SECURITY IN COMPUTING FIETH EDITION Chapter 2: Toolbox: Authentication, Access Control, and Cryptography 授课教师:高海波 可南中医药大学 信息管理与信息系统教研室 From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
SECURITY IN COMPUTING, FIFTH EDITION Chapter 2: Toolbox: Authentication, Access Control, and Cryptography From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 1 授课教师:高海波 河南中医药大学 信息管理与信息系统教研室
2 Objectives for Chapter 2 Survey authentication mechanisms List available access control implementation options Explain the problems encryption is designed to solve Understand the various categories of encryption tools as well as the strengths, weaknesses, and applications of each Learn about certificates and certificate authorities From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
Objectives for Chapter 2 • Survey authentication mechanisms • List available access control implementation options • Explain the problems encryption is designed to solve • Understand the various categories of encryption tools as well as the strengths, weaknesses, and applications of each • Learn about certificates and certificate authorities 2 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
3 Authentication The act of proving that a user is who she says she is Methods Something the user knows Something the user is Something user has From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
Authentication • The act of proving that a user is who she says she is • Methods: • Something the user knows • Something the user is • Something user has 3 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
Something You Know Passwords Security questions Attacks on something you know' Dictionary attacks Inferring likely passwords/answers Guessing Defeating concealment Exhaustive or brute-force attack Rainbow tables From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
Something You Know • Passwords • Security questions • Attacks on “something you know”: • Dictionary attacks • Inferring likely passwords/answers • Guessing • Defeating concealment • Exhaustive or brute-force attack • Rainbow tables 4 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
5 Distribution of Password Types One character 09 Oth d Two character passwords 14% Ihree characters Words dictionaries or lists of names Four characters 15 all letter Six letter Five letters all same case From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
Distribution of Password Types 5 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved