Beruflich Dokumente
Kultur Dokumente
Authentication:
Authentication:
Authentication is the process of determining if a user or identity is who they claim
to be. Authentication is accomplished using something the user knows (e.g.
password), something the user has (e.g. security token) or something of the user
(e.g. biometric).
Authentication enables the network to only admit the authorized users to have
access to its resources. It provides the way where the claimed identifier is
verified by the access control mechanisms through some means.
Authentication Methods:
Passwords :
Passwords are the most popular authentication methods, and all the subjects used them for
multiple services. Authentication with this method is very straight forward and people
perceived it as "secure enough". Subjects were conscious about the length of their
password and security. On the other side looking from the negative point of view this
leads to multiple passwords and it gets hard to remember.
The usability perceptions were consistent with the questionnaire results where people
think passwords are acceptable method of authentication. When asked if they would
consider using weaker passwords on services for mobile devices, which may have limited
input capabilities (for instance a small keypad), most of respondents wouldn't sacrifice
security for usability by having a shorter password.
Tokens:
All the subjects used tokens in some form, either through paper tabels (for altinn), key
generators (for BankID) or through SMS (altinn, skandiabanken). The subjects perceived
tokens as secure and with high usability. Two subjects were skeptical regarding token
generators integrated in phones because of grouping too many services into one device.
Location:
The subjects were positive to the usability aspect, as location tracking happens without
user input. However some expressed concerns about privacy issues, and it is perceived a
bit too complicated at this stage. Maybe if the subjects were more familiar with this
technology we could go more in depth with this discussion.
Biometrics:
Most of the subjects liked the aspect of quick login, but are conscious about the risk of
data loss. Data loss is perceived bad because it contain sensitive information about
themselves, not necessarily because of practical issues such as the fact that one is unable
to change biometric factors, but a general impression of that loosing private data is bad
and should be avoided. Face recognition was also considered as more negative because of
giving away too much information about one self.
Fingerprint is still the one most preferred biometrical method, as it was in the
questionnaire results. Some users have experience with it, although these ranged from
very positive to poor, as result of the methods functionality. All the subjects had some
ideas of fingerprint, and other than privacy issues
Message digest:
A message digest (also known as a cryptographic checksum or cryptographic
hashcode) is nothing more than a number - a special number that is effectively a
hashcode produced by a function that is very difficult to reverse.
A message digest is also a hash function. It takes a variable length input - often an
entire disk file - and reduces it to a small value (typically 128 to 512 bits). Give it the
same input, and it always produces the same output. And, because the output is very
much smaller than the potential input, for at least one of the output values there must
be more than one input value that can produce it; we would expect that to be true for
all possible output values for a good message digest algorithm.
A simple hash function takes some input, usually of indefinite length, and produces a
small number that is significantly shorter than the input. The function is many to one,
in that many (possibly infinite) inputs may generate the same output value.
The function is also deterministic in that the same output value is always generated
for identical inputs. Hash functions are often used in mechanisms that require fast
lookup for various inputs, such as symbol tables in compilers and spelling checkers.
Digital signatures:
A digital signature is (most often) a message digest encrypted with someone's private
key to certify the contents. This process of encryption is called signing. Digital
signatures can perform two different functions, both very important to the security of
your system:
a prime modulus, where 2L1 < p < 2L, and L is the bit length of p.
q
a prime divisor of (p 1), where 2N1 < q < 2 N, and N is the bit length
of q.
g
a generator of the subgroup of order q mod p, such that 1 < g < p.
x
the private key that must remain secret; x is a randomly or pseudo
randomly generated
integer, such that 0 < x < q, i.e., x is in the range [1, q1].
y
the public key, where y = gx mod p.
k
a secret number that is unique to each message; k is a randomly or
pseudo randomly
generated integer, such that 0 < k < q, i.e., k is in the range [1, q1].
E mail Security:
Secure Email Services:
Confidentiality
Message Integrity
Sender Authentication
Security mechanisims:
Detached signature
Leaves the original message untouched
Signature can be transmitted/stored separately
Message can still be used without the security software
Signed message
Signature is always included with the data.
Working of PGP:
When someone starts using PGP, they generate a Key Pair. These are really just text
files that look like gibberish to a human. The keys can be created at various levels of
strength 512, 1024, or 2048 bit strengths are used. The higher the number, the
stronger the encryption value of the key. One key of the pair is the Private key this
key should always be kept safe and never given to anyone. The other key is the public
key this keyshould be given to as many people as possible.
Uses of PGP:
The most commonly used aspect of PGP is the signing and encryption of email or
files. Signing a document is a way of verifying the integrity of the original work.
Themethod is as follows:
That is, if different people (thus different private keys) signed the
same email, the signatures would be different. Then the public key of the key pair is used to
compare the hash created by the private key, and if the hashes match, then two things
are assured:
1) The message has not been modified since signing
2) the signature was not be forged.