Positive verification of identity (man or machine) Verification of a person’s claimed identity ...
-
Upload
quentin-kennedy -
Category
Documents
-
view
223 -
download
0
Transcript of Positive verification of identity (man or machine) Verification of a person’s claimed identity ...
Marjie Rodrigues411154
--> Security authentication--> Means of authentication
--> Token-Based Authentication
--> Biometric Authentication
Topics:
WHAT IS AUTHENTICATION ?
Positive verification of identity (man or machine)
Verification of a person’s claimed identity
Who are you? Prove it.
Page no:668-69
There are four general means of authenticating a user’s identity, which can be used alone or in combination:
Means of Authentication
1.• Something the individual knows:
Examples includes a password, a personalidentification number (PIN), or answers to a prearranged set of questions.
• Something the individual possesses: Examples include electronic key cards, smart cards, and physical keys. This type of authenticator is referred to as a token.The process of verifying an identity claimed by or for a system entity. An authentication process consists of two steps:• Identification step: Presenting an identifier to the security system. (Identifiersshould be assigned carefully, because authenticated identities are thebasis for other security services, such as access control service.)• Verification step: Presenting or generating authentication information thatcorroborates the binding between the entity and the identifier.
Objects that a user possesses for the purpose of user authentication are called tokens.
Token-Based Authentication
Page no:672-673
1: Memory Cards • Memory cards can store but not process data.
• The most common such card is the bank card with a magnetic stripe on the back.
• A magnetic stripe can store only a simple security code, which can be read (and unfortunately reprogrammed)
by an inexpensive card reader.
• There are also memory cards that include an internal electronic memory.
• Memory cards can be used alone for physical access, such as a hotel room. For computer user authentication, such cards are typically used with some form of password or personal identification number (PIN). A typical application is an automatic teller machine (ATM).
• The memory card, when combined with a PIN or password, provides significantly greater security than a password alone. An adversary must gain physical possession of the card (or be able to duplicate it) plus must gain knowledge of the PIN
Among the potential drawbacks are the following :• Requires special reader: This increases the cost of using the token and createsthe requirement to maintain the security of the reader’s hardware andsoftware.
• Token loss: A lost token temporarily prevents its owner from gaining system access. Thus there is an administrative cost in replacing the lost token. In addition, if the token is found, stolen, or forged, then an adversary now need only determine the PIN to gain unauthorized access.
• User dissatisfaction: Although users may have no difficulty in accepting the use of a memory card for ATM access, its use for computer access may bedeemed inconvenient.
2)STRONG AUTHENTICATION – SMART CARDS
• Smart cards are one way to provide strong authentication of users. The card itself is the item that the user must possess. The second factor may be a PIN, a password, or even a thumbprint. Various existing systems have used all of these
• Authentication becomes even more rigorous by requiring a functional correlation between the two factors. The contents of the smart card cannot be accessed unless the value of the second factor is read by the smart card from the reading device. Specifically, when a user presents a smart card to a reading device such as a computer, the computer reads the PIN (or other second factor) and writes it to the smart card. Only if the PIN matches will the smart card allow the other information it contains to be accessed by the computer
• The most important information passed by the smart card to the computer is, of course, the identity of the user. When the computer receives that identity, the authentication is complete
Verifies an identity by analyzing a unique person attribute or behavior (e.g., what a person “is”).
Most expensive way to prove identity, also has difficulties with user acceptance.
Many different types of biometric systems, know the most common.
13
Biometrics
Page no:673-675
Biometric AuthenticationA biometric authentication system attempts to authenticate an individual based on his or her unique physical characteristics.
These include static characteristics, such as fingerprints, hand geometry, facial characteristics, and retinal and iris patterns;and dynamic characteristics, such as voiceprint and signature.
In essence, biometrics is based on pattern recognition. Compared to passwords and tokens, biometric authentication is both technically complex and expensive. While it is used in a number of specific applications, biometrics has yet to mature as a standard tool for user authentication to computer systems.
PHYSICAL BIOMETRICS Advantages
Cannot be disclosed, lost, forgotten Disadvantages
Cost, installation, maintenanceReliability of comparison algorithms
False positive: Allow access to unauthorized person
False negative: Disallow access to authorized person
Privacy?
Fingerprint Iris Hand Geometry Finger Geometry Face Geometry Ear Shape Retina
• Smell• Thermal Face• Hand Vein• Nail Bed• DNA• Palm Print
BEHAVIORAL BIOMETRICS Signature Voice Keystroke
The most common are the following:
• Facial characteristics: Facial characteristics are the most common means ofhuman-to-human identification; thus it is natural to consider them for identificationby computer.The most common approach is to define characteristicsbased on relative location and shape of key facial features, such as eyes eyebrows, nose, lips, and chin shape. An alternative approach is to use an infraredcamera to produce a face thermogram that correlates with the underlyingvascular system in the human face
.
Fingerprints: Fingerprints have been used as a means of identification for centuries,and the process has been systematized and automated particularly forlaw enforcement purposes. A fingerprint is the pattern of ridges and Furrows on the surface of the fingertip. Fingerprints are believed to be unique across the entire human population. In practice, automated fingerprint recognition and matching system extract a number of features from the fingerprint for storage as a numerical surrogate for the full fingerprint pattern.
• Hand geometry: Hand geometry systems identify features of the hand, includingshape, and lengths and widths of fingers.
• Retinal pattern: The pattern formed by veins beneath the retinal surface is unique and therefore suitable for identification. A retinal biometric system obtains a digital image of the retinal pattern by projecting a low-intensity beam of visual or infrared light into the eye.
• Iris: Another unique physical characteristic is the detailed structure of the iris.
• Signature: Each individual has a unique style of handwriting, and this is reflectedespecially in the signature, which is typically a frequently written sequence.However, multiple signature samples from a single individual will not be identical.This complicates the task of developing a computer representation of thesignature that can be matched to future samples.
• Voice: Whereas the signature style of an individual reflects not only the uniquephysical attributes of the writer but also the writing habit that has developed,voice patterns are more closely tied to the physical and anatomical characteristicsof the speaker. Nevertheless, there is still a variation from sample to sample overtime from the same speaker, complicating the biometric recognition task.
Textbook:Operating Systems –William Stallings
--> What d u mean by authentication???
-->what are the Means of authentication??
What are Token-Based Authentication
-->explain Biometric Authentication
questions:
Thank u