chapter_03 - CSE 425 Introduction to Computer Security...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
CSE 425, Introduction to Computer Security 1/23/2008Chapter 3. Passwords © 2008 by Wayne R. Dyksen. All Rights Reserved. 3-1 Michigan State University Department of Computer Science and Engineering Security Engineering Chapter 3. Passwords by Ross Anderson Professor Wayne Dyksen Department of Computer Science and Engineering Michigan State University Spring 2008 CSE 425, Introduction to Computer Security 3-2 Chapter 3. Passwords • Foundation for Much of Information Security • Represent Significant Vulnerability • Passwords Often – Not Considered At All – Not Considered Enough 3-3 Different Types of Passwords • Windows/Linux Passwords • Bank Account Number • ATM PIN • Social Security Number • Mother’s Maiden Name • Birthday • Address • Phone Number • Etc… Many of these are not secure. 3-4 Increasing Use of Passwords MSU Pilot Windows XP (7+) Unix MS Exchange MSU Answering Machine Mobile Phone Voicemail Phone Card PIN MSU FCU Visa Debit/ATM PIN Verified by Visa Discover Card Etc… Northwest Airlines Gmail MSN Passport Best Buy Reward Zone NewEgg Flickr UPS New York Times Lansing State Journal Garage Door Etc… > 80 Personal Passwords! 3-5 “Strong” Passwords Passwords Should Be – Long – Random – Unique – Changed Often – Secret …and… – Easy to Remember – Easy to Use In Practice, Passwords Are Often – Short – Far From Random – Not Unique (Used for Multiple Authentications) – Rarely Changed – Not Very Secret – Easy to Remember – Easy to Use 3-6 Reuse of Passwords • Suppose Same Password For – Pilot MSU Federal Credit Union …and. . – Web Porn Site Web Gambling Site – Etc… • Vulnerabilities – Outsider Attack: Guess One, Guessed All – Insider Attack: Know One, Know All (Turns into Outsider Attack)
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSE 425, Introduction to Computer Security 1/23/2008Chapter 3. Passwords © 2008 by Wayne R. Dyksen. All Rights Reserved. 3-2 Michigan State University Department of Computer Science and Engineering 3-7 Identity Theft Idea – Collect “Identity Passwords” – Use Passwords to Authenticate Another’s Identity – Obtain Another’s Assets Problem – Easy to Do – Not Dangerous – Can Be Hard to Trace – Lucrative Dr. Judith Collins – Ex School of Criminal Justice Professor – Methodology For Catching The Thief – Good Topic for a Project 3-8 3.1 Basics • Authentication – Subject to Non-Subject Principals • People to Devices • Less Manageable – Non-Subject Principals to Non-Subject Principals • Devices to Devices • More Manageable (with Security Protocols) Why? • Authenticating People to Devices
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 07/25/2008 for the course CSE 331 taught by Professor M.mccullen during the Spring '08 term at Michigan State University.

Page1 / 10

chapter_03 - CSE 425 Introduction to Computer Security...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online