《网络安全 Network Security》教学资源（PPT讲稿）Topic 3 User Authentication

Network Security Topic 3: User Authentication

Network Security Topic 3: User Authentication Topic 3: User Authentication 12/3/2021

Reading for this Lecture Wikipedia Password Password strengt KEEP Salt_(cryptography) Password cracking CALMI Trusted path AND One time password LOVE READINGa)

Reading for this Lecture • Password • Password strength • Salt_(cryptography) • Password cracking • Trusted path • One time password Topic 3: User Authentication 22/3/2021

Important Takeaway Message Thinking about security is to consider and weigh in different trade-offs Understanding and proper usages of some basic terminologies are Important

Important Takeaway Message Thinking about security is to consider and weigh in different trade-offs Understanding and proper usages of some basic terminologies are important Topic 3: User Authentication 32/3/2021

Three as of information Security Authentication VS Access Control VS Audit

Three A’s of Information Security Authentication vs. Access Control vs. Audit Topic 3: User Authentication 42/3/2021

Authentication, Authorization and audit Authentication It is the process of determining whether somebody is who he/she is claiming to bei Access control It is the process of determining whether an action is allowed with respect to some well defined rules or policies Audit Record everything to identify attackers after the fact

Authentication, Authorization, and Audit • Authentication • It is the process of determining whether somebody is who he/she is claiming to be • Access control • It is the process of determining whether an action is allowed with respect to some well￾defined rules or policies • Audit • Record everything to identify attackers after the fact Topic 3: User Authentication 52/3/2021

Authentication and access control (From Wikipedia) Authentication is the act of establishing or confirming something(or someone) as authentic, that is, that claims made by or about the subject are true. This might involve confirming the identity of a person, tracing the origins of an artifact, ensuring that a product is what its packaging and labeling claims to be, or assuring that a computer program is a trusted one Access control is a system which enables an authority to control access to areas and resources in a given physical facility or computer-based information system

Authentication and Access Control (From Wikipedia) • Authentication is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the subject are true. This might involve confirming the identity of a person, tracing the origins of an artifact, ensuring that a product is what its packaging and labeling claims to be, or assuring that a computer program is a trusted one • Access control is a system which enables an authority to control access to areas and resources in a given physical facility or computer-based information system Topic 3: User Authentication 62/3/2021

Why Audit? Do not have enough information during decision making time to make a HOSPITAL judgment whether an access request is valid SPEED It is difficult to weigh in all possible LIMIT conditions of a valid access request 65 Specially relevant when legitimacy of access request depends on contextual information

Why Audit? • Do not have enough information during decision making time to make a judgment whether an access request is valid • It is difficult to weigh in all possible conditions of a valid access request • Specially relevant when legitimacy of access request depends on contextual information Topic 3: User Authentication 72/3/2021

Our concentration today is user authentication

Our concentration today is user authentication Topic 3: User Authentication 82/3/2021

Scenarios Requiring User Authentication Logging into a local computer Logging into a remote computer Logging into a network Accessing websites (A)I am John (B)Yeah, Right. (C)I am John, here is my token (D)OKAY 9

Scenarios Requiring User Authentication • Logging into a local computer • Logging into a remote computer • Logging into a network • Accessing websites (A) I am John (B) Yeah, Right. (C) I am John, here is my token (D) OKAY Topic 3: User Authentication 92/3/2021

Authentication token Based on something the user know EXample: Passphrase, password Based on something the user possesses Example: Smart card or token Based on something the user is Example: Biometric

Authentication Token • Based on something the user know • Example: Passphrase, password • Based on something the user possesses • Example: Smart card or token • Based on something the user is • Example: Biometric Topic 3: User Authentication 102/3/2021