Authentication. Most technical security safeguards have authentication as a precondition How to...
-
date post
18-Dec-2015 -
Category
Documents
-
view
215 -
download
0
Transcript of Authentication. Most technical security safeguards have authentication as a precondition How to...
![Page 1: Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething.](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d245503460f949fb1f4/html5/thumbnails/1.jpg)
Authentication
![Page 2: Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething.](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d245503460f949fb1f4/html5/thumbnails/2.jpg)
Authentication Most technical security safeguards have
authentication as a precondition
How to authenticate:
LocationSomewhere you are
BiometrieSomething you are
Smart Card, TokenSomething you have
Password, SecretsSomething you know
![Page 3: Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething.](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d245503460f949fb1f4/html5/thumbnails/3.jpg)
The authentication process
Authentication Verification Authorization
Authentication Ask the user for credentials
Verification Verify this credentials agains something
previously known Authorization
Mark the user as authenticated Commonly here also the AC rights are
assigned
![Page 4: Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething.](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d245503460f949fb1f4/html5/thumbnails/4.jpg)
Password
A secret (word) know by the user and the system
![Page 5: Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething.](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d245503460f949fb1f4/html5/thumbnails/5.jpg)
Password
Username Some name under which the user is
known to the system – hardly secret Secret Password
The secret connected to the user name
![Page 6: Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething.](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d245503460f949fb1f4/html5/thumbnails/6.jpg)
Good and bad passwords Linkable names
(own, child's,...) Linkable numbers
(telephone, birthdays, …)
Related words (like the car -> Ferrari)
Common words from dictionaries
Common patterns (qwerty, 123456, …)
Fashion words
Containing big an small letters
Containing numbers and special characters
> 8 characters Can be written fast
First 3 prevent the search
4 is to prevent observation
![Page 7: Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething.](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d245503460f949fb1f4/html5/thumbnails/7.jpg)
Password verification Compatre the input with a stored value
Passwords need to be stored Plain Encrypted
One way Bi-directional
Passwords need to be transfered Plain Encyrpted
![Page 8: Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething.](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d245503460f949fb1f4/html5/thumbnails/8.jpg)
Security of Passwords
Security is based mainly on the user but also how it is implemented in the system
Systems can implement additional functions to harden passwords
![Page 9: Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething.](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d245503460f949fb1f4/html5/thumbnails/9.jpg)
Attacks against passwordsystems
Test all possible passwords Guess likely words – lexical attacks Social engineering Looking for the systems password
list Attacking the authentication
mechanism Ask the user
![Page 10: Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething.](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d245503460f949fb1f4/html5/thumbnails/10.jpg)
Ways to harden
Limited number of tries Wrong inputs slow down the process Challenge Respond Authorize also the system Combining different systems Harden the process Require passwords with high
entropy
![Page 11: Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething.](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d245503460f949fb1f4/html5/thumbnails/11.jpg)
One time passwords
A password is only valid one‘s
Technqiues Transaction numbers (TAN) Hashed with time stamp
![Page 12: Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething.](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d245503460f949fb1f4/html5/thumbnails/12.jpg)
Cryptographic techniques Cryptography for authentication purpose
Popular techniques Kerberos Certificates X.509 Challenge Respond Systems
Problems Complex Infrastructure dependent
![Page 13: Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething.](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d245503460f949fb1f4/html5/thumbnails/13.jpg)
Security token Something you have
Popular Representative Cryptographic Token SmartCards
Problems Costly Technical Infrastructure
![Page 14: Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething.](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d245503460f949fb1f4/html5/thumbnails/14.jpg)
Smart Cards
A card with a chip Not necessarily for authentication
Different types ROM Cards EEPROM Cards Microprocessor cards
![Page 15: Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething.](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d245503460f949fb1f4/html5/thumbnails/15.jpg)
Smart cards
Prominent Examples Bank cards Credit cards Mobile phone cards
![Page 16: Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething.](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d245503460f949fb1f4/html5/thumbnails/16.jpg)
Attacks against Smart cards
Protocol attacks the communication between the smart
card and the card reader Blocking signaling
block Signals (for example erase signals Freeze or reset the card
make the content of the RAM readable
![Page 17: Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething.](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d245503460f949fb1f4/html5/thumbnails/17.jpg)
Attacks against Smart cards
Physical Probing reading data directly from the
hardware Damage part of the chip
for example the address counter Reverse engineering
reveal the chip design and gain knowledge
![Page 18: Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething.](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d245503460f949fb1f4/html5/thumbnails/18.jpg)
Biometrics
The security relies on the property of a human being
Measuring some aspects of the human anatomy or physiology and compare it with previously recorded values
Problems: Humans change over time
![Page 19: Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething.](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d245503460f949fb1f4/html5/thumbnails/19.jpg)
Concepts Physical
DNA Face Fingerprint Iris Hand geometry
Behavioral Voice Signature
Verification
![Page 20: Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething.](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d245503460f949fb1f4/html5/thumbnails/20.jpg)
Conventional biometrics
Face recognition - ID Cards The oldest and probably most
accepted method Average security – result of studies
Handwritten signatures Is in Europe highly accepted Good enough security
![Page 21: Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething.](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d245503460f949fb1f4/html5/thumbnails/21.jpg)
Fingerprints Look at the friction ridges that
cover fingertips Branches and end points geometry –
commonly 16 Pores of the skin
Easy to deployed and relative limited resistance
Problems There is a statistical probability of
mismatch – the number of variation is limited
Fingerprints are mostly „noisy“ Alteration is easy
![Page 22: Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething.](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d245503460f949fb1f4/html5/thumbnails/22.jpg)
Iris Scan Patterns in the Iris are
recognized Iris codes provide the
lowest false accept rates of any known system – US Study
Problems Get people to put there eye
into a scanner Systems might be ulnerable
to simple photographies
![Page 23: Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething.](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d245503460f949fb1f4/html5/thumbnails/23.jpg)
Problems with biometrics Not exact enough
False positives and Positive False are common Technical difficult
The technology is new Privacy problems
Sicknesses can be recognized Social problems
Usage of system Revelation generates problems
Data leak out incidentally When the use became widespread your data will be
known by a lot of people
![Page 24: Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething.](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d245503460f949fb1f4/html5/thumbnails/24.jpg)
Singel Sign-on Only one sign-on for all applications
Techniques Save password – but how Issue a ticket
Trends Identity managment systems
![Page 25: Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething.](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d245503460f949fb1f4/html5/thumbnails/25.jpg)
26
Identity Management Types of IdM (Systems)
by user herself/himself supported by
service providers
Management ofown identities:chosen identity
(= Tier1)
Type 3Type 3
by organisationProfiling:
derived identityabstracted identity
(= Tier 3)
Type 2Type 2
by organisationAccount Management:
assigned identity(= Tier 2)
Type 1Type 1
There are hybrid systems that combine characteristics
![Page 26: Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething.](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d245503460f949fb1f4/html5/thumbnails/26.jpg)
27
“Identity” is changing
IT puts more HighTech on ID cards Biometrics to bind them closer to a human being Chips to add services (such as a PKI)
Profiles may make the „traditional“ ID concept obsolete People are represented not by numbers or ID keys any more but by data
sets. Identities become “a fuzzy thing”.
New IDs and ID management systems are coming up Mobile communication (GSM) has introduced a globally interoperable „ID
token“: the Subscriber Identity Module Ebay lets people trade using Pseudonyms.
Europe (the EU) consider joint ID and ID management systems European countries have different traditions on identity card use Compatibility of ID systems is not trivial
Work on new standards for Identity management systems and entity authentication are initiated by ISO and ITU
![Page 27: Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething.](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d245503460f949fb1f4/html5/thumbnails/27.jpg)
28
Identity Concepts Partial Identities Illustrated
AnonymityAnonymity WorkWork
Public Public AuthorityAuthority
Health CareHealth Care
foreign languages
education address
capabilities salary name income
credit cards tax status denominationaccount number
birthdate marital status
hobbies insurance
nickname (dis)likes
phone number health status blood group
ShoppingShopping
LeisureLeisure
Identities
Manageme
nt
![Page 28: Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething.](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d245503460f949fb1f4/html5/thumbnails/28.jpg)
29
Changing borders of (partial) identities
AnonymityAnonymity WorkWork
Public Public AuthorityAuthority
Health CareHealth Care
foreign languages
education address
capabilities salary name income
credit cards tax status denominationaccount number
birthdate marital status
hobbies insurance
nickname (dis)likes
phone number health status blood group
ShoppingShopping
LeisureLeisure
Borders are
blurring
![Page 29: Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething.](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d245503460f949fb1f4/html5/thumbnails/29.jpg)
30
Changing borders of (partial) identities (cont.)
AnonymityAnonymity WorkWork
Public Public AuthorityAuthority
Health CareHealth Care
foreign languages
education address
capabilities salary name income
credit cards tax status denominationaccount number
birthdate marital status
hobbies insurance
nickname (dis)likes
phone number health status blood group
ShoppingShopping
LeisureLeisure
Communication and contacts
![Page 30: Authentication. Most technical security safeguards have authentication as a precondition How to authenticate: LocationSomewhere you are BiometrieSomething.](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d245503460f949fb1f4/html5/thumbnails/30.jpg)
Questions ?