TMK 264: COMPUTER SECURITY - PowerPoint PPT Presentation

1 / 21

About This Presentation

Title:

TMK 264: COMPUTER SECURITY

Description:

Number of Views:56

Avg rating:3.0/5.0

Slides: 22

Provided by: yola179

Category:

more less

Transcript and Presenter's Notes

Title: TMK 264: COMPUTER SECURITY

1
TMK 264 COMPUTER SECURITY

2
INTRODUCTION

An operating system bases much of its protection
on knowing who a user of the system is.
In real-life situations, people commonly ask for
identification from people they do not know a
bank employee may ask for a drivers license
before cashing a check, library employees may
require some identification before charging out
books, and immigration officials ask for passport
as proof of identity.

3
INTRODUCTION

In computing, the choice are more limited and the
possibilities less secure.
Anyone can attempt to log in to a computing
system.
Unlike the professor who recognizes a student
voice, the computer cannot recognize electrical
signals from one person as being any different
from those of anyone else.

4
USER AUTHENTICATION

User authentication (identity verification)
convince system of your identity
before it can act on your behalf
Sometimes also require that the computer verify
its identity with the user
User authentication is based on three
qualities/methods that always used to confirm the
user identity
Something the user knows.
Something the user has.
Something the user is.
All then involve some validation of information
supplied against a table of possible values based
on users claimed identity.

5
USE OF PASSWORD

The most common authentication mechanism for user
to operating system is a password. a word known
to computer and user.
Prompt user for a login name and password.
Verify identity by checking that password is
correct
On some (older) systems, password was stored in
the clear (this is now regarded as insecure,
since breaking compromises all users of the
system)
More often use a one-way function, whose output
cannot easily be used to find the input value
Either takes a fixed sized input (Example 8
characters)
Or based on a hash function to accept a variable
sized input to create the value
Important that passwords are selected with care
to reduce risk of exhaustive search
The use of password is fairly straightforward.

6
(No Transcript)
7
ATTACKS ON PASSWORDS

How secure are password themselves? Passwords are
somewhat limited as protection devices because of
the relatively small number of bits of
information they contain.
Here are some ways you might be able to determine
a users password
Try all possible passwords.
Try many probable passwords.
Try passwords likely for the user.
Search for the system list of passwords.
Ask the user.
These suggestion are arranged in decreasing order
of difficulty the later ones are, or at least
should be, less likely to succeed.

8
(No Transcript)
9
PASSWORD LIKELY FOR A USER

If Sandy is selecting a password, she is probably
not choosing a word completely at random.
Most likely Sandys password is something
meaningful to her.
People typically choose personal password, such
as the name of s spouse, a child, a brother or
sister, a pet, a street name or something
memorable or familiar.
Here are some of the steps on guessing password
No password
The same as the user ID
Derived from the users name
Common word list plus common names and pattern.
Short college dictionary
Complete English word list

10
USER PASSWORD CHOICE
11
PASSWORD SELECTION CRITERIA

12
ONE TIME PASSWORDS

Also known as One-Shot Password.
One-Time Password is one that changes every time
it is used.
One problem with traditional passwords is caused
by eavesdropping their transfer over an insecure
network.
One possible solution is to use one-shot
(one-time) passwords
These are passwords used once only
Future values cannot be predicted from older
values
Generally, one shot password is good only for
infrequent access

13
AUTHENTICATION PROCESS

User authentication is a serious issue that
becomes even more serious when unacquainted users
seek to share facilities by means of computer
network.
A user who receives a message of INCORRECT LOGIN
will carefully retype the login again.
Some authentication process or procedures are
slow.
The traditional authentication device is the
password.
Some sophisticated authentication devices are now
available. These devices include
Handprint detectors
Voice recognizers
Identifiers of patterns in the retina

14
COOKIES

Cookies are small files that are written to the
hard disk by many of the web site that have been
visited.
A message given to a Web browser by a Web server
and it stores the message in a text file.
The main purpose of cookies is to identify users
and possibly prepare customized Web pages for
them.
These are tokens that are attached to a user or
program and change depending on the areas entered
by the user or program.
For example, online retail sites use cookies to
implement shopping charts, which enable you to
make selections on shopping activities.
Several Internet and networks, such as
DoubleClick, use cookies to track users browsing
actions across thousands of the most popular
Internet sites.

15
(No Transcript)
16
KERBEROS

A system that supports authentication in
distributed systems developed by Massachusetts
Institute of Technology (MIT).
Used for authentication between intelligent
processes, such as client--server tasks, or a
users workstation to other hosts.
Provides centralized third-party authentication
in a distributed network
KDC provides non-corruptible authentication
credentials (tickets or tokens)
Kerberos builds on symmetric key cryptography and
requires a trusted third party

17
Example of Kerberos System
18
Advantages of KERBEROS

19
BIOMETRICS
20
BIOMETRICS AUTHENTICATION

Biometric are appealing for authentication in
principle they are immune to forgery, cannot be
forgotten or misplaced and compared favorably to
password in their discrimination.
A biometric authentication should follow three of
the characteristics above
Easy to use
No threatening
Non discriminating
Article on Biometric

21
CONCLUSIONS