Scribd
Upload
56 views17 pages

03 Ch3 - User Authentication Methods

User authentication is the process of verifying a user's identity through various methods, including knowledge-based, possession-based, and biometric authentication. Each method has its strengths and weaknesses, with passwords being the most common yet weakest form of security, while biometrics offer advanced security but can be complex and intrusive. Scenarios requiring authentication include logging into computers, networks, and websites, highlighting the importance of secure access control in computer systems.

Uploaded by

ypt8p82wcd
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
56 views17 pages

03 Ch3 - User Authentication Methods

User authentication is the process of verifying a user's identity through various methods, including knowledge-based, possession-based, and biometric authentication. Each method has its strengths and weaknesses, with passwords being the most common yet weakest form of security, while biometrics offer advanced security but can be complex and intrusive. Scenarios requiring authentication include logging into computers, networks, and websites, highlighting the importance of secure access control in computer systems.

Uploaded by

ypt8p82wcd
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd

User Authentication

Methods
Authentication and
identification
• Most computer systems are protected through a
process of user identification and authentication
• Identification is typically non-private information
provided by the user to identify him/her, and
can be known by other system users (e.g.,
name, user ID, E-mail address).
• Authentication provides secret and private
information.
User authentication

• Authentication: is the act of proving an


assertion, such as the identity of a computer
system user.
• Authentication is used to verify that you are
who you say you are.
• is the process of recognizing a user's identity
Scenarios Requiring User
Authentication

• Scenarios
• Logging into a local computer
• Logging into a computer remotely
• Logging into a network
• Access web sites

Topic 7: User Authentication CS526 4


User Authentication
• Authentication methods can be classified into three
types:
(1)Knowledge-based authentication (KBA) - something the user
knows,
(2)Possession-based authentication (PBA) or Token - something
the user has
(3)Biometrics-based authentication (BBA) - something the user
is.
• Can use alone or combined
• All can provide user authentication
• All have issues

( Some thing you know, Some thing you have, Some thing you
are)
USER AUTHENTICATIN
Authentication Methods
Others
Knowledge Biometric Possession (Token) mechanisms
What you know? what you have?
What you are? Where you are?
When you login?
How long time
you take to
Behavioural login?
Physiological

Password, Voice, gait, Smart card,


Face (2D/3D facial images, facial keystroke, memory card
personal
IR thermogram), hand signature, hardware
identification
(fingerprint, hand geometry, mouse tokens.
number (PIN),
palmprint, hand IR thermogram), movement, puls.
challenge Location, IP
eye (iris and retina), ear, skin,
questions. address,
odor, dental, and DNA. Soft
biometric (gender, age, height, timestamp.
weight, ethnicity, and eye colour).
KBA

• The most widely used types of authentication are


knowledge-based
• It requires knowledge of an individual’s private
information to grant access to the protected
material, including user ID, password, and a
challenge question scheme.
Authentication: Passwords
• Passwords are memorable, inexpensive, simple to use,
and attractive to users
• Strong passwords are sometimes difficult to remember
• Also the weakest form of access control
• Lazy users’ passwords: 1234, password, etc.
• Guessing attack
• Can be overcome using dictionary, brute force attacks
• Requires administrative controls to be effective
• Minimum length/complexity
• Combining letters and numbers /symbols
• Password aging
• Limit failed attempts
Simple Password
Authentication
User Name,
Password

/etc/shadow
Authentication state

9
KBA
• Challenge or “security” questions are widely
used as an approach to reset passwords and
avoid the additional costs of hiring customer
representatives .
• security questions are weak!!
• because attackers constantly attempt to guess
or infer security question answers.
• Many users also fail to answer their own
challenge questions
Authentication: Biometrics
• defined as the identification of the user depending
on the physiological and behavioral
characteristics
• Physiological biometrics are based on the user's stable
physical attributes
• include Face , fingerprint, ,palm print, Eye (iris and retina),
Ear, Skin, odor, Dental and DNA

• Behavioral biometrics are based on the user behavioral


attributes that are considered as learned movements.
• Commonly used behavioral characteristics include: voice,
gait, signature, mouse movement, keystroke.
BBA (Finger print)
• One of the most advanced and secure
security methods available are fingerprint
sensors.
• Prone to error:
• Strong authentication when it works
• Does not work well in all applications
• Fingerprint readers becoming more common on many
devices.
BBA (Finger print)
• What advantages does it have? For the
moment, it is the safest authentication
method.
• It is also the easiest and fastest to use.
• Disadvantages
• Biometric authentications are technically complex and
usually expensive because they require special hardware
• intrusive and violate personal privacy
Face Recognition (Face
Unlock):
• Medium Security
• Although during its launch it generated
many expectations for the innovative that it
seemed at the time, very soon the Face Unlock
proved to be very unsafe, since it was
demonstrated that it was relatively easy to
cheat it using a high resolution photograph , or
even a video.
Face Recognition (Face Unlock):

• What are the disadvantages? Within the category of


security biometric systems to which the Face Unlock
belongs, this particular recognition method has not
proven to be the most reliable and efficient, at least as
we know it today.

• What advantages does it have? Although currently it is


not a particularly safe method, the Face Unlock has been
improving, so now it is necessary to blink to identify
yourself . On the other hand, if you are not a very public
figure and it is not easy to find photographs of yourself, it
can be a safer alternative.
Authentication: (PBA) Smart Cards/
Security Tokens

• Authentication based on private objects that the user


has; is referred to as Possession-Based Authentication
(PBA)
• A token is typically a hardware device that can be stored
in a pocket or on a key chain and carried with the user.
• More expensive, harder to implement
• Vulnerability: prone to loss or theft
• Very strong when combined with another form of
authentication, e.g., a password
• Does not work well in all applications
• Try carrying a smart card in addition to a mobile
device!
Authentication: Comparison
Passwords Smart Cards Biometrics
Security Weak Strong Strong
Ease of Use Easy Medium Easy
Implementation Easy Hard Hard
Works for phones Yes No yes

You might also like