CSCE 201 Identification and Authentication Microsoft support Fall 2010

CSCE 201CSCE 201

Identification and Identification and Authentication Authentication

Microsoft supportMicrosoft supportFall 2010Fall 2010

CSCE 201 - Farkas 2

One-time PasswordOne-time Password

Use the password exactly once!

CSCE 201 - Farkas 3

Time SynchronizedTime Synchronized

There is a hand-held authenticator– It contains an internal clock, a secret key, and a display– Display outputs a function of the current time and the

key– It changes about once per minute

User supplies the user id and the display value Host uses the secret key, the function and its clock

to calculate the expected output Login is valid if the values match

CSCE 201 - Farkas 4

Time SynchronizedTime Synchronized

Secret key

Time

One Time PasswordEncryption

CSCE 201 - Farkas 5

Challenge ResponseChallenge Response

Work station Host

Network

• Non-repeating challenges from the host is used• The device requires a keypad

User ID

Challenge

Response

CSCE 201 - Farkas 6

Challenge ResponseChallenge Response

Secret key

Challenge

One Time PasswordEncryption

CSCE 201 - Farkas 7

Devices with Personal Devices with Personal Identification Number (PIN)Identification Number (PIN)

Devices are subject to theft, some devices require PIN (something the user knows)

PIN is used by the device to authenticate the user

Problems with challenge/response schemes– Key database is extremely sensitive– This can be avoided if public key algorithms

are used

CSCE 201 - Farkas 8

Smart CardsSmart CardsPortable devices with a CPU, I/O ports, and

some nonvolatile memoryCan carry out computation required by

public key algorithms and transmit directly to the host

Some use biometrics data about the user instead of the PIN

CSCE 201 - Farkas 9

BiometricsBiometricsFingerprintRetina scanVoice patternSignatureTyping style

CSCE 201 - Farkas 10

Problems with BiometricsProblems with Biometrics Expensive

– Retina scan (min. cost) about $ 2,200– Voice (min. cost) about $ 1,500– Signature (min. cost) about $ 1,000

False readings– Retina scan 1/10,000,000+– Signature 1/50– Fingerprint 1/500

Can’t be modified when compromised


Home Computer SecurityHome Computer Security


Required reading:•Forgotten your Windows XP Home password? - Part 1: Introduction, http://support.microsoft.com/kb/894900 •Forgotten your Windows XP Home password? - Part 2: Using a password reset disk, http://support.microsoft.com/kb/894901/en-us •Forgotten your Windows XP Home password? - Part 3: Setting a new password as an administrator, http://support.microsoft.com/kb/894902/en-us


Problem: You don’t remember Problem: You don’t remember your password your password

Solutions: 1. Verify that you have typed the letters of

your password in the correct case 2. Access a password hint on the Welcome

screen3. Use a password reset disk 4. Log on as administrator to assign a new

password to your account


Password Case Sensitivity Password Case Sensitivity

Check CAPS LOCK key

Question: Why do you want to use combination of symbols for your password?


Use a Password HintUse a Password Hint Create a password hint:

– Log on to your computer – Click Start, and then click Control Panel– Double-click User Accounts– Click your user account, and then click Change my

password – Enter your current password, enter a new password, and then

enter the new password again to confirm it– Enter the password hint, and then click Change Password– The change will take effect the next time that you log on

To display the hint, click the question mark (?) that is next to your user account


Create a Password Reset DiskCreate a Password Reset Disk

Click Start, and then click Control Panel Double-click User Accounts Click your user account, and then click Prevent

a forgotten password. The Forgotten Password Wizard starts

Follow the instructions NOTE: A password reset disk is valid until you

create a new one; even if you change your password


Using the Password Reset DiskUsing the Password Reset Disk

Create a password reset disk for your user account at the earliest opportunity

How to use the password reset disk – Microsoft Windows remembers if you have created a

password reset disk. Just click use your password reset disk

– Follow the instructions of the Password Reset Wizard

Question: Why should you safeguard your password reset disk?


Set a New Password as an Set a New Password as an AdministratorAdministrator

Start the computer in Safe Mode Log on as administrator – first time login as

administrator: no password assigned to the account

Reset the password


Reset the PasswordReset the Password

Click Start, click Control Panel, and then double-click User Accounts

Click your user account, and then click Change the password

Enter a new password, enter it again to confirm the password, and then set a password hint. Click Change Password

Set a password for the administrator account if you had none

Question: Why is it recommended that you assign a password to the Administrator account?


Beware of Social Engineering!Beware of Social Engineering!

Kevin Mitnick story T. Espiner: Newsmaker: Kevin Mitnick, the great

pretender, CNET News, 2006, http://news.cnet.com/Kevin-Mitnick,-the-great-pretender/2008-1029_3-6083668.html

T. Shimomura and J. Markoff, Takedown: The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Computer Outlaw-By the Man Who Did It, 1996, http://www.amazon.com/Takedown-Pursuit-Americas-Computer-Outlaw/dp/0786889136

Question: Would you hire a reformed hacker to maintain your security?

Next ClassNext ClassAccess Control

An Introduction to Computer Security: The NIST Handbook, http://csrc.nist.gov/publications/nistpubs/800-12/handbook.pdf : Chapter 17, LOGICAL ACCESS CONTROL, pages 194 - 207Microsoft support, Use access control to restrict who can use your files , 2001, 2005, http://www.microsoft.com/windowsxp/using/security/learnmore/accesscontrol.mspx Sudhakar Govindavajhala and Andrew W. Appel, Windows Access Control Demystied, 2006, http://www.cs.princeton.edu/~appel/papers/winval.pdf

Documents

CSCE 201 Identification and Authentication Microsoft support Fall 2010