Sunday, October 4, 2009

Authentication & Access Control


Venue : BK7, Building FTMK.
Date : 30-9-2009
Time : 9.00 a.m. – 10.50 a.m.

Same time, same location for today’s lecture to happen and it was once again conducted by our lovely lecturer, Mr. Zaki. Mr. Zaki has covered two chapters (Chapter 5 and half of Chapter 6) for the lecture this week. Chapter 5 was mainly about “Authentication & Access Control”. Authentication is the word that I used to hear for nearly three years since the day I learn subject related to networking. Sad to say that, I was not so clear about this important term in networking until this week, that was so disgraceful!!!
Basically AUTHENTCATION is the verification of identity of someone who generated some data. There are four classifications of identity verification:


  1. By something known e.g. password
  2. By something possessed e.g. Identity Card, passport…
  3. By physical characteristics e.g. iris, retina, finger print…
  4. By a result of involuntary action e.g. signature, typing style…

Next title was about password. In this topic we were exposed to some of the calculations regarding on password, below are some of the formulae to be used for calculation:

  • Password population, N = rs


  • Probability of guessing a password = 1/N


  • Probability of success, P = nt/N

Example, steps to calculate the time needed to get the right password are shown as below:


Information given,
Possibility of combinations for the password can be alphabets from a-z and numbers from 0-9.
So,
r = 36 (26 for alphabets + 10 for numbers);
length of password, s = 5;
capability of computer, n = 400MIBPS;

N = 365
P = nt/N
therefore, 1=365t/400
t = 151165.44 s.


The techniques or tips for guessing passwords are:

  • Try default passwords.


  • Try all short words.


  • Try all the words in electronic dictionary.


  • Collect information about the user’s hobbies, family names, birthday, etc.


  • Try user’s phone number, social security number, street address, etc.


  • Use Trojan horse.


  • Tap the line between the host system.

There are a few password selecting strategies; they are user education, computer-generated passwords, reactive password checking and proactive password checking. The next interesting topic is Biometric. It is referred to technologies for measuring and analysing human body characteristics for authentication purposes. There are two methods for biometric, they are:
  • Static – authentication based on a feature that is always present. For example: finger recognition, retinal scan, Iris scan, hand geometry and etc.


  • Dynamic – authentication based on a certain behaviour pattern. For example: Signature recognition, Speaker recognition, Keystroke dynamics and etc.

The last topic for this chapter is about Access Control. It is the prevention of unauthorised use of a resource, including the prevention of use of a resource in an authorised manner. There are three elements for access control:
  • Subject – it is the entity that can access objects and usually has 3 classes: owner, group and world.


  • Object – access controlled resource such as files, directories, records, programs and etc.


  • Access right – It is the ways which subject accesses an object such as read, write, execute, delete, create and search.

Another title that we must know for this topic is Access Control Matrix which is and abstract, formal security model of protection state in computer system, that characterises the rights of each subject with respect to every object in the system. Basically it is a table in which each row represents a subject, each column represents and object and each entry is the set of access rights for that subject to that object.

After that, Mr Zaki gave us a very brief summary about Chapter 6. It was all about Security in Networks. Mr Zaki skipped the first part for this chapter first because it is about the basic knowledge that we have learnt before in other subject related to networking. Mr Zaki emphasised on the topic Network Security Control. The titles covered for this topic are:
  • Encryption.


  • Strong Authentication.


  • IPSec, VPN, SSH.


  • Kerberos.


  • Firewall – Mr. Zaki described it as road block.


  • Instrusion Detection System (IDS) – Mr. Zaki described it as speed trap.


  • Instrusion Prevention System (IPS) – Combination of firewall and IDS.

Before the lecture ended, Mr. Zaki reminded us that there will be a mid-term exam next week. Oh my god, I think I need to study hard in this coming weekend so that I know how to answer for the exam… … gambateh for myself ^^
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)