What steps do you take to
access a system?
Identification
Authentication
Authorisation
What are the three categories of Authentication Factors
Knowledge factors:
Possession factors:
Inherence factors
Inherence factors:
An inherence factor is something you are, an inherent biometric characteristic such as a fingerprint, voice or iris pattern.
Knowledge factors:
A knowledge factor is something you know, such as a user name and password.
Possession factors:
A possession factor is something you have, such as a smart card or a security token.
What is a ‘secure’ password?
- Mix upper and lower case
- Use numbers
- Don’t use common words
- Use special characters
- At least X characters long
Entropy of a random password
• k = number of bits
• l= length of password
• b = number of characters in the alphabet
- 2^k
* H = log2(b^l)
Ways of Attacking Passwords
- Brute force
* Dictionary
How would you store passwords?
- Encrypt
- Hash
- Add a salt
What is a “Look up table attack”
• pairs are stored
• You can then search for a hash, and establish
the corresponding password
What are the issues with Behavioural Biometrics
- Not very distinctive
* Text-dependent or text-independent
What are the measures of Accuracy for biometrics
• True accept rate
• True reject rate
• False accept rate – measure of the likelihood
of false acceptance
• False reject rate – measure of the likelihood of
false rejection
