CS 736 A methodology for Analyzing the Performance of Authentication Protocol by Laseinde Olaoluwa...

CS 736

A methodology for Analyzing the Performance of Authentication Protocol

by

Laseinde Olaoluwa Peter

Department of Computer ScienceWest Virginia [email protected]

Outline

What is an authentication protocol?

Password Authentication Scheme

Token Based Authentication (Smart card)

Biometric Authentication Protocol

Multiple Authentication System

What are authentication protocols?

The different schemes used to grant or decline access to a place/location.

Establish the identity of a person.

Establish a communication securely

Outline






Password Authentication scheme

Most widely used authentication protocol

Encryption and decryption of password are done using algorithms

Symmetric and Asymmetric encrypting techniques

Performance of some algorithms

Advantages Least expensive authentication method to use. No need to carry hardware device. User IDs and passwords can be changed at the user's

choice.

Disadvantages Not fully reliable when used for making financial

transactions remotely, such as fund transfers and bill payments through an Internet banking channel.

Security depends on the users' ability to maintain the user ID and password secret.

Outline






Token based Authentication (smart card)

Takes the form of ID cards e.g. student card, debit/credit cards, insurance cards gives access to Laboratories and other facilities on campus, ATMs and Library.

Comes with single or multiple processors.

Advantages More secure to use than the normal user ID or

password. Difficult for non-authorized users to extract the private

key when stored on a smart card.

Disadvantages Requires users to carry a smart card. Need for regular renewals

Some brands of smart cards

Outline






Biometric Authentication

Defines “who you are”

not “what you have”

or “what you can remember”

Biological and behavioral characteristics Finger prints

Ridges and valleys

Minutiae

Face

Hand/finger geometry

Iris

Voice

Definitions False Acceptance Rate (FAR): Probability that a

biometric system falsely recognizes different characteristics as identical, thus failing to reject, for example, a potential intruder.

False Rejection Rate (FRR): Probability that a biometric system falsely recognizes identical characteristics as being different, thus, for example refusing to accept an authorized person.

False Match Rate (FMR): This indicates the proportion of persons who, when comparing characteristics, were falsely accepted.

Definitions continued…

False Non-Match Rate (FNMR): This indicates the proportion of persons who, when comparing characteristics, were falsely not accepted.

Failure to Acquire (FTA): This is the attempts that were previously rejected due to a low quality of the image, this is also the proportion of times the biometric device fails to capture a sample when the biometric characteristic is presented to it.

Failure to Enroll (FTE): This is a measure of the proportion of users that cannot be successfully enrolled in a biometric system

Performance of biometric systems

Efficiency in image capturing process.

Performance in terms of effectiveness

Relationship between the False match rate and False non-match

Performance in terms of effectiveness

A comparison of the false accept rate and the false reject rate

Advantages Can be used for accessing high-security systems and

sites Different options are available, finger print, iris, voice,

hand geometry, face. You do not need to carry any physical item.

Disadvantages It could be expensive e.g cost of scanners, support and

maintenance High deployment cost May not be suitable for mass-consumer deployment Performance is not 100%

Outline






Multiple authentication System

Having a combination of two or more authentication protocols

ATM machine which makes use of both the smart card and also a pin for authentication.

Questions?

CS 736 A methodology for Analyzing the Performance of Authentication Protocol by Laseinde Olaoluwa...

Documents

Transcript of CS 736 A methodology for Analyzing the Performance of Authentication Protocol by Laseinde Olaoluwa...