SlideShare uma empresa Scribd logo

Authentication techniques

IGZ Software house
IGZ Software house

Authentication techniques

Educação
1 de 33
Baixar para ler offline
CS-312 Network Security – Authentication Techniques
2 Basic Problem ? How do you prove to someone that you are who you claim to be? Any system with access control must solve this problem
3 Authentication • Authentication can be defined as determining an identity to the required level of assurance • Authentication is the first step in any cryptographic solution – Because unless we know who is communicating, there is no point in encryption what is being communicated
4 Authentication •Authentication is any process by which a system verifies the identity of a user who wishes to access it •Authentication may be implemented using Credentials, each of which is composed of a User ID and Password. Alternately, Authentication may be implemented with Smart Cards, an Authentication Server or even a Public Key Infrastructure
5 Many Ways to Prove Who You Are • What you know – Passwords/Secret key • Where you are – IP address • What you are – Biometrics (e.g. fingerprint) • What you have – Secure tokens/smart card/ ATM card
6 Passwords • A password is a string of alphabets, numbers and special characters, which is supposed to be known only to the entity (usually person) that is being authenticated • Password Based Authentication – Clear Text Passwords Simplest Password based Authentication Mechanism • How it works? – Prompt for user ID and Password – User enters user ID and Password – User ID and Password Validation – Authentication Result – Inform user accordingly
7 Password Based Authentication user server Login Request: ID, Password Authentication Results: Accept/Reject Server get the ID and password verified from the User Database and informs the user accordingly User sends the Password in clear text User Authentication using Clear Text Password • Clear Text Passwords are being sent from Client to Server. • User Database stores Passwords in Clear Text Format
8 Passwords Based Authentication • Problems with Clear Text Passwords – Database contains Passwords in clear text • It is advised that password should not be stored in clear text in databases • Instead the passwords should be stored in encrypted form in database – Password travel in clear text from user’s computer to the server • If the attacker breaks into the communication link, he can easily obtain the clear text password
9 Password Based Authentication • Something Derived from Password – Message Digests of the Passwords • Storing Message Digests as derived passwords in the user database • User Authentication – When a user need to be authenticated, the user enters the ID and Password. – User’s computer computes the message digest of the password – User’s computer sends the user ID and computed Message Digest to the server for authentication
10 Password Based Authentication user server Login Request: ID, H(Password) Authentication Results: Accept/Reject Server verifies from the User Database the user ID and its corresponding Message Digest and informs the user accordingly User’s computer computes the message digest of the password after the user enters it on the screen It then sends the User ID and MD to the server In the User DB, the copy of User ID and MD derived from user password is stored • H(Password) = Message Digest Derived from the User Password User Authentication Involving Message Digests of the Password
11 Passwords Based Authentication • Problems with the Message Digests of the Passwords – An Attacker cannot compute the original password back from the message digest of the password – But he can simply copy the User ID and the corresponding Message Digest of the password, and submit them after some time to the same server as a part of the new login request. – The server has no way of knowing that this login attempt is not from a legitimate user, but actually an attacker. – This is called as REPLAY ATTACK, because the attacker simply replays the sequence of the actions of a normal user
12 Passwords Based Authentication • Adding Randomness – To improve the security and to detect a replay attack we need to add a bit of unpredictability or randomness to the earlier schemes – This will ensure that the replay attack is foiled – Steps 1. Storing Message Digests as derived passwords in the user database – User Ids and corresponding MDs are stored in user Database with the server 2. User sends a login request – Containing only user ID
13 Passwords Based Authentication • Adding Randomness … (cont) – Steps… 3. Server Creates a random Challenge – Server first verifies the validity of user ID – Then it sends a random challenge (a random number) to the user – Random challenge travels as plain text from server to user computer 4. User Signs the Random Challenge with the Message Digest of the Password – User Computer’s computes the Message Digest (MD) of its password – User Computer’s Encrypts the Random Challenge by using MD of the Password. (symmetric key encryption) – User Computer’s sends the random challenge, which is encrypted with the message digest of the password to the server .
14 Passwords Based Authentication • Adding Randomness … (cont) – Steps… 5. Server Verifies the Encrypted Random Challenge from the user • Server can do the verification in two ways • Either decrypting the Random Challenge and comparing the challenge values. • Or it can encrypt the Random Challenge by the MD of the password and compare the two encrypted entities 6. Server returns an appropriate message back to the user Note: The Random Challenge value is different every time. Therefore the random challenge encrypted with the MD of password would also be different. Therefore replay attacks can easy be detected
15 Password Based Authentication serveruser Random Challenge Verify that this ID exits in the DB Server creates a random challenge and sends it to the user User sends the User ID Login Request: User ID In the User DB, the copy of User ID and MD derived from user password is stored User’s Computer encrypts the random challenge received from the server using its MD derived from its password. User sends the Encrypted Random Challenge Authentication Results: Accept/Reject Encrypted Random Challenge Server verifies the encrypted random challenge and returns an appropriate message to user Adding Randomness in Password Based Authentication
16 Problems with the Passwords • Typically an organization has a number of applications, networks, shared resources an intranets – These applications may have varying needs of security measures, each resource may demands its own user name and password – In that case end users/network administrators have to keep a large number of user ids and passwords to be used with different applications • Password Maintenance is a very big concern for system administrations • Organizations specify Password Policies • There exit other authentication mechanisms as well besides Password based authentication
17 Authentication Tokens • It is an extremely useful alternative to a password • These small devices are usually of the size of a small key chain • Usually an authentication Token has the following features – Processor – LCD for displaying outputs – Battery – Optionally a small keypad for entering information – Optionally a real-time clock • Each Authentication Token is pre-programmed with a unique number called as a random seed or just seed • The seed value forms the basis for ensuring the uniqueness of the output produced by the token
18 Authentication Token • Step Involved in Authentication Token 1. Creation of a Token – Created by the Authentication servers that are designed to use with authentication tokens – A unique value i.e. a seed is automatically placed or pre-programmed inside each token by the server – Server also keeps a copy of the seed against the user ID in the user database – Seed can be conceptually considered as a user password – Difference is that the user password is known to the user, seed value remains unknown to the user 2. Use of the Token – An Authentication Token automatically generates pseudorandom numbers called one-time passwords. – One time passwords are generated randomly by authentication tokens using seed value
19 Authentication Token … (cont) – When a user wants to be authenticated by any server, the user will get a screen to enter user ID and the latest one- time password – The users enters its ID and gets is latest one-time password from the authentication token – The user ID and password travels to the server as a part of the login request – Server verifies using some mechanism that this one-time password is created using the valid seed value
20 Authentication Token serveruser User possesses an Authentication Token with a pre- programmed seed in it Login Request: ID, One-Time Password In the User DB, the copy of User ID and Seed value is stored. Using the Authentication Token, User calculates his one- Time password based on seed value Authentication Results: Accept/Reject User sends the ID and one-time password as login request Server validates the ID, and one-time password using the stored seed value from user DB Server sends an appropriate message back to the user Authentication Tokens
21 Multifactor Authentication • What if the Authentication Token device gets stolen – PIN numbers are used to generate a one-time passwords with the authentication token devices • Multifactor Authentication – What you know • Passwords/Secret key – What you are • Biometrics (e.g. fingerprint) – What you have • Secure tokens/smart card/ ATM card
22 Authentication Tokens • Password is a 1-factor authentication – It is something you know • Authentication Token are 2-factor authentication – You must have something • The authentication token itself – You must know something • PIN to protect it
23 Certificate Based Authentication • This is based on the Digital Certificates of the user • In PKI, the digital certificates are used for secure digital transactions. • The digital certificates in PKI can also be re-used for user authentication as well • This is a stronger mechanism as compared to password based authentication – Issue • Misuse of someone else’s certificate • To tackle such issues, certificate based authentication is also made 2 factor process (have something and know something)
24 Certificate Based Authentication • How does Certificate Based Authentication works? 1. Creation, Storage and Distribution of Digital Certificates – Certificates are created by CA, sent to user as well as a copy to the server, where we have to implement certificate based authentication 2. Login Request – User sends its ID only 3. Server Creates a Random Challenge – User ID validity is checked – Sends random challenge in plain text to user
25 Certificate Based Authentication • How does Certificate Based Authentication works? … (Cont) 4. User Signs the Random Challenge – User signs the random challenge received from Server by using its Private Key – User’s private key is stored in a file in user computer – To access its private key file, user has to give a correct password – User sends the signed random challenge to the server 5. Server returns an appropriate message back to the user
26 Certificate Based Authentication serveruser Random Challenge Verify that this ID exits in the DB Server creates a random challenge and sends it to the user User sends the User ID Login Request: User ID In the User DB, the Digital Certificate of User is stored that contains ID and Public key of userUser’s Computer encrypts the random challenge received from the server using user’s Private Key User sends the Encrypted Random Challenge Authentication Results: Accept/Reject Encrypted Random Challenge Server verifies the encrypted random challenge and returns an appropriate message to user Certificate Based Authentication
27 Use of Smart Cards • The use of Smart Cards is related to Certificate Based Authentication • This is because the smart cards allows the generation of public-private key pairs within the card • They also support the storage of digital certificates within the card • The private key always remain in the smart card in a secure fashion • The public key and the certificate is exposed outside • Also the smart cards are capable of performing cryptographic functions such as encryption, decryption, message digest creation and signing within the card – Thus during the certificate based authentication, the signing of random challenge sent by the server can be performed inside the card
28 Smart Cards • Portable – Have its own pros and cons • Must be used to perform selective cryptographic mechanisms – Such approaches must be used to first generate the message digest of large document say 10MB of size by some software (inside the computer), and then use the smart card to digitally sign the created message digest
29 Problems and issues in Smart Cards • Lack of standardization and inter-operability between smart cards vendors • Smart card reader are not yet a part of a desktop computer like hard disk drive or floppy drives • Non-availability of smart card reader driver software • Non-availability of smart card aware cryptographic service software • Cost of smart cards and card reader is high
30 Biometric Authentication • A biometric device works on the basis of some human characteristics, such as fingerprints, voice or the pattern of lines in the iris of your eye • The user database contains a sample of user’s biometric characteristics • During the authentication, the user is required to provide another sample of the users’ biometric characteristic. • This is matched with the one in the database, and if the two samples are same, the user is considered to be a valid one. • The samples produced during every authentication process can vary slightly. (e.g. cuts on the finger) • An approximate match can be acceptable
31 Biometric Authentication • Any Biometric Authentication System defines two configurable parameters: – False Accept Ratio (FAR) • It is a measurement of the chance that a user who should be rejected is actually accepted by a system as good enough – False Reject Ratio (FRR) • It is a measurement of the chance that a user who should be accepted as valid is actually rejected by a system as not good enough • Thus FAR and FRR are exactly opposite to each other
32 Best Authentication Solution • The best authentication solution may be considered as a combination of the password/PIN, a smart card and biometrics. • It covers all the three key aspects related to authentication – Who you are, – What you have, – What you know • However this can turn out to be an extremely complex system to build
33 References • Network Security A Beginner’s Guide – By Eric Maiwald • Network Security first-step – By Tom Thomas • Designing Network Security – By Cisco Press • Cryptography and Network Security – 3rd Edition, by William Stallings • Mastering Network Secuity – By Chris Brenton and Cameron Hunt • Network Security – By Atul Kahate

Recomendados

Types of attacks
Types of attacksTypes of attacks
Types of attacksVivek Gandhi
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.pptZaheer720515
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Kerberos
KerberosKerberos
KerberosSutanu Paul
 
Authentication methods
Authentication methodsAuthentication methods
Authentication methodssana mateen
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptkusum sharma
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric keyTriad Square InfoSec
 

Recomendados

Types of attacks
Types of attacksTypes of attacks
Types of attacksVivek Gandhi
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.pptZaheer720515
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Kerberos
KerberosKerberos
KerberosSutanu Paul
 
Authentication methods
Authentication methodsAuthentication methods
Authentication methodssana mateen
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptkusum sharma
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric keyTriad Square InfoSec
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPSSantosh Khadsare
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail securityDr.Florence Dayana
 
Email security
Email securityEmail security
Email securityIndrajit Sreemany
 
Web Security
Web SecurityWeb Security
Web SecurityDr.Florence Dayana
 
Data Encryption Standard (DES)
Data Encryption Standard (DES)Data Encryption Standard (DES)
Data Encryption Standard (DES)Haris Ahmed
 
Block Cipher and its Design Principles
Block Cipher and its Design PrinciplesBlock Cipher and its Design Principles
Block Cipher and its Design PrinciplesSHUBHA CHATURVEDI
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
Key management
Key managementKey management
Key managementSujata Regoti
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesDr.Florence Dayana
 
Information Security
Information SecurityInformation Security
Information SecurityDhilsath Fathima
 
Network Security
Network SecurityNetwork Security
Network SecurityMAJU
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanismsRajapriya82
 
Hash Function
Hash FunctionHash Function
Hash FunctionSiddharth Srivastava
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructurevimal kumar
 
Encryption algorithms
Encryption algorithmsEncryption algorithms
Encryption algorithmstrilokchandra prakash
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Cryptography and Information Security
Cryptography and Information SecurityCryptography and Information Security
Cryptography and Information SecurityDr Naim R Kidwai
 
Email security
Email securityEmail security
Email securityBaliram Yadav
 
cryptographydiksha.pptx
cryptographydiksha.pptxcryptographydiksha.pptx
cryptographydiksha.pptxDIKSHABORKAR8
 
Secure electronic transaction
Secure electronic transactionSecure electronic transaction
Secure electronic transactionNishant Pahad
 

Mais conteúdo relacionado

Mais procurados

Data Encryption Standard (DES)
Data Encryption Standard (DES)Data Encryption Standard (DES)
Data Encryption Standard (DES)Haris Ahmed
 
Block Cipher and its Design Principles
Block Cipher and its Design PrinciplesBlock Cipher and its Design Principles
Block Cipher and its Design PrinciplesSHUBHA CHATURVEDI
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesDr.Florence Dayana
 
Network Security
Network SecurityNetwork Security
Network SecurityMAJU
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanismsRajapriya82
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructurevimal kumar
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Cryptography and Information Security
Cryptography and Information SecurityCryptography and Information Security
Cryptography and Information SecurityDr Naim R Kidwai
 

Mais procurados (20)

IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail security
 
Email security
Email securityEmail security
Email security
 
Web Security
Web SecurityWeb Security
Web Security
 
Data Encryption Standard (DES)
Data Encryption Standard (DES)Data Encryption Standard (DES)
Data Encryption Standard (DES)
 
Block Cipher and its Design Principles
Block Cipher and its Design PrinciplesBlock Cipher and its Design Principles
Block Cipher and its Design Principles
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacy
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
 
Key management
Key managementKey management
Key management
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniques
 
Information Security
Information SecurityInformation Security
Information Security
 
Network Security
Network SecurityNetwork Security
Network Security
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanisms
 
Hash Function
Hash FunctionHash Function
Hash Function
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
 
Encryption algorithms
Encryption algorithmsEncryption algorithms
Encryption algorithms
 
Cia security model
Cia security modelCia security model
Cia security model
 
Cryptography and Information Security
Cryptography and Information SecurityCryptography and Information Security
Cryptography and Information Security
 
Email security
Email securityEmail security
Email security
 

Semelhante a Authentication techniques

cryptographydiksha.pptx
cryptographydiksha.pptxcryptographydiksha.pptx
cryptographydiksha.pptxDIKSHABORKAR8
 
Secure electronic transaction
Secure electronic transactionSecure electronic transaction
Secure electronic transactionNishant Pahad
 
InfoSecurity Europe 2015 - Identities Exposed by David Johansson
InfoSecurity Europe 2015 - Identities Exposed by David JohanssonInfoSecurity Europe 2015 - Identities Exposed by David Johansson
InfoSecurity Europe 2015 - Identities Exposed by David JohanssonDavid Johansson
 
Class 8 -Authentication Controls.pptx
Class 8 -Authentication Controls.pptxClass 8 -Authentication Controls.pptx
Class 8 -Authentication Controls.pptxMadhusha15
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
User expert forum user-id
User expert forum user-idUser expert forum user-id
User expert forum user-idAlberto Rivai
 
Mrx security
Mrx securityMrx security
Mrx securitydavidjd
 
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"..."Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"...PROIDEA
 
Secured REST Microservices with Spring Cloud
Secured REST Microservices with Spring CloudSecured REST Microservices with Spring Cloud
Secured REST Microservices with Spring CloudOrkhan Gasimov
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Y U No OAuth, Using Common Patterns to Secure Your Web Applications
Y U No OAuth, Using Common Patterns to Secure Your Web ApplicationsY U No OAuth, Using Common Patterns to Secure Your Web Applications
Y U No OAuth, Using Common Patterns to Secure Your Web ApplicationsJason Robert
 
Information and network security 47 authentication applications
Information and network security 47 authentication applicationsInformation and network security 47 authentication applications
Information and network security 47 authentication applicationsVaibhav Khanna
 

Semelhante a Authentication techniques (20)

cryptographydiksha.pptx
cryptographydiksha.pptxcryptographydiksha.pptx
cryptographydiksha.pptx
 
Secure electronic transaction
Secure electronic transactionSecure electronic transaction
Secure electronic transaction
 
InfoSecurity Europe 2015 - Identities Exposed by David Johansson
InfoSecurity Europe 2015 - Identities Exposed by David JohanssonInfoSecurity Europe 2015 - Identities Exposed by David Johansson
InfoSecurity Europe 2015 - Identities Exposed by David Johansson
 
Unit 5
Unit 5Unit 5
Unit 5
 
Web security
Web securityWeb security
Web security
 
authentication.ppt
authentication.pptauthentication.ppt
authentication.ppt
 
Class 8 -Authentication Controls.pptx
Class 8 -Authentication Controls.pptxClass 8 -Authentication Controls.pptx
Class 8 -Authentication Controls.pptx
 
Presentation
PresentationPresentation
Presentation
 
E-Business security
E-Business security E-Business security
E-Business security
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
 
User expert forum user-id
User expert forum user-idUser expert forum user-id
User expert forum user-id
 
Mrx security
Mrx securityMrx security
Mrx security
 
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"..."Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
 
Y U No OAuth?!?
Y U No OAuth?!?Y U No OAuth?!?
Y U No OAuth?!?
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
 
Secured REST Microservices with Spring Cloud
Secured REST Microservices with Spring CloudSecured REST Microservices with Spring Cloud
Secured REST Microservices with Spring Cloud
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
 
Y U No OAuth, Using Common Patterns to Secure Your Web Applications
Y U No OAuth, Using Common Patterns to Secure Your Web ApplicationsY U No OAuth, Using Common Patterns to Secure Your Web Applications
Y U No OAuth, Using Common Patterns to Secure Your Web Applications
 
Information and network security 47 authentication applications
Information and network security 47 authentication applicationsInformation and network security 47 authentication applications
Information and network security 47 authentication applications
 
Securing Online Card Transactions
Securing Online Card TransactionsSecuring Online Card Transactions
Securing Online Card Transactions
 

Mais de IGZ Software house

Group policy management window server 2008r2
Group policy management window server 2008r2Group policy management window server 2008r2
Group policy management window server 2008r2IGZ Software house
 
Active directory domain services
Active directory domain servicesActive directory domain services
Active directory domain servicesIGZ Software house
 
17 roles of window server 2008 r2
17 roles of window server 2008 r217 roles of window server 2008 r2
17 roles of window server 2008 r2IGZ Software house
 

Mais de IGZ Software house (20)

Window server 2008
Window server 2008Window server 2008
Window server 2008
 
Types of server
Types of serverTypes of server
Types of server
 
Types of network
Types of networkTypes of network
Types of network
 
Ip address and subnetting
Ip address and subnettingIp address and subnetting
Ip address and subnetting
 
Group policy management window server 2008r2
Group policy management window server 2008r2Group policy management window server 2008r2
Group policy management window server 2008r2
 
FSMO
FSMO FSMO
FSMO
 
Active directory domain services
Active directory domain servicesActive directory domain services
Active directory domain services
 
17 roles of window server 2008 r2
17 roles of window server 2008 r217 roles of window server 2008 r2
17 roles of window server 2008 r2
 
Raid and its levels
Raid and its levelsRaid and its levels
Raid and its levels
 
Introduction Network security
Introduction Network securityIntroduction Network security
Introduction Network security
 
Firewalls
FirewallsFirewalls
Firewalls
 
Encryption
EncryptionEncryption
Encryption
 
Cryptography
CryptographyCryptography
Cryptography
 
X86 Architecture
X86 Architecture X86 Architecture
X86 Architecture
 
Window architecture
Window architecture Window architecture
Window architecture
 
What is-32-bit-and-64-bit
What is-32-bit-and-64-bitWhat is-32-bit-and-64-bit
What is-32-bit-and-64-bit
 
Virtual machine
Virtual machineVirtual machine
Virtual machine
 
Compiler
Compiler Compiler
Compiler
 
Interpreter
InterpreterInterpreter
Interpreter
 
Competitor analaysis
Competitor analaysisCompetitor analaysis
Competitor analaysis
 

Último

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...Nguyen Thanh Tu Collection
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Shubhangi Sonawane
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesCeline George
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibitjbellavia9
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxnegromaestrong
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfChris Hunter
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701bronxfugly43
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPoojaSen20
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 

Último (20)

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Asian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptxAsian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 

Authentication techniques

  • 2. 2 Basic Problem ? How do you prove to someone that you are who you claim to be? Any system with access control must solve this problem
  • 3. 3 Authentication • Authentication can be defined as determining an identity to the required level of assurance • Authentication is the first step in any cryptographic solution – Because unless we know who is communicating, there is no point in encryption what is being communicated
  • 4. 4 Authentication •Authentication is any process by which a system verifies the identity of a user who wishes to access it •Authentication may be implemented using Credentials, each of which is composed of a User ID and Password. Alternately, Authentication may be implemented with Smart Cards, an Authentication Server or even a Public Key Infrastructure
  • 5. 5 Many Ways to Prove Who You Are • What you know – Passwords/Secret key • Where you are – IP address • What you are – Biometrics (e.g. fingerprint) • What you have – Secure tokens/smart card/ ATM card
  • 6. 6 Passwords • A password is a string of alphabets, numbers and special characters, which is supposed to be known only to the entity (usually person) that is being authenticated • Password Based Authentication – Clear Text Passwords Simplest Password based Authentication Mechanism • How it works? – Prompt for user ID and Password – User enters user ID and Password – User ID and Password Validation – Authentication Result – Inform user accordingly
  • 7. 7 Password Based Authentication user server Login Request: ID, Password Authentication Results: Accept/Reject Server get the ID and password verified from the User Database and informs the user accordingly User sends the Password in clear text User Authentication using Clear Text Password • Clear Text Passwords are being sent from Client to Server. • User Database stores Passwords in Clear Text Format
  • 8. 8 Passwords Based Authentication • Problems with Clear Text Passwords – Database contains Passwords in clear text • It is advised that password should not be stored in clear text in databases • Instead the passwords should be stored in encrypted form in database – Password travel in clear text from user’s computer to the server • If the attacker breaks into the communication link, he can easily obtain the clear text password
  • 9. 9 Password Based Authentication • Something Derived from Password – Message Digests of the Passwords • Storing Message Digests as derived passwords in the user database • User Authentication – When a user need to be authenticated, the user enters the ID and Password. – User’s computer computes the message digest of the password – User’s computer sends the user ID and computed Message Digest to the server for authentication
  • 10. 10 Password Based Authentication user server Login Request: ID, H(Password) Authentication Results: Accept/Reject Server verifies from the User Database the user ID and its corresponding Message Digest and informs the user accordingly User’s computer computes the message digest of the password after the user enters it on the screen It then sends the User ID and MD to the server In the User DB, the copy of User ID and MD derived from user password is stored • H(Password) = Message Digest Derived from the User Password User Authentication Involving Message Digests of the Password
  • 11. 11 Passwords Based Authentication • Problems with the Message Digests of the Passwords – An Attacker cannot compute the original password back from the message digest of the password – But he can simply copy the User ID and the corresponding Message Digest of the password, and submit them after some time to the same server as a part of the new login request. – The server has no way of knowing that this login attempt is not from a legitimate user, but actually an attacker. – This is called as REPLAY ATTACK, because the attacker simply replays the sequence of the actions of a normal user
  • 12. 12 Passwords Based Authentication • Adding Randomness – To improve the security and to detect a replay attack we need to add a bit of unpredictability or randomness to the earlier schemes – This will ensure that the replay attack is foiled – Steps 1. Storing Message Digests as derived passwords in the user database – User Ids and corresponding MDs are stored in user Database with the server 2. User sends a login request – Containing only user ID
  • 13. 13 Passwords Based Authentication • Adding Randomness … (cont) – Steps… 3. Server Creates a random Challenge – Server first verifies the validity of user ID – Then it sends a random challenge (a random number) to the user – Random challenge travels as plain text from server to user computer 4. User Signs the Random Challenge with the Message Digest of the Password – User Computer’s computes the Message Digest (MD) of its password – User Computer’s Encrypts the Random Challenge by using MD of the Password. (symmetric key encryption) – User Computer’s sends the random challenge, which is encrypted with the message digest of the password to the server .
  • 14. 14 Passwords Based Authentication • Adding Randomness … (cont) – Steps… 5. Server Verifies the Encrypted Random Challenge from the user • Server can do the verification in two ways • Either decrypting the Random Challenge and comparing the challenge values. • Or it can encrypt the Random Challenge by the MD of the password and compare the two encrypted entities 6. Server returns an appropriate message back to the user Note: The Random Challenge value is different every time. Therefore the random challenge encrypted with the MD of password would also be different. Therefore replay attacks can easy be detected
  • 15. 15 Password Based Authentication serveruser Random Challenge Verify that this ID exits in the DB Server creates a random challenge and sends it to the user User sends the User ID Login Request: User ID In the User DB, the copy of User ID and MD derived from user password is stored User’s Computer encrypts the random challenge received from the server using its MD derived from its password. User sends the Encrypted Random Challenge Authentication Results: Accept/Reject Encrypted Random Challenge Server verifies the encrypted random challenge and returns an appropriate message to user Adding Randomness in Password Based Authentication
  • 16. 16 Problems with the Passwords • Typically an organization has a number of applications, networks, shared resources an intranets – These applications may have varying needs of security measures, each resource may demands its own user name and password – In that case end users/network administrators have to keep a large number of user ids and passwords to be used with different applications • Password Maintenance is a very big concern for system administrations • Organizations specify Password Policies • There exit other authentication mechanisms as well besides Password based authentication
  • 17. 17 Authentication Tokens • It is an extremely useful alternative to a password • These small devices are usually of the size of a small key chain • Usually an authentication Token has the following features – Processor – LCD for displaying outputs – Battery – Optionally a small keypad for entering information – Optionally a real-time clock • Each Authentication Token is pre-programmed with a unique number called as a random seed or just seed • The seed value forms the basis for ensuring the uniqueness of the output produced by the token
  • 18. 18 Authentication Token • Step Involved in Authentication Token 1. Creation of a Token – Created by the Authentication servers that are designed to use with authentication tokens – A unique value i.e. a seed is automatically placed or pre-programmed inside each token by the server – Server also keeps a copy of the seed against the user ID in the user database – Seed can be conceptually considered as a user password – Difference is that the user password is known to the user, seed value remains unknown to the user 2. Use of the Token – An Authentication Token automatically generates pseudorandom numbers called one-time passwords. – One time passwords are generated randomly by authentication tokens using seed value
  • 19. 19 Authentication Token … (cont) – When a user wants to be authenticated by any server, the user will get a screen to enter user ID and the latest one- time password – The users enters its ID and gets is latest one-time password from the authentication token – The user ID and password travels to the server as a part of the login request – Server verifies using some mechanism that this one-time password is created using the valid seed value
  • 20. 20 Authentication Token serveruser User possesses an Authentication Token with a pre- programmed seed in it Login Request: ID, One-Time Password In the User DB, the copy of User ID and Seed value is stored. Using the Authentication Token, User calculates his one- Time password based on seed value Authentication Results: Accept/Reject User sends the ID and one-time password as login request Server validates the ID, and one-time password using the stored seed value from user DB Server sends an appropriate message back to the user Authentication Tokens
  • 21. 21 Multifactor Authentication • What if the Authentication Token device gets stolen – PIN numbers are used to generate a one-time passwords with the authentication token devices • Multifactor Authentication – What you know • Passwords/Secret key – What you are • Biometrics (e.g. fingerprint) – What you have • Secure tokens/smart card/ ATM card
  • 22. 22 Authentication Tokens • Password is a 1-factor authentication – It is something you know • Authentication Token are 2-factor authentication – You must have something • The authentication token itself – You must know something • PIN to protect it
  • 23. 23 Certificate Based Authentication • This is based on the Digital Certificates of the user • In PKI, the digital certificates are used for secure digital transactions. • The digital certificates in PKI can also be re-used for user authentication as well • This is a stronger mechanism as compared to password based authentication – Issue • Misuse of someone else’s certificate • To tackle such issues, certificate based authentication is also made 2 factor process (have something and know something)
  • 24. 24 Certificate Based Authentication • How does Certificate Based Authentication works? 1. Creation, Storage and Distribution of Digital Certificates – Certificates are created by CA, sent to user as well as a copy to the server, where we have to implement certificate based authentication 2. Login Request – User sends its ID only 3. Server Creates a Random Challenge – User ID validity is checked – Sends random challenge in plain text to user
  • 25. 25 Certificate Based Authentication • How does Certificate Based Authentication works? … (Cont) 4. User Signs the Random Challenge – User signs the random challenge received from Server by using its Private Key – User’s private key is stored in a file in user computer – To access its private key file, user has to give a correct password – User sends the signed random challenge to the server 5. Server returns an appropriate message back to the user
  • 26. 26 Certificate Based Authentication serveruser Random Challenge Verify that this ID exits in the DB Server creates a random challenge and sends it to the user User sends the User ID Login Request: User ID In the User DB, the Digital Certificate of User is stored that contains ID and Public key of userUser’s Computer encrypts the random challenge received from the server using user’s Private Key User sends the Encrypted Random Challenge Authentication Results: Accept/Reject Encrypted Random Challenge Server verifies the encrypted random challenge and returns an appropriate message to user Certificate Based Authentication
  • 27. 27 Use of Smart Cards • The use of Smart Cards is related to Certificate Based Authentication • This is because the smart cards allows the generation of public-private key pairs within the card • They also support the storage of digital certificates within the card • The private key always remain in the smart card in a secure fashion • The public key and the certificate is exposed outside • Also the smart cards are capable of performing cryptographic functions such as encryption, decryption, message digest creation and signing within the card – Thus during the certificate based authentication, the signing of random challenge sent by the server can be performed inside the card
  • 28. 28 Smart Cards • Portable – Have its own pros and cons • Must be used to perform selective cryptographic mechanisms – Such approaches must be used to first generate the message digest of large document say 10MB of size by some software (inside the computer), and then use the smart card to digitally sign the created message digest
  • 29. 29 Problems and issues in Smart Cards • Lack of standardization and inter-operability between smart cards vendors • Smart card reader are not yet a part of a desktop computer like hard disk drive or floppy drives • Non-availability of smart card reader driver software • Non-availability of smart card aware cryptographic service software • Cost of smart cards and card reader is high
  • 30. 30 Biometric Authentication • A biometric device works on the basis of some human characteristics, such as fingerprints, voice or the pattern of lines in the iris of your eye • The user database contains a sample of user’s biometric characteristics • During the authentication, the user is required to provide another sample of the users’ biometric characteristic. • This is matched with the one in the database, and if the two samples are same, the user is considered to be a valid one. • The samples produced during every authentication process can vary slightly. (e.g. cuts on the finger) • An approximate match can be acceptable
  • 31. 31 Biometric Authentication • Any Biometric Authentication System defines two configurable parameters: – False Accept Ratio (FAR) • It is a measurement of the chance that a user who should be rejected is actually accepted by a system as good enough – False Reject Ratio (FRR) • It is a measurement of the chance that a user who should be accepted as valid is actually rejected by a system as not good enough • Thus FAR and FRR are exactly opposite to each other
  • 32. 32 Best Authentication Solution • The best authentication solution may be considered as a combination of the password/PIN, a smart card and biometrics. • It covers all the three key aspects related to authentication – Who you are, – What you have, – What you know • However this can turn out to be an extremely complex system to build
  • 33. 33 References • Network Security A Beginner’s Guide – By Eric Maiwald • Network Security first-step – By Tom Thomas • Designing Network Security – By Cisco Press • Cryptography and Network Security – 3rd Edition, by William Stallings • Mastering Network Secuity – By Chris Brenton and Cameron Hunt • Network Security – By Atul Kahate