cse443-lecture-3-passwords

cse443-lecture-3-passwords - CMPSC 443 Introduction to...

Info iconThis preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Lecture 3 - Passwords and Authentication CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page What is authentication? • Reliably verifying the identity of someone • Q : How do you do this in practice today? • A : A human scale protocol? 1. A and B ask for credentials (implicitly or explicitly) 2. B provides credential to A who veriFes it 3. A provides credential to B who veriFes it • Both parties are authenticated: mutual authentication • The question is, what credentials do you use? – The answer is context specifc , where the kinds of credentials and the level of due diligence is related to the tasks for which the entity is being authenticated 2 CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page What is authentication? • Reliably verifying the identity of someone • Q : How do you do this in practice today? • A : A human scale protocol? 1. A and B ask for credentials (implicitly or explicitly) 2. B provides credential to A who veriFes it 3. A provides credential to B who veriFes it • Both parties are authenticated: mutual authentication • The question is, what credentials do you use? – The answer is context specifc , where the kinds of credentials and the level of due diligence is related to the tasks for which the entity is being authenticated 2 CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page What is Identity? • That which gives you access … which is largely determined by context – We all have lots of identities – Pseudo-identities • Really, determined by who is evaluating credential – Driver ʼ s License, Passport, SSN prove … – Credit cards prove … – Signature proves … – Password proves … – Voice proves … • Exercise: Give an example of bad mapping between a credential and the purpose for which it was used....
View Full Document

This note was uploaded on 02/11/2012 for the course CSE 443 taught by Professor Trentjaeger during the Spring '11 term at Penn State.

Page1 / 19

cse443-lecture-3-passwords - CMPSC 443 Introduction to...

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online