复旦大学：《信息安全》教学课件_09 Authentication and supplements

Information Security 09 Authentication Chapter14 and supplements 復大软件学院

1 Information Security 09 Authentication Chapter14 and supplements

内容间的联系 安全理论 密码学 基本理论成熟 应用相当广泛 访问控制、认证、 PK、数字证书等 什么是 信息安全? 讨论、总结、清晰 代码安全 网络安全 復大软件学院

2 内容间的联系 密码学 基本理论-成熟 安全理论 应用相当广泛 访问控制、认证、 PKI、数字证书等 什么是 信息安全? 讨论、总结、清晰 代码安全 网络安全

Review:安全层次 应用安全 系统安全 网络安全 安全协议 安全的密码算法 復大软件学院

3 Review: 安全层次 安全的密码算法 安全协议 网络安全 系统安全 应用安全

Outline of Talk Definitions · Passwords Unix Passwords One time passwords Challenge-response techniques 復大软件学院

4 Outline of Talk • Definitions • Passwords – Unix Passwords – One time passwords • Challenge-response techniques

Definitions Authentication a claimant tries to show a verifier that the claimant is as declared identification Different from message authentication which enables the recipient to verify that messages have not been tampered with in transit (data integrity)and that they originate from the expected sender(authenticity) 復大软件学院

5 Definitions Authentication: • A claimant tries to show a verifier that the claimant is as declared – identification • Different from message authentication – which enables the recipient to verify that messages have not been tampered with in transit (data integrity) and that they originate from the expected sender (authenticity)

Definitions Authentication ·消息认证/报文的鉴别 ·身份认证 Message authentication has no timeliness Entity authentication happens in real time ·双向和单向认证 復大软件学院

6 Definitions Authentication • 消息认证/报文的鉴别 • 身份认证 – Message authentication has no timeliness – Entity authentication happens in real time • 双向和单向认证

e A good authentication scheme is Sound an honest party can successfully authenticate him/herself ·Non- transferable No impersonation all this is true even when a large number of authentications are observed Eve is able to spoof/eavesdrop Multiple instances are run simultaneously 復大软件学院

7 A good authentication scheme is… • Sound: an honest party can successfully authenticate him/herself • Non-transferable • No impersonation • All this is true even when – A large number of authentications are observed – Eve is able to spoof/eavesdrop – Multiple instances are run simultaneously

cott Basis of Authentication Something known-passwords PINS, keys ■■ Something possessed-cards handhelds Something inherent-biometrics 8 復大软件学院

8 Basis of Authentication • Something known - passwords, PINs, keys… • Something possessed - cards, handhelds… • Something inherent - biometrics

PINs and keys Long key on physical device(card), short Pin to remember Pin unlocks long key Need possession of both card and PIN Provides two-level security 復大软件学院

9 PINs and keys • Long key on physical device (card), short PIN to remember • PIN unlocks long key • Need possession of both card and PIN • Provides two-level security

Outline of Talk Definitions · Passwords Unix Passwords One time passwords Challenge-response techniques 復大软件学院

10 Outline of Talk • Definitions • Passwords – Unix Passwords – One time passwords • Challenge-response techniques