Authentication Methods: Passwords, Kerberos, CHAP, Mutual Auth, Certificates, Tokens, Biom, Slides of Cryptography and System Security

Download Authentication Methods: Passwords, Kerberos, CHAP, Mutual Auth, Certificates, Tokens, Biom and more Slides Cryptography and System Security in PDF only on Docsity!

Authentication

Chapter 2

Learning Objectives

^

Create strong passwords and store themsecurely ^

Understand the Kerberos authenticationprocess ^

Understand how CHAP works ^

Understand what mutual authentication isand why it is necessary ^

Understand how digital certificates arecreated and why they are used

continued…

Security of System Resources

^

Three-step process (AAA)^ ^

Authentication^  Positive identification of person/system seekingaccess to secured information/services ^ Authorization

^ Predetermined level of access to resources ^ Accounting

^ Logging use of each asset

Authentication Techniques

^

Usernames and passwords ^

Kerberos ^

Challenge Handshake Authentication Protocol(CHAP) ^

Mutual authentication ^

Digital certificates ^

Tokens ^

Biometrics ^

Multifactor authentication

Basic Rules for Password Protection

Memorize passwords; do not write themdown

Use different passwords for differentfunctions

Use at least 6 characters

Use mixture of uppercase and lowercaseletters, numbers, and other characters

Change periodically

Strong Password Creation

Techniques

^

Easy to remember; difficult to recognize ^

Examples:^ ^

First letters of each word of a simple phrase;add a number and punctuation^  Asb4M? ^ Combine two dissimilar words and place anumber between them

^ SleigH9ShoE ^ Substitute numbers for letters (not obviously)

Storing Passwords

^

Written^ ^

Keep in a place you are not likely to lose it  Use small type  Develop a personal code to apply to the list ^

Electronic^ ^

Use a specifically designed application(encrypts data)

Kerberos

^

Provides secure and convenient way to accessdata and services through:^ ^

Session keys  Tickets  Authenticators  Authentication servers  Ticket-granting tickets  Ticket-granting servers  Cross-realm authentication

Kerberos in a Simple Environment^ 

Checksum^ 

Small, fixed-length numerical value  Computed as a function of an arbitrary numberof bits in a message  Used to verify authenticity of sender

Kerberos in a Simple Environment

Kerberos in a More Complex

Environment

Kerberos in Very Large

Network Systems

^

Cross-realm authentication^ ^

Allows principal to authenticate itself to gainaccess to services in a distant part of aKerberos system

Security Weaknesses of Kerberos^ 

Does not solve password-guessing attacks  Must keep password secret  Does not prevent denial-of-service attacks  Internal clocks of authenticating devicesmust be loosely synchronized  Authenticating device identifiers must notbe recycled on a short-term basis

Challenge Handshake Authentication

Protocol (CHAP)

^

PPP mechanism used by an authenticatorto authenticate a peer ^

Uses an encrypted challenge-and-responsesequence