basis of identification · Something you know Passwords, PINs, secret keys, your mother's maiden name Something you have Magnetic cards smart cards, physical keys handheld password generators · Something you are biometrics(DNA, signatures fingerprints voice, retinal patterns, hand geometries typing dialect/profiling)
6 basis of identification • Something you know – Passwords, PINs, secret keys, your mother’s maiden name • Something you have – Magnetic cards, smart cards, physical keys, handheld password generators. • Something you are – biometrics (DNA, signatures, fingerprints, voice, retinal patterns, hand geometries, typing dialect/profiling)
basis of identification Biometrics have major problems in real world situations How do you revoke keys? Biology is messy We leave dna, fingerprints everywhere just ask OJ How do you give a mugger your fingerprint? How do you authenticate if he's just hit ? you in the eye
7 basis of identification – Biometrics have major problems in real world situations • How do you revoke keys? • Biology is messy –We leave DNA, fingerprints everywhere - just ask OJ • How do you give a mugger your fingerprint? • How do you authenticate if he’s just hit you in the eye?
attacks on authentication Impersonation Replay · Interleaving impersonation involving selective combination of information from one or more previous or simultaneous sessions Reflection an interleaving attack involving sending information from an ongoing authentication session back to the originator
8 attacks on authentication • Impersonation • Replay • Interleaving – impersonation involving selective combination of information from one or more previous or simultaneous sessions • Reflection – an interleaving attack involving sending information from an ongoing authentication session back to the originator
attacks on authentication Forced delay adversary intercepts a message and relays it at some later point in time(note: not the same as replay) Chosen-text attack on challenge-response where an adversary chooses challenges in an attempt to extract the secret key
9 attacks on authentication • Forced delay – adversary intercepts a message and relays it at some later point in time (note: not the same as replay) • Chosen-text – attack on challenge-response where an adversary chooses challenges in an attempt to extract the secret key
Simple authentication: 1 st Attempt Alice Alice.k③象 Bob 分=K AB Eve
10 Eve Simple Authentication: 1st Attempt Alice Bob Alice, KAB = KAB