Information Security - User Authentication

정보 보안 - User Authentication Part 중요 개념

Password Selection Strategies

1. User Education

Users can be told the importance of using hard to guessing passwords and can be provided with guidelines for selecting strong passwords.

2. Computer Genereated Passwords

Users have trouble to remembering them

3. Reactive Password Checking

System periodically runs its own password crackers to find guessable passwords

4. Complex Password Policy

• User is allowed to select their own passwords, however the system checks to see if the password is allowable, and if not, rejects it.
• Goal is to eliminate guessable passwords while allowing the user to select a password that is memorable.

---

Password Cracking User-Chosen Password

1. Dictionary Attack

2. Rainbow tables Attack

3. Password Crackers exploit the fact that the people choose easily guessable passwords

4. John the Ripper Attack

---

Password Vulnerability

1. Offline Dictionary Attack
2. Specific Account Attack
3. Popular Password Attack
4. Password Guessing against Single User
5. Workstation Hijacking
6. Exploiting user mistakes
7. Exploiting multiple password use
8. Electronic Monitoring

---

Bloom Filter

• False Positive can occurs
• More functions with greater hash table reduce the false positive probability

---

Password based Authentication VS Biometric based Authentication VS Token based Authentication

1. Password based Authentication

• Users provide name/login and password.
• System compares password with the one stored for that specified login.
• It has many vulnerabilities about password based authentication because of human's limitation about remembering.

2. Biometric based Authentication

• It attempts to authenticate an individual based on unique phsical characteristics.
• It is technically complex and expensive when compared with pwds and tokens.
• based on pattern recognition
• Biometrics Authentication requires a special type of hardware in both client and server side for used remote authentication.

3. Token based Authentication

• Physical Tokens are expensive and inconvinient to manage if # of tokens increases.
• It is used token which is objects that a user possesses for a purpose of user authentication.

---

Actual Biometric Measurement Operation Characteristic Curves 순서

Face -> Fingerprint -> Voice -> Hand -> Iris

Cost vs Accuracy of Various Biometric Characteristics 순서

Hand -> Signature -> Face -> Voice / Retina -> Fingerprint / Iris

---

Generic Biometric Authentication Systems

(1) Enrollment

User Interface -> Biometric Sensor -> Feature Extractor -> Biometric Database

(2) Verification

User Interface -> Biometric Sensor -> Feature Extractor -> Bioetric Database
											|					|
                                           	v					|
                         True / False <- Feature Matcher   < - - one tamplate

(3) Identification

User Interface -> Biometric Sensor -> Feature Extractor -> Bioetric Database
											|					|
                                           	v					|
 User's Identify or user unidentified <- Feature Matcher   < - - N tamplate