authentication authentication
play

Authentication Authentication September 11, 2020 Administrative - PDF document

Jun 13, 2023 •17 likes •327 views

Authentication Authentication September 11, 2020 Administrative new VM new VM Administrative for this lab exercise for this lab exercise import, then don't forget to create a snapshot named "base" 1 Administrative

  1. Authentication Authentication September 11, 2020 Administrative – – new VM new VM Administrative for this lab exercise for this lab exercise import, then don't forget to create a snapshot named "base" 1

  2. Administrative – – VM login credentials VM login credentials Administrative fedora30-fall20 student/c$l@bLinuX root /c$l@bLinuX ( mnemonic: compter science lab linux ) kali-linux1.0.7 root/c$l@bLinuX Administrative – Administrative – submittal instructions submittal instructions � answer the lab assignment’s questions in written report form, as a text, pdf, or Word document file (no obscure formats please) � email to csci530l@usc.edu � exact subject title must be “authenticationlab” � deadline is start of your lab session the following week � reports not accepted (zero for lab) if – late – you did not attend the lab (except DEN or prior arrangement) – email subject title deviates 2

  3. Authentication definition Authentication definition � binding an identity to a subject – withdrawing money at a bank counter verifying a bank customer (subject) is the person/name (identity) on a savings account (e.g., by driver's license evaluation) – logging in verifying a keyboard user (subject) is the person/name (identity) on a user account (e.g., by password evaluation) – using a secure website verifying the web server (subject) is that of an organization (identity) (e.g., by digital signature evaluation) “Auth “ Auth” ”entication entication vs vs “ “auth auth” ”orization orization � authentication != authorization – authorization establishes what user can do once authenticated � authentication happens first � authorization comes later – employing the information established during authentication 3

  4. Usage of a login ID Usage of a login ID � user account’s ID number (UID) gets “embedded” in its human user (if any) ’s shell/gui process and other processes they then spawn (which is their job) � user accounts in/of processes are revealed by ps (process status) command in linux the users in/of 3 processes Bigger picture - - how we think of it Bigger picture how we think of it reads user file 4

  5. Bigger picture - Bigger picture - how it actually works how it actually works users don’t read files, processes do UID runs reads user process file program that copies one file to another #include <unistd.h> #include <sys/stat.h> note system calls “open” “read” “write” #include <fcntl.h> They do the file access int main() user? isn’t even mentioned in the calls { char c; int in, out; in = open("file.in", O_RDONLY); out = open("file.out", O_WRONLY|O_CREAT, S_IRUSR|S_IWUSR); while(read(in,&c,1) == 1) write(out,&c,1); exit(0); } Bigger picture - - how it actually works Bigger picture how it actually works AUTHENTICATION HERE up front, determines account same account, carried forward by inheritance from shell process to this spawned one for first (shell) process UID runs reads user process file #include <unistd.h> #include <sys/stat.h> note system calls “open” “read” “write” #include <fcntl.h> They do the file access int main() user? isn’t even mentioned in the calls { char c; int in, out; in = open("file.in", O_RDONLY); out = open("file.out", O_WRONLY|O_CREAT, S_IRUSR|S_IWUSR); while(read(in,&c,1) == 1) write(out,&c,1); exit(0); } 5

  6. Bases for authentication Bases for authentication � something people know � something they have � password � smart card � pin number � sim (subscriber identity module) card � something about them � hardware token � somewhere they are � retina/iris � fingerprint � login only works at certain terminals � DNA � voice � ear � face Extent of authentication Extent of authentication � one or a combination of methods may be used – depending on needed degree of protection – “single-factor” “multi-factor” � examples – system login � for user account, the matching password (single-factor) – system with fingerprint reader (e.g. modern laptop) � for user account, the matching password and finger (2-factor) – ATM transaction � for bank account, the card and matching pin (2-factor) 6

  7. TFA at myviterbi.usc.edu TFA at myviterbi.usc.edu Step 1, 1 st factor Step 2, 2 nd factor Example: passwords Example: passwords � something people know � most common, familiar basis for authentication 7

  8. What’ What ’s makes bad ones? s makes bad ones? � only letters or only numbers (hackme, 09112002) � recognizable words (john1, R2D2) � foreign language words (bonjour1, hastalavistababy) � hacker terminology (H4XOR, 1337) � personal info (names, birthdates, addresses) � reverse words (nauj, esrever) � what do these all have in common? they are predictable What’ ’s makes good ones? s makes good ones? What � at least 8 characters (conventionally, but why 8?? still “enough” today? no) � mixed case � mixed letters and numerals � punctuation/non-alphanumeric symbols included � something you can remember 8

  9. Making a good one Making a good one � think of a memorable phrase – “wasn’t that a dainty dish to set before the king” – “in the beginning god created the heavens and the earth” � make it an acronym – wtaddtsbtk – itbgcthate � substitute non-letters for letters ("leetspeak") – w7@dd7$b7k – i7bgcth@te � capitalize something – w7@DD7$b7k – i7BGCTH@te Forcing strong passwords Forcing strong passwords � create them for users, don’t let users choose them � use PAM’s pam_cracklib module – enforces a password strength policy at creation time � or other PAM password evaluation modules – pam_passwdqc (http://www.openwall.com/passwdqc) 9

  10. PAM architecture ( PAM architecture (“ “pluggable authentication modules pluggable authentication modules” ”) ) 1 2 PAM /etc/pam.d 4 3 PAM-aware applications (e.g., /bin/login /bin/su /bin/ssh /bin/passwd, etc ) per-application configuration files (text) PAM modules (executable) Operation sequence Operation sequence � app calls PAM (1) � PAM reads app’s PAM config file (2) � PAM calls PAM modules as listed in the file (3) – each succeeds or fails independently � PAM itself succeeds or fails, depending on the modules’ outcomes – returns its overall outcome to app (4) � app proceeds (if success) or terminates (if failure) 10

  11. Password crackers Password crackers � John the Ripper (http://www.openwall.com/) � Cain and Abel � hashcat (http://hashcat.net/hashcat/) Is guesswork easy or hard? Is guesswork easy or hard? � an alphabet is a set of symbols � how many words of a certain length can you compose from an alphabet? � depends on – the number of symbols in the alphabet – the particular wordlength 11

  12. Two password strength determinants Two password strength determinants � the number of possible characters it contains – its character set � its length – its character count Is guesswork easy or hard? Is guesswork easy or hard? � a 10-symbol alphabet has � a 2-symbol alphabet has – 10 one-letter words – 2 one-letter words – 100 two-letter words – 4 two-letter words – 1000 three-letter words – 8 three-letter words � a 3-symbol alphabet has � an � -symbol alphabet has – 3 one-letter words – � one-letter words – � 2 two-letter words – 9 two-letter words – � 3 three-letter words – 27 three-letter words – � p p-letter words (alphabet length raised to password length) 12

  13. How many words are there? How many words are there? � 26-letter alphabet, wordlength 3: 26 3 = 17576 � 52-letter alphabet, wordlength 3: 52 3 = 140,608 – double alphabet length yields 8 times as many words � 26-letter alphabet, wordlength 6: 26 6 = 308,915,776 – double word length yields 17576 times as many words � 52-letter alphabet, wordlength 6: 52 6 = 19,770,609,660 � a fish is in a pond – harder to catch in a bigger pond How many words are there? * How many words are there? * Password space: 16-character alphabet 16 64 = 10 77 94-character alphabet comparatively IPv6 94 63 = 10 124 address space, considered 62-character alphabet “really really big” - 10 38 62 63 = 10 112 https://www.grc.com/passwords.htm * i.e. * i.e. “ “What What’ ’s the password space? s the password space?” ” 13

  14. Password strength determinants Password strength determinants � the number of possible characters it contains � its length � the randomness of character selection a 3 rd criterion!! human-dependent! (arguably, the most important factor these days) 2013 dynamic attack, my UCLA server * 2013 dynamic attack, my UCLA server * *but real-world attacks are not “dynamic” they are in-situ at attacker’s place upon an exfiltrated user/password file log file, victim machine � about 700000 login attempts from about 2100 remote IPs � � from several to 53000 login attempts each � using about 26000 user name guesses with unknown password guesses � – but no doubt predicable ones 14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication

288 views • 10 slides
Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a precondition How to authenticate: Something you know Password, Secrets Something you have Smart Card, Token Something you are Biometrie

607 views • 4 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

613 views • 27 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

1.66k views • 27 slides
A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization, Sessions Authentication Determining user identity Multiple ways What you know (password) What you have (phone, RSA SecureID, Yubikey)

1.57k views • 28 slides
Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password Token-based authentication Third party authentication Local Authentication How to store and verify password? Clear Data can be hacked

615 views • 14 slides
The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch

The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch

The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch Security Engineer kbabioch@suse.de New authentication standards ... 2 Some authentication technologies ... 3 - Authentication theory -

1.28k views • 88 slides
Outline Introduction Authentication Basic authentication mechanisms CS 239

Outline Introduction Authentication Basic authentication mechanisms CS 239

Outline Introduction Authentication Basic authentication mechanisms CS 239 Authentication on a single machine Computer Security Authentication across a network February 21, 2007 Lecture 9 Lecture 9 Page 1 Page 2 CS 236,

302 views • 8 slides
I know who you are, but you can't come in Authentication and single sign-on in the SAS platform

I know who you are, but you can't come in Authentication and single sign-on in the SAS platform

I know who you are, but you can't come in Authentication and single sign-on in the SAS platform Agenda Authentication Inbound authentication Outbound authentication Single Sign-on Definitions Stage Process Method Physical

781 views • 48 slides
HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been proposed for applications including: Encryption and authentication For detecting malicious alterations of design components For

645 views • 15 slides
1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern University noubir@ccs.neu.edu Outline Overview of Authentication Systems [Chapter 9] Authentication of People [Chapter 10]

396 views • 17 slides
THE STATE OF AUTHENTICATION Chad Spensky Allthenticate OUTLINE Who am I? Authentication

THE STATE OF AUTHENTICATION Chad Spensky Allthenticate OUTLINE Who am I? Authentication

THE STATE OF AUTHENTICATION Chad Spensky Allthenticate OUTLINE Who am I? Authentication overview Current state of Authentication The future of authentication MY JOURNEY 2012-2015 2004-2011 2015-Present 1998-2004 Staff at MIT

453 views • 34 slides
User Authentication Passport Jason Situ Passport What is it? Passport is authentication

User Authentication Passport Jason Situ Passport What is it? Passport is authentication

User Authentication Passport Jason Situ Passport What is it? Passport is authentication middleware for Node. It is designed to serve a singular purpose: authenticate requests. Supports a comprehensive set of authentication mechanisms called

808 views • 16 slides
HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest mechanisms called challenge-response entity authentication exchange cleartext bitstrings directly, i.e., no cryptographic primitives are used A PUF

1.08k views • 38 slides
Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and

Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and

Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and Schroeder Authentication in general Bishop: Authentication is the binding of an identity to a principal. Network-based authentication mechanisms

1.6k views • 43 slides
Introduction &amp; Language Guessing Data Structures and Algorithms for CL III, WS 2019-2020

Introduction &amp; Language Guessing Data Structures and Algorithms for CL III, WS 2019-2020

Department of General and Computational Linguistics Introduction &amp; Language Guessing Data Structures and Algorithms for CL III, WS 2019-2020 Corina Dima corina.dima@uni-tuebingen.de DSA-CL III course overview What is Data Structures and

528 views • 51 slides
Cost Friendly savings notification More timely (paper, despite delivery of geographical

Cost Friendly savings notification More timely (paper, despite delivery of geographical

Tiered system of DNA (did not attend) calls and letters reminding patients when they are late for a scheduled INR test. Prior to 2011, all reminders sent by mail Implemented Televox reminder calls in 2011 In 2014 we explored impact

397 views • 18 slides
User Needs and Requirements Analysis for Big Data Healthcare Applications Sonja Zillner, Siemens

User Needs and Requirements Analysis for Big Data Healthcare Applications Sonja Zillner, Siemens

User Needs and Requirements Analysis for Big Data Healthcare Applications Sonja Zillner, Siemens AG In collaboration with: Nelia Lasierra, Werner Faix, and Sabrina Neururer MIE 2014 in Istanbul: 01-09-2014 / Zillner BIG 318062 #

267 views • 23 slides
Desiging and improving FRMG, a wide coverage French meta-grammar http://alpage.inria.fr ric de

Desiging and improving FRMG, a wide coverage French meta-grammar http://alpage.inria.fr ric de

Desiging and improving FRMG, a wide coverage French meta-grammar http://alpage.inria.fr ric de la Clergerie &lt; Eric.De_La_Clergerie@inria.fr &gt; INRIA Paris-Rocquencourt / Univ. Paris Diderot A Corua 9 de octubre 2012 INRIA INRIA

559 views • 52 slides
Senior PWP Network 4 June 2019 Andy Wright, IAPT Advisor, Heather Stonebank, Lead PWP

Senior PWP Network 4 June 2019 Andy Wright, IAPT Advisor, Heather Stonebank, Lead PWP

Yorkshire and the Humber Mental Health Network Senior PWP Network 4 June 2019 Andy Wright, IAPT Advisor, Heather Stonebank, Lead PWP Advisor and Sarah Boul, Quality Improvement Manager andywright1@nhs.net,

1.61k views • 112 slides
Judges, Juries, and Judges, Juries, and Scientific Evidence Scientific Evidence Valerie P. Hans

Judges, Juries, and Judges, Juries, and Scientific Evidence Scientific Evidence Valerie P. Hans

Judges, Juries, and Judges, Juries, and Scientific Evidence Scientific Evidence Valerie P. Hans Valerie P. Hans 20110330 1 20110330 1 I ntroduction I ntroduction Most jurors are not screened for

526 views • 42 slides
Welcome Anne Hooper - Event Facilitator, CCG Lay Member for Patient Engagement Purpose of event:

Welcome Anne Hooper - Event Facilitator, CCG Lay Member for Patient Engagement Purpose of event:

Welcome Anne Hooper - Event Facilitator, CCG Lay Member for Patient Engagement Purpose of event: What: One Health Lewisham Patient Participation Group Event Who: Group made up of local PPG representatives Why: Input in to local general

889 views • 54 slides
Discrete Latent Variable Models Stefano Ermon, Aditya Grover Stanford University Lecture 15

Discrete Latent Variable Models Stefano Ermon, Aditya Grover Stanford University Lecture 15

Discrete Latent Variable Models Stefano Ermon, Aditya Grover Stanford University Lecture 15 Stefano Ermon, Aditya Grover (AI Lab) Deep Generative Models Lecture 15 1 / 29 Summary Major themes in the course Representation: Latent variable

612 views • 29 slides

More recommend