CMSC 414 Computer and Network Security Lecture 14 - PowerPoint PPT Presentation

About This Presentation
Title:

CMSC 414 Computer and Network Security Lecture 14

Description:

Biometrics. How much entropy is there? How private are these? How reliable are they? ... Biometrics. Difficult to use securely. Errors. Non-uniform. Still need ... – PowerPoint PPT presentation

Number of Views:36
Avg rating:3.0/5.0
Slides: 11
Provided by: jka9
Learn more at: http://www.cs.umd.edu
Category:

less

Transcript and Presenter's Notes

Title: CMSC 414 Computer and Network Security Lecture 14


1
CMSC 414Computer and Network SecurityLecture 14
  • Jonathan Katz

2
Password-based protocols
  • Any password-based protocol is potentially
    vulnerable to an on-line dictionary attack
  • On-line attacks can be detected and limited
  • How?
  • Off-line attacks can never be prevented, but
    protocols can be made secure against such attacks
  • Any password-based protocol is vulnerable to
    off-line attack if the server is compromised
  • Once the server is compromised, why do we care?

3
Password-based protocols
  • Best Use a password-based protocol which is
    secure against off-line attacks when server is
    not compromised
  • Unfortunately, this has not been the case in
    practice (e.g., telnet, cell phones, etc.)
  • This is a difficult problem!

4
Password storage
  • In the clear
  • Hash of password (done correctly)
  • Doesnt always achieve anything!
  • Makes adversarys job harder
  • Potentially protects users who choose good
    passwords
  • Salt-ed hash of password
  • Makes bulk dictionary attacks harder, but no
    harder to attack a particular password
  • Encrypted passwords? (What attack is this
    defending against?)
  • Centralized server stores password
  • Threshold password storage

5
Centralized password storage
  • Authentication storage node
  • Central server stores password servers request
    the password to authenticate user
  • Auth. facilitator node
  • Central server stores password servers send
    information from user to be authenticated by the
    central server
  • Note that communication with the central server
    must be authenticated!

6
Authentication tokens
  • RSA SecureID
  • PIN-protected memory card
  • Cryptographic smartcards
  • Aladdin eTokens
  • Still need a secure protocol!

7
Biometrics
  • How much entropy is there?
  • How private are these?
  • How reliable are they?
  • Revocation?

8
Biometrics
  • Difficult to use securely
  • Errors
  • Non-uniform
  • Still need a secure protocol

9
Biometric authentication
  • How can you securely authenticate yourself to a
    remote server using your fingerprint?
  • Trivial solution

Server
User
close?
Completely vulnerable to eavesdropping!
10
Better(?) solution
Server
User
nonce
h
A single-bit difference in the scanned
fingerprint results in a failed authentication!
Write a Comment
User Comments (0)
About PowerShow.com