1. Identification and authentication
1.1. Identification is the process of an identity establishment of something.
1.2. Authentication is the process of verifying an identity, because: 1. An identity is a parameter in access control mechanism
1.3. Main Objectives
1.3.1. 1. Correctness - If A and B are both honest, then A should be able to successfully authenticate herself to B, and vice versa 2. Impersonation prevention - C cannot present himself as A to B 3. Transferability protection - B cannot utilize an identification exchange with A to impersonate A to a third party C
1.4. Simple Identification/Authentication
1.4.1. 1. Ask for an identity (e.g. username) 2. Check if an identity is known 3. Ask for a shared secret (e.g. password) 4. Check if the secret matches the identity
1.5. Identity Management
1.5.1. A digital identity is a set of properties assigned to a given object (e.g. access right)
1.5.2. Main functionalities of an identity management system: • Creation and deletion of identities • Managing the authentication process • Provide authorization
1.6. Lightweight Directory Access Protocol (LDAP)
1.6.1. An open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.
1.6.2. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network.
1.6.3. LDAP Applications
1.6.3.1. 1. User account management (e.g. Apple Open Directory, POSIX Accounts) 2. Address books (Lotus Notes, Outlook) 3. Authentication (e.g. PAM: Pluggable Authentication Module) 4. User data in email servers and spam filters
1.7. User Authentication
1.7.1. 1. Something u know: passwords, shared secrets (e.g. mother's maiden name) 2. Something u have: smart cards, security tokens 3. Something u are: biometrics, voice print
1.8. Good Password
1.8.1. 1. Long passwords are harder to break but tedious to type. 2. Random passwords are hard to break but impossible to memorize. 3. Passwords are only used for services that are often used.
1.9. Password Maintenance
1.9.1. Password synchronization: distribution of the same password to multiple systems
1.9.2. Forgotten passwords: self-service password reset and assisted password reset
1.10. Password Threats
1.10.1. 1. Brute force search 2. Guessing 3. Keylogging 4. Identity spoofing 5. Social engineering
1.11. Password Security
1.11.1. 1. Protecting password files - To check that the user has typed in the correct password, systems must have a reference to check against. 2. Password Lock-out -A common approach to reduce the risk of brute-force attempts to log in to an account is to either lock the account or increase the delay between login attempts when there have been repeated failures. 3. Password Timeouts -A method sometimes proposed to limit the impact of password compromises is to require users to change them regularly.
1.12. Smartcards
1.12.1. Physical tamper-proof credentials
1.12.2. Memory card: simple storage of information (e.g. medical insurance)
1.12.3. Main problem: theft and loss risk
1.13. Two-Factor Authentication
1.13.1. A combination of any two authentication modes
1.13.2. E.g. SecurID
1.13.3. Known as 2FA or 2-Step Verification
1.14. Single sign-on (SSO)
1.14.1. A property of access control of multiple related, but independent software systems.
1.14.2. Motivation: 1. Reduce the need to memorize passwords 2. Reduce the time spent on typing passwords 3. Reducing password maintenance effort
1.14.3. Solutions: 1. Local password containers (e.g. KDE Wallet) 2. Physical authentication devices 3. Client-server architectures (Keberos)
1.15. Kerberos
1.15.1. A computer network authentication protocol which works on the basis of 'tickets' to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.
1.15.2. Design Criteria
1.15.2.1. 1. Security against eavesdropping : no password transmission in clear text. 2. Reliability : every use of a service requires prior authentication. 3. Transparency : user is not aware of any authentication beyond an initial login. 4. Scalability : support for a large number of servers and clients.
1.15.3. Kerberos Autenhtication Protocol
1.15.3.1. Kerberos Detail
1.15.3.1.1. User Login
1.15.3.1.2. User Authentication
1.15.3.1.3. Ticket Request
1.15.3.1.4. Service Authentication
1.15.3.2. Kerberos Resume
1.15.3.2.1. 1. Provides secure authentication in an insecure network. 2. A de-facto standard (at least open-source) in distributed authentication services. 3. Relatively complex in installation. 4. Single point of failure.
2. Biometrics Identification
2.1. A biometric is a physiological or behavioural characteristic of human being that can distinguish one person from another and that theoretically can be used for identification or verification of identity.
2.2. Categories
2.2.1. Psychological: Iris, Fingerprints, Hand, Retinal, Face recognition
2.2.2. Behavioural: Voice, Typing pattern, Signature
2.3. Disadvantages
2.3.1. 1. High cost and time consumption 2. Impossibility to revoke 3. Privacy issues and social acceptance
2.4. Biometric Authentication Process
2.4.1. Identification Stage
2.4.1.1. 1. Acquisition 2. Creation of Master characteristics 3. Storage of Master characteristics
2.4.2. Authentication Stage
2.4.2.1. 1. Acquisition 2. Comparison 3. Decision
2.5. Fingerprint Recognition
2.5.1. Process
2.5.1.1. 1. Divides print into loops, whorls, arch 2. Calculate minutiae points 3. Comparisons 4. Authentication
2.5.2. Techniques
2.5.2.1. 1. Optical 2. Capacitive 3. Thermal 4. Ultrasonic
2.5.3. Disadvantages
2.5.3.1. 1. Racial issues 2. Dirt, grime, wounds 3. Placement of finger
2.6. Hand Geometry
2.6.1. 1. Geometry of users hand 2. More reliable than fingerprinting 3. Disadvantages: very large scanners
2.7. Retinal Scanning
2.7.1. Process
2.7.1.1. 1. Scans retina into database 2. Users looks straight into retinal reader 3. Scan using low intensity light 4. Very efficient
2.7.2. Disadvantages
2.7.2.1. 1. User has to look "directly" 2. Acceptability concerns light exposure and hygiene
2.8. Iris Scanner
2.8.1. 1. Scan unique pattern of iris 2. Iris is coloured and visible from far 3. No touch required
2.9. Face Recognition
2.9.1. Process
2.9.1.1. 1. User faces camera 2. Neutral expression required 3. Algorithms for processing 4. Decision
2.9.2. Issues
2.9.2.1. 1. Easily spoofed 2. Tougher usability 3. High environmental impact
3. Access Control and Authorization
3.1. Resource Access
3.1.1. 1. Identification 2. Authentication 3. Authorization 4. Accountability
3.2. Access Control Example
3.2.1. Unix 1. Every file associated with "mode" 2. Read, Write and eXecute rights, for owner, group 3. e.g. dr--r-xrwx
3.2.2. Windows 1. NTFS allows specifying which users can do what to a file 2. A few group are pre-defined e.g. admin
3.3. Access Control Overview
3.3.1. Subject (User, Process) > Access Control Policy > Object
3.4. Main Concepts
3.4.1. Subject is an entity that initiates an access request.
3.4.2. Object is an entity an access to which is requested.
3.4.3. Rights represent different type of access.
3.4.4. Reference monitor makes authorization decisions.
3.4.5. Goals of access control: 1. Granting access 2. Limiting access 3. Preventing access 4. Revoking access
3.5. Subjects
3.5.1. Subjects are any ACTIVE entities in a system.
3.5.2. Subjects operate on behalf of principals.
3.5.3. Each subject must be bound to a unique principal, a principal may be bound to several subjects.
3.5.4. Principal: user ID Subject: process ID
3.6. Objects
3.6.1. Objects represent PASSIVE resources of a system: memory
3.6.2. A resource may be an object or a subject
3.7. Reference monitor and Access policies
3.7.1. Reference monitor is an abstract notion of a mechanism for controlling access requests.
3.7.2. Access right represent various access operations: read, write, append, execute, delete, search, change owner, change permissions
3.7.3. Access policies map principals, objects and access rights.
3.7.4. Core requirement for RM: 1. Tamper-resistance 2. Complete mediation 3. Easiness of testing
3.7.5. Reference monitor placement: 1. Hardware 2. Operating system kernel 3. Operating system 4. Services: databases 5. Applications
3.8. Access Control Structures
3.8.1. Access Control Matrix
3.8.1.1. ACM is a basic control structure.
3.8.1.2. Advantages: easy to verify
3.8.1.3. Disadvantages: poor sclability
3.8.2. Capabilities
3.8.2.1. C is a subject-centered description of access rights. Alice: {edit.exe: execute},{fun.com: execute, read}
3.8.2.2. A: easy ownership transfer
3.8.2.3. D: Difficulty of revocation
3.8.3. Access Control Lists
3.8.3.1. ACL is an object-centered description of access rights. exit.exe: {Alice: execute}, {Bob: execute}
3.8.3.2. A: easy access to object access rights
3.8.3.3. D: Difficulty of sharing
3.8.4. Access Control Abstraction
3.8.4.1. Group: collection of related subjects 1. easy sharing 2. easy addition and removal of users
3.8.4.2. Negative permission: explicit revocation of access rights.
3.8.4.3. Privilege: a mapping of users to access rights
3.8.4.4. Protection ring: a hierarchy of access right levels 0 - operating system kernel 1 - operating system 2 - services 3 - user processes
3.8.5. Requirements for access control structure: 1. An ability to express control policies 2. Scalability and manageability
3.9. Discretionary Access Control (DAC)
3.9.1. 1. Access control is carried out by a resource owner. 2. Deployed in a majority of common systems.
3.9.2. A: 1. Simple and efficient access rights management 2. Scalability
3.9.3. D: 1. Intentional abuse of access rights 2. No control over information owner
3.10. Mandatory Access Control (MAC)
3.10.1. Centralized access control by means of system-wide policy.
3.10.2. A: Strict control over information owner.
3.10.3. D: Major usability problems
3.11. Role Based Access Control (RBAC)
3.11.1. A "logical" layer that links users and allowed resources
3.11.2. RBAC attempt to handle complexity of access control by extensive used of abstractions: Data types, Procedures.
3.11.3. Role hierarchies can be used to match natural relations between roles.
3.11.4. E.g. A lecturer can create a role Student and give it a privilege "read course material".