Chapter 3

User Authentication
NIST SP 800-63-3 (Digital Authentication
Guideline, October 2016) defines digital user
authentication as:

“The process of establishing confidence

in user identities that are presented
electronically to an information system.”
 Digital Authentication
• Systems can use the authenticated identity to
determine if the authenticated individual is
authorized to perform particular functions, such as
database transactions or access to system
resources.
• In many cases, the authentication and transaction,
or other authorized function, take place across an
open network such as the Internet. Equally
authentication and subsequent authorization can
take place locally, such as across a local area
network.
(Table can be found on page 65 in the textbook)
 Authentication
There are 5 factors of authentication that can prove our identification:
1. Something you know
The something you know factor is a shared secret between you and whoever you are
authenticating to. A PIN number, for instance, is a shared secret between you and your bank. By
providing your PIN number to an ATM, you are proving that you are the owner of the bank
account.
2. Something you have (token)
The second factor of authentication is something you have, such as a smart card. Smart cards
look like credit cards, except we use them to gain access to systems. Every smart card contains a
microchip and a certificate that contains the user’s private key (used for PKI). When the microchip
is exposed to the electromagnetic field of a card reader, the microchip is powered on and data
transfer can occur.
The last example of something you have are “HMAC-based One-Time Passwords (HOTP).” This is
an open-standard used to create one-time passwords similar to what we use in tokens. When you
need to login, you can request an HOTP number. The security challenge with HOTP is that the
number never expires. Once the HOTP number is generated, it will not expire until you use it.
Thus, the risk of using HOTP is that a shoulder surfer could use the HOTP number too. As a result,
it’s highly recommended to use “Time-based One Time Passwords (TOTP)” that expires after 30
seconds.
 Continue Authentication
3. Something You Are (Static biometric)
The something you are factor of authentication is just that —something you
are. So, your fingerprint, retina or iris image or any physical characteristic can
be used to identify you. We call these biometric systems.
4. Something you Do
Most people aren’t familiar with the something you do factor of
authentication. Have you unlocked your phone by swiping your thumb in a
series of patterns? That is an example of something you do. This is called a
“gesture. Handwritten for example.
5.Somewhere You Are
The final factor of authentication is somewhere you are. This factor of
authentication depends on geo-location technologies to track your IP
address. Facebook, for example, tracks your IP address whenever you login to
your Facebook account. If you were to login from another state, you might be
notified of a suspicious login.
 The four means of authenticating user
identity are based on:
Something Something Something Something
the individual the individual the individual the individual
knows possesses is (static does
• Password, PIN, (token) biometrics) (dynamic
answers to • Smartcard, • Fingerprint, biometrics)
prearranged electronic retina, face • Voice pattern,
questions keycard, handwriting,
physical key typing rhythm
 Multifactor authentication
• Multifactor authentication refers to the use of more
than one of the authentication means.
• The strength of authentication systems is largely
determined by the number of factors incorporated by
the system.
• Implementations that use two factors are considered
to be stronger than those that use only one factor;
systems that incorporate three factors are stronger
than systems that only incorporate two of the
factors, and so on.
 Risk Assessment for
User Authentication

Assurance
• There are Level
three
separate Potential
concepts: impact

Areas of
risk
 Assurance Level

An assurance More specifically is Four levels of

defined as: assurance
level:
Describes an Level 1
organization’s The degree of confidence
in the vetting process
• Little or no confidence in the
asserted identity's validity
degree of certainty used to establish the
identity of the individual
that a user has to whom the credential Level 2

presented a was issued • Some confidence in the asserted

identity’s validity

credential that
refers to his or her Level 3
• High confidence in the asserted
identity The degree of confidence
that the individual who
identity's validity

uses the credential is the

individual to whom the Level 4
credential was issued • Very high confidence in the
asserted identity’s validity
 Examples of Assurance levels
Level 1: Little or no confidence in the asserted identity’s validity.
• An example of where this level is appropriate is a consumer registering to participate in a discussion at a company
web site discussion board. Typical authentication technique at this level would be a user-supplied ID and
password at the time of the transaction.

Level 2: Some confidence in the asserted identity’s validity. Level 2 credentials are appropriate for a wide range of
business with the public where organizations require an initial identity assertion (the details of which are verified
independently prior to any action). At this level, some sort of secure authentication protocol needs to be used, together
with one of the means of authentication summarized previously and discussed in subsequent sections.

Level 3: High confidence in the asserted identity’s validity. This level is appropriate to enable clients or employees to
access restricted services of high value but not the highest value. An example for which this level is appropriate:
• A patent attorney electronically submits confidential patent information to the U.S. Patent and Trademark Office.
Improper disclosure would give competitors a competitive advantage. Techniques that would need to be used at
this level require more than one factor of authentication; that is, at least two independent authentication
techniques must be used.

Level 4: Very high confidence in the asserted identity’s validity. This level is appropriate to enable clients or employees
to access restricted services of very high value or for which improper access is very harmful. For example, a law
enforcement official accesses a law enforcement database containing criminal records. Unauthorized access could
raise privacy issues and/or compromise investigations. Typically, level 4 authentication requires the use of multiple
factors as well as in-person registration.
 Potential Impact
• FIPS 199 defines three levels of potential impact on
organizations or individuals should there be a breach
of security:
– Low
• An authentication error could be expected to have a limited
adverse effect on organizational operations, organizational assets,
or individuals
– Moderate
• An authentication error could be expected to have a serious
adverse effect
– High
• An authentication error could be expected to have a severe or
catastrophic adverse effect
Combined Severity Scale

An attack vector is the path that a hacker takes to

exploit cybersecurity vulnerabilities.
 Table 3.2 Maximum Potential Impacts for Each Assurance
Level

• The table indicates that if the potential impact is low, an assurance level of 1 is
adequate. If the potential impact is moderate, an assurance level of 2 or 3 should
be achieved. And if the potential impact is high, an assurance level of 4 should
be implemented.
• Similar analysis can be performed for the other categories shown in the table.
The analyst can then pick an assurance level such that it meets or exceeds the
requirements for assurance in each of the categories listed in the table. So, for
example, for a given system, if any of the impact categories has a potential
impact of high, or if the personal safety category has a potential impact of
moderate or high, then level 4 assurance should be implemented.
 1. Password-Based Authentication
Something you know

• Widely used line of defense against intruders

– User provides name/login and password
– System compares password with the one stored for that specified
login
• The user ID:
– Determines that the user is authorized to access the system
– Determines the user’s privileges
– Is used in discretionary access control
 Password Vulnerabilities
The main forms of attack against password-based

Offline Password
guessing Workstation Electronic
dictionary against hijacking monitoring
attack single user

Exploiting
Specific Popular Exploiting
multiple
account password user
password
attack attack mistakes
use
 Password Vulnerabilities
We can identify the following attack strategies:
• Offline dictionary attack: Typically, strong access controls are used to protect the system’s password file.
However, experience shows that determined hackers can frequently bypass such controls and gain access to the
file. The attacker obtains the system password file and compares the password hashes against hashes of
commonly used passwords. If a match is found, the attacker can gain access by that ID/password combination.
Countermeasures include controls to prevent unauthorized access to the password file, intrusion detection
measures to identify a compromise, and rapid reissuance of passwords should the password file be
compromised.

• Specific account attack: The attacker targets a specific account and submits password guesses until the
correct password is discovered. The standard countermeasure is an account lockout mechanism, which locks out
access to the account after a number of failed login attempts. Typical practice is no more than five access
attempts.

• Popular password attack: A variation of the preceding attack is to use a popular password and try it against
a wide range of user IDs. A user’s tendency is to choose a password that is easily remembered; this
unfortunately makes the password easy to guess. Countermeasures include policies to inhibit the selection by
users of common passwords and scanning the IP addresses of authentication requests and client cookies for
submission patterns.
 Password Vulnerabilities
Password guessing against single user: The attacker attempts to gain knowledge about the account holder and system password
policies and uses that knowledge to guess the password. Countermeasures include training in and enforcement of password policies
that make passwords difficult to guess. Such policies address the secrecy, minimum length of the password, character set,
prohibition against using well-known user identifiers, and length of time before the password must be changed.

Workstation hijacking: The attacker waits until a logged-in workstation is unattended. The standard countermeasure is
automatically logging the workstation out after a period of inactivity . Intrusion detection schemes can be used to detect changes in
user behavior.

Exploiting user mistakes: If the system assigns a password, then the user is more likely to write it down because it is difficult to
remember. This situation creates the potential for an adversary to read the written password. A user may intentionally share a
password, to enable a colleague to share files, for example. Also, attackers are frequently successful in obtaining passwords by
using social engineering tactics that trick the user or an account manager into revealing a password. Many computer systems are
shipped with preconfigured passwords for system administrators. Unless these preconfigured passwords are changed, they are
easily guessed. Countermeasures include user training, intrusion detection, and simpler passwords combined with another
authentication mechanism.

Exploiting multiple password use. Attacks can also become much more effective or damaging if different network devices share
the same or a similar password for a given user. Countermeasures include a policy that forbids the same or similar password on
particular network devices.

Electronic monitoring: If a password is communicated across a network to log on to a remote system, it is vulnerable to
eavesdropping. Simple encryption will not fix this problem, because the encrypted password is, in effect, the password and can be
observed and reused by an adversary.
A widely used password
security technique is the use of
hashed passwords and a salt
value. This scheme is found on
virtually all UNIX variants as
well as on a number of other
operating systems.
The following procedure is
employed (Figure 3.3a). To load
a new password into the
system, the user selects or is
assigned a password. This
password is combined with a
fixed-length salt value. In older
implementations, this value is
related to the time at which the
password is assigned to the
user. Newer implementations
use a pseudorandom or random
number. The password and salt
serve as inputs to a hashing
algorithm to produce a fixed-
length hash code. The hash
algorithm is designed to be slow
to execute in order to thwart
attacks.
The hashed password is then
stored, together with a plaintext
copy of the salt, in the password
file for the corresponding user
ID. The hashed password
method has been shown to be
secure against a variety of
cryptanalytic attacks.
The Use of Hashed Passwords When a user attempts to log on to a
UNIX system, the user provides an ID
and a password (Figure 3.3b). The
operating system uses the ID to index
into the password file and retrieve the
plaintext salt and the encrypted password.
The salt and user-supplied password are
used as input to the encryption routine. If
the result
matches the stored value, the password is
accepted.
The salt serves three purposes:
• It prevents duplicate passwords from
being visible in the password file. Even if
two users choose the same password,
those passwords will be assigned
different salt values. Hence, the hashed
passwords of the two users will differ.
• It greatly increases the difficulty of
offline dictionary attacks. For a salt of
length b bits, the number of possible
passwords is increased by a factor of 2 b,
increasing the difficulty of guessing a
password in a dictionary attack.
• It becomes nearly impossible to find out
whether a person with passwords on
two or more systems has used the same
password on all of them.
 The Use of Hashed Passwords
• To see the second point, consider the way that an offline dictionary attack would work.
The attacker obtains a copy of the password file. Suppose first that the salt is not used.
The attacker’s goal is to guess a single password. To that end, the attacker submits a large
number of likely passwords to the hashing function. If any of the guesses matches one of
the hashes in the file, then the attacker has found a password that is in the file. But faced
with the UNIX scheme, the attacker must take each guess and submit it to the hash
function once for each salt value in the dictionary file, multiplying the number of guesses
that must be checked.

There are two threats to the UNIX password scheme:

• First, a user can gain access on a machine using a guest account or by some other means
and then run a password guessing program, called a password cracker, on that machine.
The attacker should be able to check many thousands of possible passwords with little
resource consumption.
• In addition, if an opponent is able to obtain a copy of the password file, then a cracker
program can be run on another machine at leisure. This enables the opponent to run
through millions of possible passwords in a reasonable period.
 UNIX Implementation
Since the original development of UNIX, many implementations
have relied on the following password scheme
Original scheme
• Up to eight printable characters in length
(Converted into 56-bit (ASCII) will be input to
encryption routine.)
• 12-bit salt used to modify DES encryption into a
one-way hash function named crypt(3) is based
on DES). DES algorithm is executed with a data
input consisting of a 64-bit block of zeros.
• Zero value repeatedly encrypted 25 times
• Output translated to 11 character sequence

Now regarded as inadequate

• Still often required for compatibility with
existing account management software or
multivendor environments
 Improved Implementations

OpenBSD (open source Unix)

uses Blowfish symmetric
block cipher based hash
algorithm called Bcrypt
• Most secure version of Unix
hash/salt scheme
Much stronger hash/salt • Uses 128-bit salt to create 192-bit
schemes available for Unix hash value

Recommended hash function

is based on MD5 crypt routine
• Salt of up to 48-bits
• Password length is unlimited
• Produces 128-bit hash
• Uses an inner loop with 1000
iterations to achieve slowdown
 Password Cracking (Guessing)
If no match is found, then
the cracking program
tries variations on all the
words in its dictionary of
likely passwords. Such
variations include
backward spelling of
words, additional
numbers or special
characters, or sequence of
characters,
Dictionary attacks
• Develop a large dictionary
of possible passwords and
try each against the
password file
• Each password must be
hashed using each salt
value and then compared
to stored hash values
Password crackers
exploit the fact that
people choose easily
guessable passwords
• Shorter password lengths
are also easier to crack
Rainbow table
attacks
• Pre-compute tables of
hash values for all salts
• A mammoth table of hash
values
• Can be countered by using
a sufficiently large salt
value and a sufficiently
large hash length
John the Ripper
• Open-source password
cracker first developed in
in 1996
• Uses a combination of
brute-force and dictionary
techniques
 Modern Approaches
• Complex password policy
– Forcing users to pick stronger passwords

• However password-cracking techniques have also

improved
– The processing capacity available for password cracking has increased
dramatically
– The use of sophisticated algorithms to generate potential passwords
– Studying examples and structures of actual passwords in use
 Password File Access Control
Can block offline guessing attacks by denying access to
encrypted passwords

Make
available
only to
Vulnerabilities
privileged
users

Weakness in Accident Users with

Sniff
the OS that with same Access from
passwords
allows permissions password on backup
Shadow in network
access to making it other media
password file traffic
the file readable systems
 Password Selection Strategies
User education
Users can be told the importance of using hard to guess passwords and can be provided with guidelines for selecting strong passwords

Computer generated passwords

Users have trouble remembering them

Reactive password checking

System periodically runs its own password cracker to find guessable passwords. The system cancels
any passwords that are guessed and notifies the user

Complex password policy (Proactive password checking)

User is allowed to select their own password, however the system Goal is to eliminate guessable passwords while allowing the user to
checks to see if the password is allowable, and if not, rejects it select a password that is memorable
 Proactive Password Checking

• The trick with proactive password checking is to strike a balance between

user acceptability and strength.
The Possible approaches to proactive password checking:
• Rule enforcement
– Specific rules that passwords must adhere to

• Password checker
• Compile a large dictionary of passwords not to use. When a user selects a password, the
system checks to make sure that it is not on the disapproved list
• -ve: space to store large and time: will be large to search large dictionary

• Bloom filter
– Used to build a table based on hash values
– Check desired password against this table
 2. Token Based Authentication
Something you have
Objects that a user possesses for the purpose of user authentication are called
tokens.

Types of Cards Used as Tokens

 Memory Cards
• Can store but do not process data
• The most common is the magnetic stripe card
• Can include an internal electronic memory
• Can be used alone for physical access
– Hotel room
– ATM
• Provides significantly greater security when combined with a
password or PIN
• Drawbacks of memory cards include:
– Requires a special reader
– Loss of token
– User dissatisfaction
 Smart Tokens
A wide variety of devices qualify as smart tokens. These can
be categorized along three dimensions that are not mutually
exclusive:
• Physical characteristics:
o Include an embedded microprocessor
o A smart token that looks like a bank card
o Can look like calculators, keys, small portable objects
• User interface:
o Manual interfaces include a keypad and display for human/token interaction

• Electronic interface
o A smart card or other token requires an electronic interface to communicate
with a compatible reader/writer
o Contact (insert in card reader with a direct connection) and contactless
interfaces (requires only close proximity to a reader)
 Smart Tokens
The purpose of a smart token is to provide a means for user authentication.
The authentication protocols used with smart tokens are classified into
three categories:
1. Static Protocol
• the user authenticates himself or herself to the token and then the token
authenticates the user to the computer.
2. Dynamic password generator Protocol
• The token generates a unique password periodically (e.g., every minute). This
password is then entered into the computer system for authentication, either
manually by the user or electronically via the token.
• The token and the computer system must be initialized and kept synchronized so
that the computer knows the password that is current for this token .
3. Challenge-response Protocol
• The computer system generates a challenge, such as a random string of numbers. The
smart token generates a response based on the challenge. For example, public-key
cryptography could be used and the token could encrypt the challenge string with the
token’s private key.
 2.1 Smart Cards
• The Most important category of smart token is the smart card which:
o Has the appearance of a credit card
o Has an electronic interface
o May use any of the smart token protocols
• The Smart Card Contains:
o An entire microprocessor
• Processor
• Memory
• I/O ports
o Some versions incorporate a special co-processing circuit for cryptographic operation to
speed the task of encoding and decoding messages or generating digital signatures to
validate the information transferred.
• A smart card typically include three types of memory:
o Read-only memory (ROM)
• Stores data that does not change during the card’s life (such as: card number, holder name)
o Electrically erasable programmable ROM (EEPROM)
• Holds application data and programs (such as protocol that card execute, any data that may
vary within time, in a telephone card, time remaining of a talk)
o Random access memory (RAM)
• Holds temporary data generated when applications are executed
 3. Biometric Authentication
Something You are
• Attempts to authenticate an individual based on unique physical
characteristics
• Based on pattern recognition
• Is technically complex and expensive when compared to
passwords and tokens
• Physical characteristics used include:
o Facial characteristics
o Fingerprints
o Hand geometry
o Retinal pattern
o Iris
o Signature
o Voice
The system must determine how closely a presented biometric
characteristic matches a stored characteristic
 Enrolment: Similar to assign a pswd
to a suer

Verification: similar to user logging with a

smart card coupled with a PIN or pswd.

Identification: the individual

uses the biometric sensor
but presents no additional
information
 Remote User Authentication
• Authentication over a network, the Internet, or a
communications link is more complex
• Additional security threats such as:
– Eavesdropping, capturing a password, replaying an
authentication sequence that has been observed

• Generally rely on some form of a challenge-response

protocol to counter threats
Figure 3.13 Basic
Challenge-Response
Protocols for Remote
User Authentication
1. A user transmits his or her identity to the remote
host.
2. The host generates a random number r, often called
a nonce, and returns this nonce to the user with
two functions, h() (hash f) and f(), to be used in the
response. This transmission from host to user is the
challenge.
3. The user’s response is the quantity f(r’, h(P’)),
where r’ = r and P’ is the user’s password. so that
the response consists of the hash function of the Challenge
user’s password combined with the random
number using the function f.
4. The host stores the hash function of each register
user’s password, depicted as h(P(U)) for user U.
When the response arrives, the host compares the
incoming f(r’, h(P’)) to the calculated f(r, h(P(U))). If
the quantities match, the user is authenticated.

This scheme defends against several forms of attack:

• The host stores a hash code of the password, this secures the password from intruders into the
host system.
• In transmission : for f function, the password hash cannot be captured during transmission
because not the hash of the password is transmitted directly, but a function in which the
password hash is one of the arguments.
• Finally, the use of a random number as one of the arguments of f defends against a replay
attack, in which an adversary captures the user’s transmission and attempts to log on to a
system by retransmitting the user’s messages.
 Figure 3.13b provides a simple example of a token
protocol for authentication.
1. A user first transmits his or her identity to the
remote host.
2. The host returns a random number and the
identifiers of functions f() and h() to be used in
the response.
3. At the user end, the token provides a passcode
W’.
4. The token either stores a static passcode or
generates a one-time random passcode. For a one-
time random passcode, the token must be
synchronized in some fashion with the host. In
either case, the user activates the passcode by
entering a password P’. This password is shared
only between the user and the token and does not
involve the remote host.
5. The token responds to the host with the quantity
f(r’, h(W’ )).
6. For a static passcode, the host stores the hashed
value h(W (U )); for a dynamic passcode, the host
generates a one-time passcode (synchronized to
that generated by the token) and takes its hash.
Authentication then proceeds in the same fashion
as for the password protocol.
Figure 3.13c is an example of a user
authentication protocol using a static
biometric.
1. The user transmits an ID to the host, which
responds with a random number r and, in this
case, the identifier for an encryption E().
2. On the user side is a client system that controls
a biometric device. The system generates a
biometric template BT’ from the user’s biometric
B’ and returns the ciphertext E(r’, D’, BT’) ,
where D’ identifies this particular biometric
device.
3. The host decrypts the incoming message to
recover the three transmitted parameters and
compares these to locally stored values.
4. For a match, the host must find r’ = r . Also, the
matching score between BT’ and the stored
template must exceed a predefined threshold.
5. Finally, the host provides a simple
authentication of the biometric capture device
by comparing the incoming device ID to a list of
registered devices at the host database.
Figure 3.13d is an example of a user
authentication protocol using a dynamic
biometric.
1. The principal difference from the case of a
stable biometric is that the host provides a
random sequence as well as a random number
as a challenge. The sequence challenge is a
sequence of numbers, characters, or words.
2. The human user at the client end must then
vocalize (speaker verification), type (keyboard
dynamics verification), or write (handwriting
verification) the sequence to generate a
biometric signal BS’ (x’) .
3. The client side encrypts the biometric signal
and the random number.
4. At the host side, the incoming message is
decrypted. The incoming random number r’
must be an exact match to the random number
that was originally used as a challenge (r ). In
addition, the host generates a comparison
based on the incoming biometric signal BS’
(x’) , the stored template BT (U ) for this user
and the original signal x . If the comparison
value exceeds a predefined threshold, the user
is authenticated.
 Eavesdropping
Adversary attempts to
learn the password by
some sort of attack that
involves the physical
Denial-of-Service proximity of user and Host Attacks
adversary Directed at the user file
at the host where
Attempts to disable a passwords, token
user authentication passcodes, or biometric
service by flooding the templates are stored
service with numerous
authentication attempts AUTHENTICATION
SECURITY
ISSUES
Trojan Horse Replay
An
application or physical Adversary repeats a
device masquerades as previously captured
an authentic application
Client Attacks user response
or device for the purpose Adversary attempts to
of capturing a user achieve user
password, passcode, or authentication without
biometric access to the remote
host or the intervening
communications path
Security Issue for User
Authentication

Table 3.5

Some Potential Attacks,

Susceptible Authenticators,
and Typical Defenses

(Table is on page 96 in the textbook)

 Security Issue for User Authentication

Client attacks are those in which an adversary attempts to achieve user authentication without access to the
remote host or to the intervening communications path. The adversary attempts to masquerade as a legitimate
user.
For a password- based system, the adversary may attempt to guess the likely user password.
Multiple guesses may be made. At the extreme, the adversary sequences through all possible passwords in an
exhaustive attempt to succeed.
One way to thwart such an attack is to select a password that is both lengthy and unpredictable. In effect, such a
password has large entropy; that is, many bits are required to represent the password. Another countermeasure
is to limit the number of attempts that can be made in a given time period from a given source.
A token can generate a high-entropy passcode from a low-entropy PIN or password, thwarting exhaustive
searches. The adversary may be able to guess or acquire the PIN or password but must additionally acquire the
physical token to succeed.

Host attacks are directed at the user file at the host where passwords, token passcodes, or biometric templates
are stored. Section 3.2 discusses the security considerations with respect to passwords.
For tokens, there is the additional defense of using one-time passcodes, so that passcodes are not stored in a
host passcode file. Biometric features of a user are difficult to secure because they are physical features of the
user. For a static feature, biometric device authentication adds a measure of protection. For a dynamic feature, a
challenge-response protocol enhances security.
 Security Issue for User Authentication

• Eavesdropping in the context of passwords refers to an adversary’s attempt to learn

the password by observing the user, finding a written copy of the password, or some
similar attack that involves the physical proximity of user and adversary.
• Another form of eavesdropping is keystroke logging (keylogging), in which
malicious hardware or software is installed so that the attacker can capture the user’s
keystrokes for later analysis. A system that relies on multiple factors (e.g., password
plus token or password plus biometric) is resistant to this type of attack. For a token,
an analogous threat is theft of the token or physical copying of the token. Again, a
multifactor protocol resists this type of attack better than a pure token protocol. The
analogous threat for a biometric protocol is copying or imitating the biometric
parameter so as to generate the desired template. Dynamic biometrics are less
susceptible to such attacks. For static biometrics, device authentication is a useful
countermeasure.

• Replay attacks involve an adversary repeating a previously captured user response.

The most common countermeasure to such attacks is the challenge-response protocol.
 Security Issue for User Authentication

• In a Trojan horse attack, an application or physical device

masquerades as an authentic application or device for the purpose of
capturing a user password, passcode, or biometric. The adversary can
then use the captured information to masquerade as a legitimate user. A
simple example of this is a rogue bank machine used to capture user
ID/password combinations.

• A denial-of-service attack attempts to disable a user authentication

service by flooding the service with numerous authentication attempts.
A more selective attack denies service to a specific user by attempting
logon until the threshold is reached that causes lockout to this user
because of too many logon attempts. A multifactor authentication
protocol that includes a token thwarts this attack, because the adversary
must first acquire the token.
 Summary
• Digital user authentication
principles
– A model for digital user
authentication
– Means of authentication
– Risk assessment for user
authentication
• Password-based authentication
– The vulnerability of passwords
– The use of hashed passwords
– Password cracking of user-chosen
passwords
– Password file access control
– Password selection strategies
• Token-based authentication
– Memory cards
– Smart cards
– Electronic identity cards
• Biometric authentication
– Physical characteristics
used in biometric
applications
– Operation of a biometric
authentication system
– Biometric accuracy
• Remote user authentication
– Password protocol
– Token protocol
– Static biometric protocol
– Dynamic biometric
protocol
• Security issues for user