Computer Security: Principles and Practice
Computer Security: Principles and Practice
Computer Security: Principles and Practice
First Edition
by William Stallings and Lawrie Brown
credit-card like
has own processor, memory, I/O ports
wired or wireless access by reader
may have crypto co-processor
ROM, EEPROM, RAM memory
executes protocol to authenticate with
reader/computer
also have USB dongles
Biometric Authentication
authenticate user based on one of their
physical characteristics
Operation of
a Biometric
System
Biometric Accuracy
never get identical templates
problems of false match / false non-match
Biometric Accuracy
can plot characteristic curve
pick threshold balancing error rates
Remote User Authentication
authentication over network more complex
problems of eavesdropping, replay
generally use challenge-response
user sends identity
host responds with random number
user computes f(r,h(P)) and sends back
host compares value from user with own
computed value, if match user authenticated
protects against a number of attacks
Authentication Security
Issues
client attacks
host attacks
eavesdropping
replay
trojan horse
denial-of-service
Practical Application
Case Study: ATM Security
Summary
introduced user authentication
using passwords
using tokens
using biometrics
remote user authentication issues
example application and case study