External enty is bound to system id user account

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: y, the Illini Union Bookstore, etc.) –  Subject is computer en'ty (process, network connec'on, etc.) –  Two steps –  Iden'fica'on step: present iden'fier to security system. Registra'on –  Verifica'on step: Present or generate authen'ca'on informa'on that corroborates the binding between en'ty and iden'fier 13 Establishing Iden'ty •  One or more of the following What en'ty knows (e.g. password, private key) What en'ty has (e.g. badge, smart card) What en'ty is (e.g. fingerprints, re'nal characteris'cs) What en'ty does (e.g., voice paCern, handwri'ng, typing rhythm) –  Where en'ty is (e.g. In front of a par'cular terminal) –  –  –  –  •  Example: scene from Ivanhoe •  Example: Credit card transac'on •  Mul'- factor authen'ca'on •  Use mul'ple elements to prove iden'ty 14 Complementa'on Informa'on •  User provides informa'on to verify iden'ty •  System stores a processed version of this informa'on as the complementaIon informa'on •  The complementa'on func'on maps from the user provided data to the system stored data –  Need to worry about access to use provided data Password- based Authen'ca'on •  External en'ty is bound to system ID (user account) •  Authen'ca'on Step –  External en'ty presents password –  System compares with previously stored password –  If password matches, system starts process with bound ID •  Later access control decisions made against ID •  Privilege decisions made against ID Password Vulnerabili'es •  Password systems widely used, but very vulnerable –  Offline dic'onary aCack –  Specific account aCack –  Worksta'on hijacking –  S'cky notes –  Password reuse –  Social engineering –  Electronic monitoring Password Storage •  Store as cleartext –...
View Full Document

Ask a homework question - tutors are online