Professional Documents
Culture Documents
05-CH03-CompSec2e-ver02 User Authentication PDF
05-CH03-CompSec2e-ver02 User Authentication PDF
and Cryptography
Basics of Information Security
Professor dr.sc.ing. Viktor Gopejenko
Department of Computer Technologies and Natural Sciences
ISMA University of Applied Science, Riga, Latvia
Lecture 5
User Authentication
Learning Objectives
Discussion the issues involved and the approaches for remote user
authentication
Means of Authentication
Password-Based Authentication
Token-Based Authentication
Biometric Authentication
• password,
PIN, answers • smartcard, • fingerprint,
to electronic retina, face • voice pattern,
prearranged keycard, handwriting,
questions physical key typing rhythm
Password Authentication
offline password
guessing workstation electronic
dictionary against hijacking monitoring
attack single user
exploiting
specific popular exploiting
multiple
account password user
password
attack attack mistakes
use
Countermeasures
recommended hash
function is based on
MD5
• salt of up to 48-bits
• password length is unlimited
• produces 128-bit hash
• uses an inner loop with 1000
iterations to achieve slowdown
Password Cracking
dictionary attacks
develop a large dictionary of possible passwords and try each
against the password file
each password must be hashed using each salt value and then
compared to stored hash values
Passwords
Cracked from a
Sample Set of
13,797
Accounts
make
available
only to
vulnerabilities
privileged
users
system periodically runs its own password cracker to find guessable passwords
user is allowed to select their own password, however the system goal is to eliminate guessable passwords while allowing the user to
checks to see if the password is allowable, and if not, rejects it select a password that is memorable
Proactive Password Checking
Bloom filter
•used to build a table
based on dictionary
using hashes
•check desired
password against this
table
Table 3.3
Types of Cards Used as Tokens
Memory Cards
can store but do not process data
interface:
manual interfaces include a keypad and display for interaction
electronic interfaces communicate with a compatible
reader/writer
authentication protocol:
classified into three categories: static, dynamic password
generator and challenge-response
Figure 3.3
Smart Card Dimensions
Communication
Initialization
between
a Smart Card and
a Reader
Operation of a
Biometric System
Potential Attacks,
Susceptible
Authenticators,
and Typical
Defenses
eavesdropping
adversary attempts to
learn the password by
some sort of attack that
involves the physical host attacks
denial-of-service proximity of user and
adversary directed at the user file
attempts to disable a at the host where
user authentication passwords, token
service by flooding the passcodes, or biometric
service with numerous templates are stored
authentication attempts