Lecture10 - IS 2150 / TEL 2810 Introduction to Security...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Associate Professor, SIS Lecture 10 Nov 15, 2011 Authentication, Identity Vulnerability Analysis
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 Objectives Understand/explain the issues related  to, and utilize the techniques  Authentication and identification Vulnerability analysis/classification Techniques Taxonomy
Background image of page 2
3 Authentication and Identity
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
4 What is Authentication? Authentication:   Binding identity and external entity to subject How do we do it? Entity  knows  something (secret) Passwords, id numbers Entity  has  something Badge, smart card Entity  is  something  Biometrics: fingerprints or retinal characteristics Entity is in  someplace Source IP, restricted area terminal
Background image of page 4
5 Authentication System: Definition A : Set of  authentication information used by entities to prove their identities (e.g., password) C : Set of  complementary information used by system to validate authentication information (e.g.,  hash of a password or the password itself) F : Set of  complementation functions  (to generate  C) A     C Generate appropriate    C  given   A L :  set of  authentication functions l A   ×   C    {  true, false  } verify identity S : set of  selection functions Generate/alter  A  and  e.g., commands to change password
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
6 Authentication System:  Passwords Example:  plaintext passwords A  =  C  = alphabet* f  returns argument:    f ( a ) returns  a l  is string equivalence:   l ( a b ) is true if  a  =  b Complementation Function Null (return the argument as above) requires that  c  be protected; i.e. password file needs to be  protected One-way hash – function such that Complementary information c = f ( a ) easy to compute f -1 ( c ) difficult to compute
Background image of page 6
7 Passwords Example: Original Unix  A password is up to eight characters  each character could be one of 127 possible characters;  A  contains approx. 6.9 x 10 16  passwords Password is hashed using one of 4096 functions into a 11  character string 2 characters pre-pended to indicate the hash function  used C  contains passwords of size 13 characters, each  character from an alphabet of 64 characters Approximately 3.0 x 10 23  strings Stored in file  /etc/passwd  (all can read)
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
8 Authentication System Goal: identify the entities correctly Approaches to protecting Hide enough information so that one of  a, c  or  f  cannot be found Make C readable only to root  Make F unknown Prevent access to the authentication functions  L root  cannot log in over the network
Background image of page 8
9 Attacks on Passwords
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 02/07/2012 for the course SIS 2150 taught by Professor Joshi during the Fall '11 term at Pittsburgh.

Page1 / 34

Lecture10 - IS 2150 / TEL 2810 Introduction to Security...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online