csce522-lect13

csce522-lect13 - CSCE 522 CSCE Identification and...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
CSCE 522 CSCE 522 Identification and Authentication Identification and Authentication
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 522 - Farkas 2 Reading Reading Reading for this lecture: Required: Pfleeger: Ch. 4.5 An Introduction to Computer Security: The NIST Handbook, http://csrc.nist.gov/publications/nistpubs/800-12/handbook.pdf : Chapter 16, Identification and Authentication, pages 180-194 Recommended: Smart Card Alliance, http://www.smartcardalliance.org/ http:// www.entrust.com/authentication/index.htm Certificate Authority GlobalSign Loses Critical Data to ComodoHacker, http:// techie-buzz.com/tech-news/globalsign-attack-certificate-authority-data-leak.html , Sept 8, 2011 Reading for next lecture: Pfleeger: Ch. 4.3 and 4.4
Background image of page 2
Identification Identification Establishes the identity of an individual/system/ap- plication/etc. Proof of identity: password, driver’s license, Id card, etc. CSCE 522 - Farkas 3
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 522 - Farkas 4 Authentication Authentication Allows an entity (a user or a system) to prove its identity within a context, e.g., computer system Typically, the entity whose identity is verified reveals knowledge of some secret S to the verifier Strong authentication : the entity reveals knowledge of S to the verifier without revealing S to the verifier
Background image of page 4
CSCE 522 - Farkas 5 Authentication Information Authentication Information Must be securely maintained by the system.
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 522 - Farkas 6 Elements of Authentication Elements of Authentication Person/group/code/system : to be authenticated Distinguishing characteristics : differentiates the entities to be authenticated Proprietor/system owner/administrator : responsible for the system Authentication mechanism : verify the distinguishing characteristics Access control mechanism : grant privileges upon successful authentication
Background image of page 6
CSCE 522 - Farkas 7 Authentication Requirements Authentication Requirements Network must ensure Data exchange is established with addressed peer entity not with an entity that masquerades or replays previous messages Network must ensure data source is the one claimed Authentication generally follows identification Establish validity of claimed identity Provide protection against fraudulent transactions
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 522 - Farkas 8 User Authentication User Authentication What the user knows Password, personal information What the user possesses
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 12/13/2011 for the course CSCE 522 taught by Professor Farkas during the Fall '11 term at South Carolina.

Page1 / 34

csce522-lect13 - CSCE 522 CSCE Identification and...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online