密码学基础09-10 Authentication 身份认证 復大辱软件学院
1 密码学基础 09-10 Authentication -身份认证
内容间的联系 应用密码学基础 密码学 基本理论成熟 密码解决方案 应用相当广泛 PK、数字证书 身份认证、安全协议等 復大辱软件学院
2 内容间的联系 密码学 基本理论-成熟 应用密码学基础 密码解决方案 应用相当广泛 PKI、数字证书; 身份认证、安全协议等
Outline of talk · Definitions Passwords Unix Passwords One time passwords Challenge-response techniques 復大辱软件学院
3 Outline of Talk • Definitions • Passwords – Unix Passwords – One time passwords • Challenge-response techniques
Definitions Authentication a claimant tries to show a verifier that the claimant is as declared identification Different from message authentication which enables the recipient to verify that messages have not been tampered with in transit data integrity) and that they originate from the expected sender(authenticity) 復大辱软件学院
4 Definitions Authentication: • A claimant tries to show a verifier that the claimant is as declared – identification • Different from message authentication – which enables the recipient to verify that messages have not been tampered with in transit (data integrity) and that they originate from the expected sender (authenticity)
Definitions Authentication ·消息认证/报文的鉴别 身份认证 Message authentication has no timeliness Entity authentication happens in real time 双向和单向认证 復大辱软件学院
5 Definitions Authentication • 消息认证/报文的鉴别 • 身份认证 – Message authentication has no timeliness – Entity authentication happens in real time • 双向和单向认证
efa A good authentication scheme is ■■ Sound: an honest party can successfully authenticate him/herself Non-transferable No impersonation all this is true even when a large number of authentications are observed Eve is able to spoofleavesdrop Multiple instances are run simultaneously 復大辱软件学院
6 A good authentication scheme is… • Sound: an honest party can successfully authenticate him/herself • Non-transferable • No impersonation • All this is true even when – A large number of authentications are observed – Eve is able to spoof/eavesdrop – Multiple instances are run simultaneously
ot Basis of Authentication Something known- passwords PINS, keys Something possessed -cards handhelds Something inherent - biometrics 復大辱软件学院
7 Basis of Authentication • Something known - passwords, PINs, keys… • Something possessed - cards, handhelds… • Something inherent - biometrics
PINS and keys Long key on physical device(card), short Pin to remember Pin unlocks long key Need possession of both card and pIn Provides two-level security 復大辱软件学院
8 PINs and keys • Long key on physical device (card), short PIN to remember • PIN unlocks long key • Need possession of both card and PIN • Provides two-level security
Outline of talk Definitions · Passwords Unix Passwords One time passwords Challenge-response techniques 復大辱软件学院
9 Outline of Talk • Definitions • Passwords – Unix Passwords – One time passwords • Challenge-response techniques
ef Basic password authentication ° Setup User chooses password Hash of password stored in password file Authentication User logs into system, supplies password System computes hash compares to file 復大辱软件学院
10 Basic password authentication • Setup – User chooses password – Hash of password stored in password file • Authentication – User logs into system, supplies password – System computes hash, compares to file