lecture_8

lecture_8 - Lecture 8 Page 1 CS 136, Winter 2010...

Info iconThis preview shows pages 1–13. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Lecture 8 Page 1 CS 136, Winter 2010 Authentication CS 136 Computer Security Peter Reiher January 28, 2010 Lecture 8 Page 2 CS 136, Winter 2010 Outline Introduction Basic authentication mechanisms Lecture 8 Page 3 CS 136, Winter 2010 Introduction Much of security is based on good access control Access control only works if you have good authentication What is authentication? Lecture 8 Page 4 CS 136, Winter 2010 Authentication Determining the identity of some entity Process Machine Human user Requires notion of identity And some degree of proof of identity Lecture 8 Page 5 CS 136, Winter 2010 Authentication Vs. Authorization Authentication is determining who you are Authorization is determining what someone is allowed to do Cant authorize properly without authentication Purpose of authentication is usually to make authorization decisions Lecture 8 Page 6 CS 136, Winter 2010 Proving Identity in the Physical World Most frequently done by physical recognition I recognize your face, your voice, your body What about identifying those we dont already know? Lecture 8 Page 7 CS 136, Winter 2010 Other Physical World Methods of Identification Identification by recommendation You introduce me to someone Identification by credentials You show me your drivers license Identification by knowledge You tell me something only you know Identification by location Youre behind the counter at the DMV These all have cyber analogs Lecture 8 Page 8 CS 136, Winter 2010 Differences in Cyber Identification Usually the identifying entity isnt human Often the identified entity isnt human, either Often no physical presence required Often no later rechecks of identity Lecture 8 Page 9 CS 136, Winter 2010 Identifying With a Computer Not as smart as a human Steps to prove identity must be well defined Cant do certain things as well E.g., face recognition But lightning fast on computations and less prone to simple errors Mathematical methods are acceptable Lecture 8 Page 10 CS 136, Winter 2010 Identifying Computers and Programs No physical characteristics Faces, fingerprints, voices, etc. Generally easy to duplicate programs Not smart enough to be flexible Must use methods they will understand Again, good at computations Lecture 8 Page 11 CS 136, Winter 2010 Physical Presence Optional Often authentication required over a network or cable Even if the party to be identified is human So authentication mechanism must work in face of network characteristics E.g., active wiretapping Lecture 8 Page 12 CS 136, Winter 2010 Identity Might Not Be Rechecked Human beings can make identification mistakes But they often recover from them Often quite easily Based on observing behavior that suggests identification was wrong Computers and programs rarely have that capability If they identify something, they believe it Lecture 8...
View Full Document

Page1 / 60

lecture_8 - Lecture 8 Page 1 CS 136, Winter 2010...

This preview shows document pages 1 - 13. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online