authentication

authentication - Identification and Authentication...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
1 1 Authentication CS177 2011 Identification and Authentication Authentication is the binding of an identity to a subject 2 Authentication CS177 2011 Identification and Authentication Based on one or more of four things • What you have (token, key) • What you know (password, pin) • What you are (fingerprint, retinal scan) • Where you are (secure building, parking lot) 3 Authentication CS177 2011 Klein sample of 15,000 passwords 8% Dictionary words 4% Common names 3% User/account name 2% Phrases, patterns 1% Male names 1% Female names 1% Uncommon names 1% Machine names 1% Place names 1% King James Bible 4 Authentication CS177 2011 Categories of Easily Guessed PWs • Based on an account – account name followed by number – account name surrounded by delimiters • Based on a user’s name – Initials repeated 0 or more times – All letters upper (or lower) case – Name reversed – First initial followed by last name reversed • Dictionary word • Dictionary with words spelled backwards • Dictionary word with all or some letters capitalized 5 Authentication CS177 2011 • Reversed dictionary word with all or some letters capitalized • Dictionary word with arbitrary letter turned into a control character • Pattern from the keyboard • Contains only digits • Looks like a license plate number • Acronyms (e.g., UCSB, DOD, ACM, IEEE) • Concatenation of dictionary words • Dictionary words with all vowels deleted 6 Authentication CS177 2011 Gramp and Morris Unix Operating System Security (1984) • If login is abc Try abc, cba, abcabc • Comments field • Finger • 20 most common female names each followed by a single digit yielded at least one password on every system tried
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 7 Authentication CS177 2011 Gramp and Morris Suggestions • Make it difficult for an outsider to get a copy of the password file • Remove encrypted passwords from the password file and put in a parallel file unreadable to the public and UUCP • Remove comment field • Modify password program to check for and prevent weak passwords • Educate users about good and bad passwords or assign passwords 8 Authentication CS177 2011 Proactive Password Checking • Analyze proposed password for “goodness” – Always invoked – Can detect, reject bad passwords for an appropriate definition of “bad” – Discriminate on per-user, per-site basis – Needs to do pattern matching
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 6

authentication - Identification and Authentication...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online