Post on 15-Apr-2017
transcript
AUTHENTICATION TOKENS
Authentication tokens are used to prove one's identity electronically .
sometimes a hardware token, security token, USB token, cryptographic token, software token, virtual token etc.
• The token use a password to prove that the customer is who they claim to be.
• The token acts like an electronic key to access something.
• Some may store cryptographic keys,1. digital signature2. biometric data3. fingerprint minutiaer.
Time-synchronized one-time passwords
Time-synchronized one-time passwords change constantly at a set time interval, e.g. once per minute. To do this some sort of synchronization must exist between the client's token and the authentication server.
Mathematical-algorithm-based one-time passwords
Another type of one-time password uses a complex mathematical algorithm, such as a hash chain, to generate a series of one-time passwords from a secret shared key. Each password is unguessable, even when previous passwords are known.
Connected tokens
•Connected tokens are tokens that must be physically connected to the computer with which the user is authenticating. •Tokens in this category automatically transmit the authentication information to the client computer once a physical connection is made, eliminating the need for the user to manually enter the authentication information
• To use a connected token, the appropriate input device must be installed. The most common types of physical tokens are smart cards and USB tokens, which require a smart card reader and a USB port
• The number must be copied into the PASSCODE field by hand.
• Disconnected tokens have neither a physical nor logical connection to the client computer.
• They typically do not require a special input device, and instead use a built-in screen to display the generated authentication data, which the user enters manually themselves via a keyboard or keypad.
DISCONNECTED TOKENS
SMART CARDSFUTURE LIFE………
MAGNETIC STRIPE CARDSStandard technology for bank cards, driver’s licenses, library cards, and so on……
OPTICAL CARDSUses a laser to read and write the card Photo IDFingerprint
MEMORY CARDS• Can store:
Financial InfoPersonal InfoSpecialized Info
• Cannot process Info
ITECH 7215 Information Security
MICROPROCESSOR CARDS/SMART CARD
• Store information• Carry out local processing• Perform Complex Calculations
WHAT IS A SMART CARD?
A Smart card is a plastic card about the size of a credit card, with an embedded microchip that can be loaded with data.
The standard definition of a a smart card, or integrated circuit card (ICC), is any pocket sized card with embedded integrated circuits.
CONTACT SMART CARDS
Requires insertion into a smart card reader with a direct connection
This physical contact allows for transmission of commands, data, and card status to take place
CARD ELEMENTSMagnetic Stripe
Chip
Embossing (Card Number / Name / Validity,etc.)
Logo
Hologram
ELECTRICAL SIGNALS DESCRIPTION
: Clocking or timing signal (optional use by the
card).
GND : Ground (reference voltage).
VPP : Programming voltage input (deprecated /
optional use by the card).
I/O : Input or Output for serial data to the integrated
circuit inside the card.
VCC : Power supply input
: reset signal supplied from the interface deviceRST
CLK
WORKING STRUCTURE
• Central Processing Unit: Heart of the Chip• All the processing of data preforms in here.
CPU
WORKING STRUCTURE• security logic: detecting abnormal
conditionse.g. low voltage
CPU
security
logic
WORKING STRUCTURE• serial i/o interface: contact to the
outside world
CPU
security
logicserial
i/ointerfac
e
WORKING STRUCTURE• test logic: self-test procedures
CPU
security logic
serial i/ointerface
test logic
WORKING STRUCTUREROM:•self-test procedures•typically 16 bytes•future 32/64 bytes
CPU
security logic
serial i/ointerface
test logicROM
WORKING STRUCTURE
RAM:•‘Buffer memory’ of the processor•typically 512 bytes•future 1 byte
CPU
security
logicserial i/ointerface
test logic
ROM
RAM
WORKING STRUCTUREEEPROM:•cryptographic keys•PIN code•biometric template•typically 8 bytes•future 32 bytes
CPU
security logic
serial i/ointerface
test logicROMRAM
EEPROM
WORKING STRUCTURE
Databus:•connection between elements of the chip•8 or 16 bits wide
CPU
security logic
serial i/ointerface
test logic
ROM
RAMEEPRO
M
Databus
SMART CARD READERS
Computer based readersConnect through USB or COM (Serial) ports
Dedicated terminalsUsually with a small screen, keypad, printer, often also have biometric devices such as thumb print scanner.
WHY SMART CARDS?
Security: Data and codes on the card are encrypted by the chip maker.
Trust: Minimal human interaction.
Portability.
Less Paper work: Eco-Friendly
WHY USE SMART CARDS?
Can store currently up to 7000 times more data than a magnetic stripe card.
Information that is stored on the card can be updated. Magnetic stripe cards are vulnerable to many types of
frauds A single card can be used for multiple applications (cash,
identification, building access, etc.) Smart cards provide a 3-fold approach to authentic
identification:• Pin (password)• Cryptographic verification• Biometrics
PASSWORD VERIFICATION
Terminal asks the user to provide a password. Password is sent to Card for verification. permit user authentication.
CRYPTOGRAPHIC VERIFICATION
Terminal verify card (INTERNAL AUTH) Terminal sends a random number to card to be
hashed or encrypted using a key. Card provides the hash or cyphertext.
Terminal can know that the card is authentic. Card needs to verify (EXTERNAL AUTH) Primarily for the “Entity Authentication”
BIOMETRIC TECHNIQUES
Finger print identification. Features of finger prints can be kept on the card (even verified
on the card) Photograph/IRIS pattern etc.
Such information is to be verified by a person. The information can be stored in the card securely
SMART CARD APPLICATIONS
Government programs Banking & Finance Mobile Communication Pay Phone Cards Transportation Electronic Tolls Passports Electronic Cash Retailer Loyalty Programs Information security
STUDENT ID CARD
A student ID card, containing a variety of applications such as electronic purse (for vending machines, laundry machines, library card, and meal card).
ADVANTAGES
Proven to be more reliable than the OTHER cards. Can store up to thousands of times of the information than the magnetic
stripe card. Reduces tampering through high security mechanisms. Can be disposable or reusable. Performs multiple functions. Has wide range of applications (e.g., banking, transportation, healthcare...) Compatible with portable electronics (e.g., PCs, telephones...)
DISADVANTAGES.
In the example of internet banking, if the PC is infected with any kind of malware, the security model is broken. Malware can override the communication (both input via keyboard and output via application screen) between the user and the internet banking application (eg. browser). This would result in modifying transactions by the malware and unnoticed by the user. There is malware in the wild with this capability (eg. Trojan. Silentbanker).
THANK YOU