Scribd
Upload
23 views

Lecture - Authentication

The document discusses various authentication schemes including password based authentication, one-time passwords, challenge-response authentication, and biometrics. It also covers access control and authorization methods like access control matrices and access control lists.

Uploaded by

faheem tariq
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
23 views

Lecture - Authentication

The document discusses various authentication schemes including password based authentication, one-time passwords, challenge-response authentication, and biometrics. It also covers access control and authorization methods like access control matrices and access control lists.

Uploaded by

faheem tariq
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 9

CS703 - Advanced

Operating Systems
Overview of today’s lecture
• User authentication
• Password based authentication
• UNIX password scheme
• One-time password schemes
• Challenge response authentication
• Biometrics and other authentication schemes
• Access control and authorization
• Access control matrix
Authentication
• Usually done with passwords.
• This is usually a relatively weak form of authentication, since it’s
something that people have to remember
• Empirically is typically based on wife’s/husband’s or kid’s name,
favorite movie name etc.
• Passwords should not be stored in a directly-readable form
• Use some sort of one-way-transformation (a “secure hash”) and
store that
• if you look in /etc/passwords will see a bunch of gibberish
associated with each name. That is the password
• Problem: to prevent guessing (“dictionary attacks”) passwords should
be long and obscure
• unfortunately easily forgotten and usually written down.
Authentication (2)

• Unix password security


Encrypt passwords
• One time passwords
Lamport’s clever scheme (Read Tanenbaum for details)
• Challenge-Response based authentication
Used in PPP and many other applications
Authentication alternatives
• Badge or key
Does not have to be kept secret. usually some sort of picture ID
worn on jacket (e.g., at military bases)
• Should not be forgeable or copy-able
• Can be stolen, but the owner should know if it is
• (but what to do? If you issue another, how to invalidate old?)
• This is similar to the notion of a “capability” that we’ll see later
Biometrics
• Biometrics
• Authentication of a person based on a physiological or behavioral
characteristic.
• Example features:
• Face, Fingerprints, Hand geometry, Handwriting,
• Iris, Retinal, Vein, Voice.
• Strong authentication but still need a “Trusted Path”.
Access control
• Context
• System knows who the user is
• User has entered a name and password, or other info
• Access requests pass through gatekeeper
• OS must be designed so monitor cannot be bypassed

Reference
User monitor
process ? Resource

Decide whether user can apply operation to resource


Access control matrix [Lampson]
Object
s

File 1 File 2 File 3 … File n

User 1 read write - - read


User 2 write write write - -
Subject
s User 3 - - - read read


User m read write read write read
Two implementation concepts

• Access control list (ACL) File 1 File 2 …


• Store column of matrix
User 1 read write -
with the resource
• Capability User 2 write write -
• User holds a “ticket” for User 3 - - read
each resource

User m read write write

Access control lists are widely used, often with groups


Some aspects of capability concept are used in Kerberos, …

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy