《网络安全 Network Security》教学资源(PPT讲稿)Topic 3 User Authentication
团购合买资源类别:文库,文档格式:PPTX,文档页数:72,文件大小:5.44MB
Network Security Topic 3: User Authentication
Network Security Topic 3: User Authentication Topic 3: User Authentication 12/3/2021
Reading for this Lecture Wikipedia Password Password strengt KEEP Salt_(cryptography) Password cracking CALMI Trusted path AND One time password LOVE READINGa)
Reading for this Lecture • Password • Password strength • Salt_(cryptography) • Password cracking • Trusted path • One time password Topic 3: User Authentication 22/3/2021
Important Takeaway Message Thinking about security is to consider and weigh in different trade-offs Understanding and proper usages of some basic terminologies are Important
Important Takeaway Message Thinking about security is to consider and weigh in different trade-offs Understanding and proper usages of some basic terminologies are important Topic 3: User Authentication 32/3/2021
Three as of information Security Authentication VS Access Control VS Audit
Three A’s of Information Security Authentication vs. Access Control vs. Audit Topic 3: User Authentication 42/3/2021
Authentication, Authorization and audit Authentication It is the process of determining whether somebody is who he/she is claiming to bei Access control It is the process of determining whether an action is allowed with respect to some well defined rules or policies Audit Record everything to identify attackers after the fact
Authentication, Authorization, and Audit • Authentication • It is the process of determining whether somebody is who he/she is claiming to be • Access control • It is the process of determining whether an action is allowed with respect to some welldefined rules or policies • Audit • Record everything to identify attackers after the fact Topic 3: User Authentication 52/3/2021
Authentication and access control (From Wikipedia) Authentication is the act of establishing or confirming something(or someone) as authentic, that is, that claims made by or about the subject are true. This might involve confirming the identity of a person, tracing the origins of an artifact, ensuring that a product is what its packaging and labeling claims to be, or assuring that a computer program is a trusted one Access control is a system which enables an authority to control access to areas and resources in a given physical facility or computer-based information system
Authentication and Access Control (From Wikipedia) • Authentication is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the subject are true. This might involve confirming the identity of a person, tracing the origins of an artifact, ensuring that a product is what its packaging and labeling claims to be, or assuring that a computer program is a trusted one • Access control is a system which enables an authority to control access to areas and resources in a given physical facility or computer-based information system Topic 3: User Authentication 62/3/2021
Why Audit? Do not have enough information during decision making time to make a HOSPITAL judgment whether an access request is valid SPEED It is difficult to weigh in all possible LIMIT conditions of a valid access request 65 Specially relevant when legitimacy of access request depends on contextual information
Why Audit? • Do not have enough information during decision making time to make a judgment whether an access request is valid • It is difficult to weigh in all possible conditions of a valid access request • Specially relevant when legitimacy of access request depends on contextual information Topic 3: User Authentication 72/3/2021
Our concentration today is user authentication
Our concentration today is user authentication Topic 3: User Authentication 82/3/2021
Scenarios Requiring User Authentication Logging into a local computer Logging into a remote computer Logging into a network Accessing websites (A)I am John (B)Yeah, Right. (C)I am John, here is my token (D)OKAY 9
Scenarios Requiring User Authentication • Logging into a local computer • Logging into a remote computer • Logging into a network • Accessing websites (A) I am John (B) Yeah, Right. (C) I am John, here is my token (D) OKAY Topic 3: User Authentication 92/3/2021
Authentication token Based on something the user know EXample: Passphrase, password Based on something the user possesses Example: Smart card or token Based on something the user is Example: Biometric
Authentication Token • Based on something the user know • Example: Passphrase, password • Based on something the user possesses • Example: Smart card or token • Based on something the user is • Example: Biometric Topic 3: User Authentication 102/3/2021
