johann felix conceicao 411106 te comp. outline definition steps in authentication means of...
TRANSCRIPT
Security-AuthenticationJohann Felix Conceicao
411106Te Comp
OutlineDefinition Steps in AuthenticationMeans of AuthenticationPassword AuthenticationToken-Based AuthenticationBiometrics
DefinitionWhat is Authentication? General: Verification of the genuineness of a
document or signature, to make it effective or valid.
Computer access: Verification of the identity
of a user through a code such as a password.
Authentication consist of two stepsIdentification Step: Presenting an
identifier to the security system.Verification Step: Generate
authentication information which provides binding between the entity and the identifier.
Means of Authentication1. Something the individual knows. Eg:
Password2. Something the individual possesses. Eg:
Smart Cards, Physical Keys.(Token Based )3. Something the individual is. Eg:
Fingerprints, Face. (Static Biometrics)4. Something the individual does. Eg:
Signature (handwriting char.),Voice patterns. (Dynamic Biometrics)
Password Based AuthenticationSetup
User chooses passwordHash of password stored in password file
AuthenticationUser logs into system, supplies password
System computes hash, compares to file
Basic password schemeHash function h : strings stringsUser password stored as h(password) in
password fileWhen user enters password
System computes h(password)Compares with entry in password file
If password entered by user is equal to password from password file, then user is authenticated.
Else it gives an error …saying that username or password is incorrect.
Basic password scheme
Password fileUser
exrygbzyf kgnosfix ggjoklbsz …
……
kiwifruit
hash function
Token Based AuthenticationObjects that a user possesses for the purpose of user
authentication are called tokens (security tokens).Security tokens are used to prove one's identity
electronically (eg: Customer’s trying to access their bank account).
Thus it acts like an electronic key to access something.It is a small hardware device that the owner carries to
authorize access to a network service. The device may be in the form of a smart card or may
be embedded in a commonly used object such as a key fob.
Conti…..Security tokens provide an extra level of assurance
through a method known as two-factor authentication: the user has a personal identification number (PIN), which authorizes them as the owner of that particular device; the device then displays a number which uniquely identifies the user to the service, allowing them to log in.
Unlike a password, a security token is a physical object. A key fob, for example, is practical and easy to carry, and
thus, easy for the user to protect. Even if the key fob falls into the wrong hands, however, it can't be used to gain access because the PIN (which only the rightful user knows) is also needed.
Biometric AuthenticationA biometric authentication system attempts to
authenticate an individual based on his or her unique physical characteristics.
Individuals characteristics can be static characteristics (fingerprints, hand geometry, facial characteristics, and retinal and iris patterns) and dynamic characteristics (voiceprint and signature).
Advantages: Cannot be disclosed, lost, forgotten
Disadvantages:Cost, installation, maintenance
BiometricsPhysiological
Iris Fingerprint (including nail) Hand (including knuckle, palm, vascular) Face Voice Retina DNA Even Odor, Earlobe, Sweat pore, Lips
Behavioral (patterns) Signature Keystroke Voice
Physiological Biometrics
Fingerprints: A fingerprint is the pattern of ridges on the surface of the fingertip.
Two premises for fingerprint identificationFingerprint details are permanentFingerprints are unique
Face: Facial characteristics are the most common means of human-to-human identification.
We can define characteristics based on relative location and shape of key facial features, such as eyes eyebrows, nose, lips, and chin shape.
Physiological BiometricsRetinal Pattern: The pattern formed by
veins beneath the retinal surface is unique and therefore suitable for identification.
Hand: Hand geometry systems identify features of the hand, including shape, and lengths and widths of fingers.
Iris: The detailed structure of the iris also a unique physical characteristic in authentication.
Behavioral Biometrics
Signature: Each individual has a unique style of handwriting, and this is reflected especially in the signature, which is typically a frequently written sequence.
However, multiple signature samples from a single individual will not be identical.
This complicates the task of developing a computer representation of the signature that can be matched to future samples.
Behavioral Biometrics
Voice: Voice patterns are more closely tied to the physical and anatomical characteristics of the speaker.
There is still a variation from sample to sample over time from the same speaker, complicating the biometric recognition task.
References
Operating Systems by William Stallingspage no: 668-669, 672-675
QuestionsExplain Password Protection
Technique.Write a short note on BiometricsWhat are the four means of
authentication? Explain with examples.
Thank You