificationidentification,, entityentity authenticationauthentication, and, and identity verificationidentity verification..  Entity authentication is the process whereby one party is assuredEntity authentication is the process whereby one party is assured of the identity of a second party involved in a protocol, and thatof the identity of a second party involved in a protocol, and that the second has actually participated.the second has actually participated.
  • 4. 44 Entity authentication: UsesEntity authentication: Uses 1.1. Access controlAccess control – An entity, often human user, must provide assurance of their identity inAn entity, often human user, must provide assurance of their identity in real time in order to have access to either physical or virtual resources.real time in order to have access to either physical or virtual resources. 1.1. As part of a more complex cryptographic process:As part of a more complex cryptographic process: – Typically established at the start of a connection: an entity must provideTypically established at the start of a connection: an entity must provide assurance of their identity in real time in order for the extended processassurance of their identity in real time in order for the extended process to complete satisfactorily.to complete satisfactorily. – For example, the process of establishing a symmetric key that two usersFor example, the process of establishing a symmetric key that two users can use to immediately communicate with one another commonlycan use to immediately communicate with one another commonly involves mutual entity authentication in order to provide the two usersinvolves mutual entity authentication in order to provide the two users with sufficient assurance that they have agreed a key with the “correct”with sufficient assurance that they have agreed a key with the “correct” person.person.
  • 5. 55 Entity authentication: TypesEntity authentication: Types  Types of entity authentication:Types of entity authentication: – Unilateral entity authentication is assurance of the identity of one entity to another (and not vice-versa).  Examples: – Online shopping – File downloading – Mutual entity authentication occurs if both communicating entities provide each other with assurance of their identity.  Examples:Examples: – Online BankingOnline Banking – E-learningE-learning
  • 6. 66 2. Entity Authentication Functions2. Entity Authentication Functions  The most common ways of providing entity authentication are by using (a combination of) the following: – Something that you have – Something that you are – Something that you know
  • 7. 77 Something you haveSomething you have  Dumb tokens:Dumb tokens: – Any physical device without a memory that can be used as a type ofAny physical device without a memory that can be used as a type of electronic key.electronic key. – Dumb tokens typically operate with a reader that extracts someDumb tokens typically operate with a reader that extracts some information from the token and then indicates whether the informationinformation from the token and then indicates whether the information authenticates the entity or not.authenticates the entity or not. – A good example of a dumb token is a plastic card with a magnetic stripe.A good example of a dumb token is a plastic card with a magnetic stripe. The security of the card is based entirely on the difficulty of extractingThe security of the card is based entirely on the difficulty of extracting the information from the magnetic stripe.the information from the magnetic stripe. – It is common to combine the use of a dumb token with another entityIt is common to combine the use of a dumb token with another entity authentication technique, such as one based on something you know.authentication technique, such as one based on something you know.
  • 8. 88 Something you haveSomething you have  Smart cards:Smart cards: – A plastic card that contains a chip, which gives the card a limited amountA plastic card that contains a chip, which gives the card a limited amount of memory and processing power.of memory and processing power. – A smart card can store secret data more securely, and can also engage inA smart card can store secret data more securely, and can also engage in cryptographic processes that require some computations to be performedcryptographic processes that require some computations to be performed (e.g. challenge/response).(e.g. challenge/response). – Smart cards have limited memory and processing power, thus restrictingSmart cards have limited memory and processing power, thus restricting the types of operation that they can comfortably perform.the types of operation that they can comfortably perform. – Smart cards are widely used in most countries for banking operations,Smart cards are widely used in most countries for banking operations, electronic ticketing applications, etc.electronic ticketing applications, etc.
  • 9. 99 Something you areSomething you are  BiometricsBiometrics – Techniques for human user authentication that are based on physicalTechniques for human user authentication that are based on physical characteristics of the human body.characteristics of the human body. – A biometric control typically converts a physical characteristic into aA biometric control typically converts a physical characteristic into a digital template that is stored on a database. When the user physicallydigital template that is stored on a database. When the user physically presents themselves for entity authentication, the physical characteristic ispresents themselves for entity authentication, the physical characteristic is measured by a reader, digitally encoded, and then compared with themeasured by a reader, digitally encoded, and then compared with the template.template.
  • 10. 1010 Something you areSomething you are  Biometric system modelBiometric system model Raw data Extracted features Template Authentication decision Data collection Signal processing Matching Storage Match score DecisionApplication
  • 11. 1111 Something you areSomething you are  BiometricsBiometrics – StaticStatic (unchanging) measurements include fingerprints, hand geometry,(unchanging) measurements include fingerprints, hand geometry, face recognition, retina scan.face recognition, retina scan. – DynamicDynamic (changing) measurements include handwriting measurements(changing) measurements include handwriting measurements and voice recognition.and voice recognition. – There are many implementation issues and as yet entity authentication isThere are many implementation issues and as yet entity authentication is not widely provided using these techniques.not widely provided using these techniques.
  • 12. 1212 Something you areSomething you are Optical fingerprint sensor [Fingerprint Identification Unit FIU-001/500 by Sony] Fingerprints
  • 13. 1313 Something you knowSomething you know  Passwords: – Passwords are probably the most popular technique for providing entity authentication, despite concerns about how secure they actually are.  A password may be a sequence of charactersA password may be a sequence of characters – Examples: 10 digits, a string of letters,Examples: 10 digits, a string of letters, etcetc.. – Generated randomly, by user, by computer with user inputGenerated randomly, by user, by computer with user input  A password may be a sequence of wordsA password may be a sequence of words – Examples: pass-phrasesExamples: pass-phrases – AA pass-phrasepass-phrase is a sequence of characters that it is too long to be ais a sequence of characters that it is too long to be a password and it is thus turned into a shorter virtual password by thepassword and it is thus turned into a shorter virtual password by the password systempassword system  AlgorithmsAlgorithms – Examples: one-time passwords, challenge-response.Examples: one-time passwords, challenge-response.
  • 14. 1414 Password storagePassword storage  Passwords stored in plaintext filesPasswords stored in plaintext files – If password file compromised, all passwords are revealedIf password file compromised, all passwords are revealed – Usually password files are read- and write- protectedUsually password files are read- and write- protected  Passwords stored in encrypted filePasswords stored in encrypted file – Encrypted/hashed versions of passwords are stored in a password fileEncrypted/hashed versions of passwords are stored in a password file  Examples:Examples: – A Windows password is stored as a MD4 hash value.A Windows password is stored as a MD4 hash value. – A Unix password is stored as a Unix DES Encryption.A Unix password is stored as a Unix DES Encryption.
  • 15. 1515 Unix PasswordUnix Password  Example: Original UnixExample: Original Unix – A password is up to eight charactersA password is up to eight characters – The password is truncated to its first 8 ASCII characters, forming theThe password is truncated to its first 8 ASCII characters, forming the Unix DES keyUnix DES key – The key is used to encrypt the 64-bit constant 0.The key is used to encrypt the 64-bit constant 0. – The Unix DES is a variation of the standard DES.The Unix DES is a variation of the standard DES.  A 12-bitA 12-bit saltsalt is used to modify the expansion function in DES,is used to modify the expansion function in DES,  Then DES is iterated 25 timesThen DES is iterated 25 times – Thus the UNIX password is referred to asThus the UNIX password is referred to as salted passwordsalted password – Unix passwords are stored in fileUnix passwords are stored in file /etc/passwd/etc/passwd
  • 16. 1616 Attack on passwordsAttack on passwords  Replay of passwordsReplay of passwords – Specially when passwords are transmitted in cleartextSpecially when passwords are transmitted in cleartext  Exhaustive password searchExhaustive password search – Trying all possible passwordsTrying all possible passwords  Dictionary attackDictionary attack – Most users select passwords from a small subset of the password spaceMost users select passwords from a small subset of the password space (e.g., short passwords, dictionary words, proper names)(e.g., short passwords, dictionary words, proper names) – Dictionary attack: the attacker tries all possible words, found in anDictionary attack: the attacker tries all possible words, found in an available or on-line listavailable or on-line list
  • 17. 1717 Password selectionPassword selection  Problem: people pick easy to guess passwordsProblem: people pick easy to guess passwords – Based on account names, user names, computer names, place namesBased on account names, user names, computer names, place names – Too short, digits only, letters onlyToo short, digits only, letters only – License plates, acronyms, social security numbersLicense plates, acronyms, social security numbers – Personal characteristics (nicknames, job characteristics,Personal characteristics (nicknames, job characteristics, etcetc.).)  Good passwords can be constructed in several waysGood passwords can be constructed in several ways – Example: A password containing at least one digit, one letter, oneExample: A password containing at least one digit, one letter, one punctuation symbol, and one control character is usually a strongpunctuation symbol, and one control character is usually a strong passwordpassword
  • 18. 1818 One-Time PasswordsOne-Time Passwords  Problem with fixed passwords:Problem with fixed passwords: – If an attacker sees a password, he/she can laterIf an attacker sees a password, he/she can later replayreplay the passwordthe password  A partial solution: one-time passwordsA partial solution: one-time passwords – Password that can be used exactlyPassword that can be used exactly onceonce – After use, it is immediately invalidatedAfter use, it is immediately invalidated  ProblemsProblems – Synchronization of user and systemSynchronization of user and system – Generation of good random passwordsGeneration of good random passwords – Password distribution problemPassword distribution problem
  • 19. 1919 Challenge-ResponseChallenge-Response (Strong authentication)(Strong authentication)  Another alternative is to authenticate in such a way that theAnother alternative is to authenticate in such a way that the transmitted password changes each timetransmitted password changes each time  Let a userLet a user uu wishing to authenticate himself to a systemwishing to authenticate himself to a system SS. Let. Let uu andand SS have an agreed-on secret functionhave an agreed-on secret function ff. A. A challenge-responsechallenge-response authentication system is one in whichauthentication system is one in which SS sends a random messagesends a random message mm (the(the challengechallenge) to) to uu, and, and uu replies with the transformationreplies with the transformation rr == ff((mm) (the) (the responseresponse).). SS then validatesthen validates rr by computing itby computing it separately.separately.  TheThe challengechallenge may be a nonce, timestamp, sequence number, ormay be a nonce, timestamp, sequence number, or any combination.any combination.
  • 20. 2020 Challenge-ResponseChallenge-Response ((by symmetric-key techniques)  The user and system share a secret function f (in practice, f can be a known function with unknown parameters, such as a cryptographic key).  This called challenge-response by symmetric-key techniques. user system request to authenticate user system random message r (the challenge) user system f(r) (the response)
  • 21. 2121 Challenge-ResponseChallenge-Response (by public-key techniques)(by public-key techniques)  AA identifiesidentifies BB by checking whetherby checking whether BB holds the secret (private)holds the secret (private) keykey KRKRBB that matches the public keythat matches the public key KUKUBB  AA chooses a random challenge (nonce)chooses a random challenge (nonce) rrAA.. BB uses its randomuses its random noncenonce rrBB.. BB applies its public-key system for authenticationapplies its public-key system for authentication  Message sequence:Message sequence: 1.1. A → BA → B:: rrAA.. 2.2. B → AB → A:: rrBB,, EEKRKRBB (( rrAA,r,rBB))
  • 23. 2323 Cryptographic Key InfrastructureCryptographic Key Infrastructure  Goal: bind identity to keyGoal: bind identity to key  Symmetric Cryptography:Symmetric Cryptography: – Not possible as all keys are sharedNot possible as all keys are shared  Public key Cryptography:Public key Cryptography: – Bind identity to public keyBind identity to public key – Crucial as people will use key to communicate with principal whoseCrucial as people will use key to communicate with principal whose identity is bound to keyidentity is bound to key – Erroneous binding means no secrecy between principalsErroneous binding means no secrecy between principals – Assume principal identified by an acceptable nameAssume principal identified by an acceptable name
  • 24. 2424 CertificatesCertificates  A certificate is a token (message) containingA certificate is a token (message) containing – Identity of principal (e.g., Alice)Identity of principal (e.g., Alice) – Corresponding public keyCorresponding public key – Timestamp (when issued)Timestamp (when issued) – Other information (perhaps identity of signer)Other information (perhaps identity of signer) – Signature of a trusted authority (e.g., Cathy)Signature of a trusted authority (e.g., Cathy) CCAA == DDkvkv((KKpp || Alice |||| Alice || TT )) DDkvkv is Cathy’s private keyis Cathy’s private key CCAA is A’s certificateis A’s certificate
  • 25. 2525 Certificate UseCertificate Use  Bob gets Alice’s certificateBob gets Alice’s certificate – If he knows Cathy’s public key, he can validate the certificateIf he knows Cathy’s public key, he can validate the certificate  When was certificate issued?When was certificate issued?  Is the principal Alice?Is the principal Alice? – Now Bob has Alice’s public keyNow Bob has Alice’s public key  Problem:Problem: – Bob needs Cathy’s public key to validateBob needs Cathy’s public key to validate AliceAlice’s certificate’s certificate – Many solutions:Many solutions:  Public Key Infrastructure (PKI),Public Key Infrastructure (PKI),  Trust-based certificatesTrust-based certificates
  • 26. 2626 X.509 certificateX.509 certificate  Key certificate fields in X.509v3:Key certificate fields in X.509v3: – VersionVersion – Serial number (unique)Serial number (unique) – Signature algorithm identifier: hash algorithmSignature algorithm identifier: hash algorithm – Issuer’s name; uniquely identifies issuerIssuer’s name; uniquely identifies issuer – Interval of validityInterval of validity – Subject’s name; uniquely identifies subjectSubject’s name; uniquely identifies subject – Subject’s public keySubject’s public key – Signature:Signature:  Identifies algorithm used to sign the certificateIdentifies algorithm used to sign the certificate  Signature (enciphered hash)Signature (enciphered hash)  Issuer is called Certificate Authority (CA)Issuer is called Certificate Authority (CA)