Cpre 532

1
Cpre 532

• Lecture 6

2
Outline

• Authentication

3
Authentication

• Proof on identity
• Four different types of authentication
• User to host
• Person proves the identity to computer resource
• Most prevalent
• Host to Host
• Work being done to strengthen this
• In past usually done by IP address
• User to User
• Contracts, secure email
• Useful for online auctions
• Host to User
• Server authenticating to user

4
User to Host

• Three ways
• By something that you are
• Fingerprints, voice prints, thermal imaging
• Social and technology issues
• Privacy issues
• DNA scanning
• Scalability
• By something that you know
• Secret keep by you like a password or pin
• Most common user to host authentication
• Problem is human memory
• By something that you have
• Key cards like atm card
• Can be lost or stolen

5
Authentication Systems

• Password
• Trusted third party
• Public key infrastructure (PKI)

6
Passwords

• Static passwords
• Remains valid until user changes it
• One time passwords
• Passwords not stored in clear text
• Use one-way algorithms to store password
• Password guessing
• Users choose easy passwords
• Use social engineering to have user change
  password to something known
• Password decryption
• Sophisticated password guessing by using the
  encrypted password file

7
Unix Password Encryption

• UNIX password encryption (old way)
• 56 bit password
• Brute force attack 256 72,057,594,037,927,936
• To break in a day 833,999,930,994 /sec
• To break in a year 2,284,931,317 /sec
• Usually systems will only allow 3-5 mistakes
• Some of these attempts might be logged

8
Password cont

• Ways to narrow down domain of problem
• Social engineering
• Password decryption
• One must have obtained a password file or
  database
• Sniff information of the media
• Challenge and response
• Password can be in clear text
• Sniffers to look for user names and passwords on
  the media

9
Next Time

• Continue authentication

10
Questions