ComputerSecurity-原理与相关技术-用户认证.pptVIP

Computer Security 原理与相关技术 User Authentication(Ch3) Agenda 3.1 Means of User Authentication 3.2 Password-based Authentication Agenda 3.1 Means of User Authentication 3.2 Password-based Authentication User Authentication fundamental security building block basis of access control user accountability is the process of verifying an identity claimed by or for a system entity（RFC 2828） has two steps: identification - specify identifier verification - bind entity (person) and identifier distinct from message authentication Means of User Authentication four means of authenticating users identity based one something the individual knows - e.g. password, PIN possesses (token) - e.g. key, smart cards is (static biometrics) - e.g. fingerprint, retina does (dynamic biometrics) - e.g. voice, sign can use alone or combined all can provide user authentication all have issues Agenda 3.1 Means of User Authentication 3.2 Password-based Authentication Password Authentication widely used user authentication method user provides name/login and password system compares password with that saved for specified login authenticates ID of user logging and that the user is authorized to access system determines the user’s privileges is used in discretionary access control (自主访问控制) Vulnerabilities Countermeasures Store NOT the user’s password but a one-way hash function of the password offline dictionary attack prevent unauthorized access to the password file intrusion detection measures to identify a compromise rapid re-issuance of passwords should the password file be compromised specific account attack Account lockout mechanism (5 access attempts) Vulnerabilities Countermeasures popular password attack policies to inhibit the selection by users of common passwords scanning IP address of requests and client cookies for submission patterns password guessing against single user training enforcement of policies workstation hijacking automatically logging the workstation out Intrusion detecti