Lecture6.pptx - Identification and Authentication Computer...

Info icon This preview shows pages 1–12. Sign up to view the full content.

View Full Document Right Arrow Icon
edithcowancollege.edu.au navitas.com Identification and Authentication Computer Security
Image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
edithcowancollege.edu.au navitas.com Some Terms Identification Establishing who or what an entity person claims to be Who is this entity? Authentication Establishing that the entity really is what it claims to be Is this entity really what they claim to be? Authorisation Establishing what the entity is allowed to do What resources can they access/interact with?
Image of page 2
edithcowancollege.edu.au navitas.com An Example Consider the following situation when you log into the network in the labs: You type in a user name You are claiming that you are a particular person Identification You type in a password You are supporting or proving your claim Authentication The OS and the network decide which resources you can and cannot access Authorisation
Image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
edithcowancollege.edu.au navitas.com Other Examples Sometimes a technology can be used for either identification and/or authentication Fingerprints Police could use fingerprint technology at a crime scene to try to identify people that might have been present Fingerprints can also to prove the claim that a person might make about their identity An ID badge This might both identify and authenticate a person
Image of page 4
edithcowancollege.edu.au navitas.com Authentication without disclosure of identity Some systems try to authenticate users without actually disclosing the identity of the subject Essentially the system knows that the subject is either authentic or not authentic but does not know the identity of the subject Can you think of an example? However identity is necessary if we want to enforce different authorisation controls on a per user basis Or relate actions to a particular user
Image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
edithcowancollege.edu.au navitas.com Identification and Authentication 3 approaches: Something you know Passwords Answers to questions Secret handshakes, symbols etc Something you have ID card Token Private key Something you are Biometric characteristics
Image of page 6
edithcowancollege.edu.au navitas.com Something You Know Username Password Date of birth Address Phone number Etc…
Image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
edithcowancollege.edu.au navitas.com Passwords A very common mechanism Commonly used for authentication Relies on the fact that the correct person knows something that others don’t Not necessarily unique to one person Someone could tell others their password Just because one person possesses that knowledge doesn’t stop someone else from possessing it
Image of page 8
edithcowancollege.edu.au navitas.com Strength of Passwords There is quite a spectrum of password strengths ranging from those that provide no protection to those that provide strong protection Weak protection Strong protection Blank Passwords Default Passwords Guessable Passwords Names of family members, pets, birthdays etc Mixture of unrelated alpha and numeric characters Alphabetic characters forming a non- meaningful word Words not related to user
Image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
edithcowancollege.edu.au navitas.com Password strength?
Image of page 10
edithcowancollege.edu.au
Image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 12
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern