Unit 1 Notes Computer Security
Unit 1 Notes Computer Security
Unit 1 Notes Computer Security
Unit 1
Chapter 1 Introduction to the concept of security:
Computer S(curity
Security is the protection of assets. The tlu-ec main aspects are:
• Prewntion
• Detection
• Re-action
The need for computer security:
1. For prevention of data theft such as bank account numbers, credit card inforn1at;on, passwords, work
related documents or sheets, etc.
2. To make data remain safe and confidential.
3. To provide confidentiality which ensures that only those individuals should ever be able to view data they
an; not entitled to .
4. To provide integrity which ensures that only authorized individuals should ever be able change or modif;
information.
5. To provide availability \Vhich ensure that the data or system itself is available for use when authorized user
wants it.
6. To provide authemication which deals with the desire to ensure that an authorized individual.
7. To ·provide :-:c::-:-ep~di:it;c~. -,-, !-,;,::l:. dca!s c,,:it!·, ~:'" ability to ve11fy uial message has been sent and received
by an authorized user.
.
.· -. -·- -
.
.......
- - - ~~ - : . : _ ~ ~ - ~ _,c _=:(::-.. •'/~.. - . ;, - - - - - -- --~~. · ,..._..-.-
• 1. 3 ~fC UR ln' ;\?P ~C' .\CHE'S a
•' •
' \
•
1 .:i c-:10 • n 0 :.. t':,' • ..
::::::::-"' \1 : • tn-.' ::·1:
t o,,·:: .rct.s rc1...c •' h \ )
~ l.. • ..
.t1,,n '
1. !
l
,U'l::t \\'tn- ~. S 1..' l!l\\' .H'<..''. ,•,nu
c .... n:c_·-.:t. T Cn ,,-~1.s \1c?'a
> - l',"n1 l,1n,1
n~t; ,1$ :1
·~ ~(',:n rity p1.1fo.·y, Th(.' h)\\ '\'r
f_._-m,,·:1.:~ rc.sp1."ns i~lc :·t'T ~ni;_•r'.'il~ th,' sy~tc-1n
thi.s r~,i~t'S ~H'l inth.'l'<..'.nt
me- T('B. the" hi~h c"r the' ,1$.SULU).1..' c'. H1.' \\'c'\' t'f.
h) th1..' 1..1.l.'~,~~nin~ ,'I( (\p,'rn.tin~~
pr0~~c-m (qu:te ~1:1~ i~a:· h.") the- 1.h·ci.s:1..~ ,-~ r"'btt''-l
~l ~ f't)~~ibk , ttw ~\lrl' t.)lll h111 't~
systc>rn.s ). Ir \\'c rn:1.kc> the TCE ~'l.S $ ll'l:~ n bi~~!
h ~rLh,-~1.rc. sorrw~:.rc>. :1.nd •ilrm,,-:H'c :1.rt~ hk~h- - to be- 1:1. nih.' ' ~
A , Secret
.... l
·"'.:l
~
() r,~ . -r· ,· ;'\;r ' · ·• ·
'Vt \,. ~ ~.J I
I :'!J
C a.\\ o. (.)c.
Here, the user of a computer A send a message to user of computer B. another user C gets access to this
message , which is not desired and therefore, defeats the pmpo se of Confidentiality. This type of attack is also
called as Interception.
2. Au then ti cation: Authentication helps to establish-proof of identities. The Authentication process ensures
that the origin of a message is correctly i Jenfffiecf -Fcr··examp)e, suppose that user C sends a message over the
int ernet to user B. howe,·er, the trouble is that user Chad posed us user A when he sent a message to user B.
l:a8'.'.' \ \''..".:~~ '..'.:e:- B !,_T').0'.' -' tlc~t tl,,, message has : ome from user C, who posing ao; u;;c, A 7 T1,i~ ,;um:epl i.;
Iu,~;u
_() shovm in fig . bdow. This type of attack is called as Fabrication.
CA L-----~
B
T
I C
3. Integrity:-when th·e contents of the message are changed after the sender sends it, but before it reaches the
intended recipient, we ~ay .that the integrity of the message is lost. For example, here user C tampers with a
message originally sent by user A, which is actually destined for user B. user C somehow manages to access
it, cha11ge its contents and send the changed message to user B. user B has no way of knowing that the
contents of the message were changed after user A had se:nt it. User A also does not .Know about this change.
This type of attack is called as Modification.
Ideal 1·oute orinessa.ge
A
·'·
_~·~:~;t_i::
· ._··,::..
~ - - - - -~--]•:__
,
1 11c p nn · c,p
1 l
e of n-< . , ,i/nW 1ty st ,itcs \-1I1a,, ". ..• ., 111 ( r•· 1 (i. ,; . infrJI 11 1; 1ti t1rl) ·'11<,, i\,I i
· , • •
:n11h m ·i1.cd ' pn rt ics :1 1 all t,m r•;. l·oli- , •x., 1,. du i- ' " 1h c 1111 , · 111 1r1:
. .
1. tl ;, , 1,, ".. 1•
,_11 1,1p . ', , 1111 1 !H'. ;, 1,1,: ' " ' , 11 11.
• \ C
un :1\ 1\ 1, on:.rc ·t: u s<: r .,, : ll •·1111h n 1 \7(• c 11 '-l' I 1
1 11 1. 11
, ,. ' :, , . , ·.- , . .. , ,
ns &hov.111 in Fig. l . [ i. T h b ,,·cn tld d e rC . . 1 . r i 111 i1,lc- I) (' ;1v;1i \; 1li 1l , 1 ) '· ~.. ,, Ii ,Oil .. 1: , ,, ·;
;i l I ,1 I' .
,1s i.l'l t c rt·n ptfo n .
5 .Accc ss Co ntr o l
' - I
I •
7.Authoriza tion
• AutJ1ori zation is a process of verifying th at a known person has the authorit y 10 perform ce rtain operation.
• AutJ10rization cannot occur without authenticati on.
-TYPES OF ATTACKS
\Ve can classify the types of att~cks on computers and network systems into two categories
for better understanding: (a) Theoretical concepts behind these attacks, and (b) Practical
approaches used by the ~ti.:atkers. Let us discuss these one-by-one .
I .S.1 Theoretical Conc(?j:>ts
A.s we have discussed earlier, the principles of security face threat from various attacks. These
.attacks arc generally classified· into four categories, as mentioned earlier. They are: - -
--.-fnte;c~pti.o n-Discussed in the context cf confidentiality, earlier.
• fa_b ricatiou-Disci1ss ed in the rnntext -of authentication, earlier.
• 'Modification-Di srnssed ih the contev:t of integrity, ~2-Y!.ie!".
• Interruptior~-Dis tussed in the context of avai/.nhility, earlier.
These attacks a re further grouped into two types: passive attic~ and acth·e attacks, as
shown in Fig. 1.6.
Let us discuss these two types of attacks now.
I • Passive attacks • C
Passive aiiacks are those, wherein the att.1cker indulges in evesdropping or monitoring of
~~~n. In otlier ,v(>ros-; the attacker auns to obtain intormauon that 1s m transit.
The term. passive indic~t~s that the afrac~er does not. ~UiITJ~E::rftmn.. any modllicattons
10 the~- In fact,_ thts 1_s ~lso why P;_~.1-~'. ~.-~!tacks ar·e har
er.ta detect. Thus, the g~eral
approach co d_eal w101 pa~s1ve attacks 1s to think about prevenuon, rather th._m detecuon or
corrective actions. ·
- - - • • - -•- -- - -n, - 1
lntroduetJon to the Conce~u of
St~-
,u111y
Atlacks
Passive attacks
7
Active attacks
Fig, ._
1.6 Types of attacks
'rlate/ t ,
Figm-e l .7 sho ,,•s fur the
r cla ssif ica tion of passi,•e
cat ego rie s are rel eas e of att ack s int o two sub -ca
-- -- -- ~--- ~- -- -- --~.,--
me ssa ge co::1teots and tra
ffic an alµ is .
.
teg ori ~~ Th ese
_\~r~
\--~~
Ii
V
IO I Cr,-ptog-rophy ond Network Security
Active attacks
Interruption
(Masquerade)
Modification l raoncauon ,
(Denial Of Service-00S)J
I
0 D . J or S
~mn
--- ~.. ..-- '
· (DO S)
'J ·e1..•1u .
!'-om e se n ·1ccs , wbr cl\ (he')
k _k
alta c ·s 1;1.1 'C ~:
' are eG ~c for. For ms
pt l
t:.'lnc
O p1-cv
. .
;i[:.:.~2-..,. . ,... ,,. ,~-~--- ·'\·
c:1 t lcr,rJJJ11 ;-J 1C U5e r ~ rror n ;,cc
·1 - cl i, scr nii,,hi:'
e , ,rn 11:i; irrl ,_r~,-~_c:_ . ... __. _ 1?
.
,·ss11 :h
send
\ 0(:)
t"'.}~~y l~g:1_!1 !"~~ 1cst s-~o
- ~ - ~ - - • · ·· ·
.. · I , lt'·r· the o the r 111 q llr d:.... ____ ..
"-
so as to l1oo d .the netw ork ancl.:...
~ et;vc r ~ ~..£:..1..:<_l!].~.9!.11 ~~~~ 1. )~ ~ 9ne. ;i .~ _ ._ succ ess 1n n .
- . - · - ·· -- ----- - -------
den y 01.he1· l egtt lln;r lc .
ll SC JS ,in :itc t s~ 10 ili t: 11 1w m Y ·
1. 5.1 The Prac tica l Sid -·--- -- ··· ··- -··· ···· ··- .. - -· i:
e of Att. acks
The a u acks disc ussc ~\ tarli c1·
can c o me in a 1~t1m_bc1· of rn
cbs silie d in1.o two bro a9 cate n11 s in rc:il lire. The y c:,n
gori es: app lic;, tion -lc,·c l :1 lL~c be:
sho" • n in Fig. 1.9. ' ks :111 cl ;i-i:·i:,~:;,d,-lc\"C:I ,rt t: ,cks
. :rs
:b
next ,. ,Ve ,l(ill, ri_o,~ '~ ~ 'ttre.~~-. e:-attempti;~fby 1.1si ng v=iD \.IS mec han :.sm s, as disc usse d
\ act6 $S app lica tion as ·we
t~c ~s ·intp the· aho ve two e:tte god
es, sinc e they can
I ll as nitWorl;, le•l <:ls. . sp an
.I
One can
.. "I cpl-JGU~ ~ - laun ch an -:ipp licaf i.o n-le vel att,rc ;k
v .~U J ;,. 01· a netw ork le vel .it.ta ck usin g
a viru s .
\ '1\R u.1 Co- .n ~ .. 4 ~ -.
I
! D Do.:vna..n..t ~ e •.- v ~ lo \.d. ,u . I-t
aJ ?~ e paeo-.t.l(!;)-n ·.- ,,;L9--U..l cop1JvO_
·t\-ee.l.h i! eet .d- , Ccif-'d
tv\o ...e
c~ ~ roea1:v-t:)
aJ " T ~ ~ ~- -A- ~ \Yl.D .....n -\.- \} \...ID_,u> \___.,._ ta - \-i:\._-;_A J
~ ~ 0-r> ~ ~~ Li: \.....OC..\.D ln. .-d : \ . o._'G_
r• ~J G, c~ .D r'- '? ~e ~- A -~ l,O '.P ~ Cl t \) \.,~I...A., t . .L-~ C..=...
~ ~ . °'- . d.a..otn.Jc.
D...,vc-
12:f. pv., ~\ 'yu t,U J o., \J '. o , • •
L) ·p~ v~ u : ~ ,· Q.:ti.a.c.J'1 ~
l
•r
} l L ~ r " - t g . Lev --er '"l \Jr.,s Q,l~ --io -<b<!e
"-.n .~(:_,o:"-d , b""--lQ ~o .e.
1..,J:(W ,
@~.hn.... ·-Q..~e, -~ -I-ct ~a .,d , l..t oe. \ ,l o.p.,.\..\10..d b
. \=f-==·=·=·· ==:.:::::.:.=.... ___ --~- -~ -- --- ..
---- ---·
II
1'
l( I
12 Gy p t o i;ropl,y and Nc1wor k 5ccuri ry
I
J>r or r~ 111 i
,(a) Ori~inal :i::leari ce>do (b) Virus inlec:ed code (c) Virus code
'1to u
2.. Worm
., Sin1ib r. in ,conc~ pt to a vi~1s, a """nn is acrnal
ly differe nt in imple menta tion . A vir.1s
1.nodiu es a proj;,rra111 ~Le. it .a ttache s itself to the
progra m under attack ). A w01·m, Fiow"0.·er,
-Boes n<)~ n1od{fy_ a pn~gy am . _I nstt!ad , it replica tes
Fig._·n -,:-:-r ~£!i .£.~ QW S ~fr)n4 cfi1Jia cul1:Ji'.na(cly tself ag;iin a :1cl again~- Th.is is shown in
the-e:0·1~1-e-ii~:r.~!:_l.~~E~~:~!. on
which tl\e"\,\~O,!Et-· esi$~-~:;J:>e com~~ i"s.'tJ' ,]!~~fi E~co·f
i!!?i1( to ,l h;~J~. Thus, Lhe basic purpo se
of a ,,;,qrn:,,,; ~~1.l,q; '-1;s:-i l3~et>~ fr_qn\ tfi•H q.f ;:t
V1n.1s. A worm attac:.-. a:uem pts to make the
c·o mpute r .~r the rietwb :f.k ·.ti'f1d'<:r aflli2k unusa bie
: . ·by eating all its rc:sour cc:s.
. . ,-·
3. Troj_Qn hP:tl,¢
- ·-A·'Il'~ ja1i lib'r.s~ t-s .:,; -h .t'dden,.piece: ;,p(cod e, like a virus.
Howev er, the purpo se ofa Trojan horse
is di!Ie.re:ne,. ''The'ti; i:liiii p'.u,rpose ·o'f a i.•iru:; is io make
some son o'T mo<lll tcat1on s to the target
comp uter ar net\yo rk', '\\'he·r ea,s a ·- r-roj.in horse ·
attemp ts lO rc\·eal confid ential inform ation
to au in_ra<;ke1: "I:lre: na m'e (Tr6ja n hgr.se) is di.le kl. the G'i=eek-s0Td1ers,·,.;.11ol'iid
·-·-......- . . ~--- ....... -..~ Tomi c:, a large
- .• -- ,.,._,. ~ ,. ,. ...
Goel -
_,,------::--~~ - -
0 - _,, ,1-~::s:,, ., ,.
i-( . . ....
,,
::.---
________ ,._.., .; - -~ - ---·
-- ~-- - ..... ----- .... ,- .
-- .--·-~--- ---- - ."- \r
- I
P.erfom>
Replicate re60li'roo-eatlog
Itse lf tai;~.s. bu1 no
destruction
<$
Jtse lf :tasks.ti~ilC! taslcs but no
Pe,:for.m
res ou~ a~ g
·task s; 'but .f'iO.
0q .
· des.&uc
. iloti ·
Pe11crrn
,,, .d&sWction
worrn .cc:,,da
de~ _., task sJ but no
oostruc:tlon
-:Pe'ifolin-
~ij~Th:Eif.ta'.urig ·-
~~i15.!:l,l'no
~f!tµ_cqo_n ,.
..
'
}:i_g. I! 11 Wo rm
hcl low hor s.!, wh icb was- pul fo~
:t'b y ·Tr oy ·cil ize.n s, u11 .aw are
sol die rs cnt e.~ d the city 6f'T of its con tent s. On ce the Gre
:icry-; the y op: :ne d the gat es ek
1n ::;-:m . n:...
-, 1~ -.:r......; .•,.0.. - •. for th~ res t of Gre ek sol die
'
_, .. . i:;::r,y4_{.1 ·f18 ~-~ cg_mo •. ' s1·1 enu
··
• . . n1e' co d e fio r a 1 rs.
attaclti):1g itse lf't o it. \ .Y:bt~n t:1\'<; y sll- m -og m .
' :Q$'e ;r· ~tte t,i; the ~se r id .ind scr een b y
~P-t.4'.I::e f ~f ~ _<;i,l!t:ii,ls,, A~~ ~~:P pas swo rd, the Tro jan hor
:~9}1.ili}fmfo.tJl!a;tj.pJ:?. ~o the ~tta cke r se -
yje u 's er ,,·ho -ha ~·c rit~ .ed 'ilit !:id wit hom the kno wle dge of
irl an;r:I, pas swo rd to/ gaj,H a.c¢e.·w :to.i'n: g;pa:s:s.;;.,' orc kT )ie atta eke r can
the
0·ili'~1
·s'YsJ•mi :Tr us is sho wn in Fig . n1.1me 2.
.rri ly use the use ~
. .
_ ___
l -~A...._....._ Sp.et;Ht'c;
.
....,.,A
_,,_ ~~ -
~- -
011. tp.e lnte□I.et, c<?mpµt.ers ~
I
r 21 I Cryt,toerophy and Network S,curity
. . . '
f!i,e~~t : ~~~r :. ·. I
: ;f .. ~' . ::·:, ·:·;: •· . ·., ·, .. ~ .
'
• I
r-
USER-AUTHENTICATION
/
MECHANISMS
■ 7. 1 INTRODUCTION I
One of the key aspects of cry
ptography an d ne tw or k/I nte rn
authentication. Authenticatio et sec uri ty is
n helps establish tru st by
particular user/systen1. Authe ide nti f;i ng the
- . -· --
--.:-- :: - - .. -·- - .. ntication ens-ares that the -cl
who he /sh e clain1s J.o be. Th
.
'-·.
. aim an t is really
.
~u ·
H
c:1. Lihenb" hn n n,o <>h !ln i~n ,Q
f'':l
is
.l'-'""" -.&.'-'J r.....4 ·~--
cbap~er tlis::ticises
.._.. .-_.. ....... _
the va rio us asp ec ts cf
........... ...,.
-.
I
:
. 'I
Thi~ chapter examines a11 these mechani sms of authentication jn great detail.
Jt d1scusses th e advantages and drawbacks of each one of th em. The chapter
I ~h en conclud ~s with the coverage of Kerb eros, a single sign on m echanis m
1mplemented m many real-life systems.
I 7. 2 AUTHENTICATION BASICS I
1V7w are you? This is a question that we ask evtryday and get asked. It has a
1ot of importan ce and significance in the world of cryptogra phy. As we
studied earlier, the whole concept of authenhc ation is based on determin ing
wl~ o an individua l user is, before allovling the user to go ahead and perform
actual business transacti ons using the system.
Authenti cation can be defined as determin ing an identity to the required
level of assurance-. Authentic ation is the first step in any cryptogra phic
solution. 'Ne say this because unless we know who is communi cating, there is
no point in encryptin g what is 1:-eing communi cated . As we know, the whole
purpose of encryJtio n is to steure commm1ication between two or more
p2.rtie~. lhiless ·we- c..i·c 2.b:;clutcly .s·uTe that the parties really are what they
claim to be, there is no point :n encryptin g the informati on flowing between
them. Otherwise, there is a chance th::i.t an unauthor ized user can access t}, e;.
info®ati on. I.n cryptogra phic tern1s, we can put this in other words: there is
·no use of encryption without authentic ation.
"'\11/e see authentic ation checks many times every day. We are required. to wear
and produce our identity cards at work, whenever demande d. To use our
ATM card, we must make use of the card as well as the PIN. n-1any such
examples can be given.
The w}-iole idea of authentic ation is based on secrets. Most likely, the entity
being authentic ated and the authentic ator both share the same secret (e.g.
the PIN in the ATM example). Another variation of this techniqu e is the case
where the entity being authentic ated knows a secret, and the authentic ator
knows a value that is derived from the secret. We shall study this during the
course of this chapter.
I 7. 3 PASSWORDS I
7.3.1 lntrod~ct ion
1.Its Working
This is the simp lest pass word -bas ed auth enti catio
n mec hani sm . Usu ally,
every user in the syste rn is assig ned a user id and an
initi al pass wor d. The
user chan ges the pass word perio dica lly for secu rity reas
ons. The pass wor d is
stor ed in clea r te::\.'t in the user database agai nst the user
id on the serv er. The
auth entic ation mec hani sm vwrk s as desc ribe d belo w.
Step 1: Pro mpt for Use r Id and Pas s,vo rd Dur
ing auth enti cati on , th e
appl icati on send s a scre en to the user , prom ptin g
for the user id an d
pass wurd . This is shovm in Fig. 7.1.
Step 2: Use r Ent ers Use r Id and Pass -..vo rd The
user ente rs his / her id 1
and pass word , and pres ses the OK (or an equiv1.:ent)
butt on. This caus es th e
user id and pass wor d to trav el in clear text to the serv
er. This is shown -in Fi~.
7.2. . L
Login Screen
U~ed d: -
---
Password:
----
Id:;. atul
Password= april
User database
• F.1g..
L 7 4 User a11t/1e.nticr.lor program rel unrs asuccess orJai111re message lo lite scrocr
Login successful
- - - - - -- - --------- . ---
·_. '
'
'
Step 1: The u~r'a Id end passwdrd travol
lo the servor In cJ~ar text. The ~erver
enetyPts the password using a password-enc.ry
ptlon program,
, , Login te(tuesl
Id= alul
Password: aprll
\d ;:: atul
Pa$Sword tt' [,,.9%-·
(_ . lt)gtn sutcesstul
\
User -database
Logln StJccessfu-1
0
oC
, ~ --l'°.o -,
' J
t- unu:o..flPJ,
:P ch o,0( );\ c ~o ...n d.r ~ Ot..O .n \..).r>.e.t. i..d ;. f-8 · ' ·
U..XVU.•'V\.,bo_,.( ~ 0.X '\ ~ u:G f)-fg .
-g, 0 l,1: ~ 0
t.ip ,o ~
Q
- - ----•
-----
-~- •-·-· --
•-•• ___ __
,. ,_ -.~· . ----•-•--~•...... .-~ -- ,,..,.,__
...,..... ..__..- ~
•--r~. ,,
-,, .;...,..;,._._,-";
- - - - ••'<•·• ,. -. . • '
--~-~---- -~ -~~ ·-,·- -- --
,~ f"!_-- •,,-- ..,_,.._.'0r
, ..
B~o 1n .e tric -a~t hen ~ica ti~n ~1ec hanis ms are re ceivi
n g a lo t of publ ic
atten tion. A b10m etlJ c d ev'1ce 1s perh aps the ultim ate attem pt
in t ryi n g to
prov e ,vh? ? ou are.0 bi01 netri c devic e work s on
th e basis of som e hum a n
ch a r a<:_t ~n s t 1cs, S~C~1 _as finge rprii1 ~, V C?ice, or patte
r n of-lin es in th e j r is of
~~':r eye -) ~he u s er d 0"ab a,~~ co!}t ains a samp le
of th e u ser'::; b io m e tric
ch a racte nstic s . Duri ng authe ntica ticii-i, the user
is requ ired t o prov id e
anot her samp le of the user 's biom etric char acter istic
s. This is matc hed with
the one in the dat3. base, anc;l if the two samp les are
cons idere d to be a valid one. '\ the same th en the us er is
- ...__ - /
;The impo rtant idea in bio~ trics is that the samp
le prod uced durin g every
'a uthe ntica tion proc ess can vary sligh tly. This
is beca use the phy sical
char acter istic s of the u ser may chan ge for a num ber
of reaso ns. Fo r insta nce,
supp ose the finge rprin t of the user is capt ured and
used for authe nt:i r: ati on
ever y tin1e . The samp le take n for every auth entic a [ion
may not be the same ,
beca use the Enge r can b e dirty , can have cuts, othe
r mark s er the fin ger's
posit ion on the read er can b e diffe rent, ,n1d ~0 c-~. '!'h~r
efo:r c., an exc1ct n 1atch
of the sa}J}_p le need not be requ ired. An appr
f1 oxim ate matc h can be
acce ptabl e. ·
---- ~
/ This :.s alsc( the rL 3.Son why , durin g ilie user regis
tratio n proc ess, mult iple
°' .?am ples of the user biom etric
data are creat ed. They are comb ined and their
aver age store d in ilie user datab ase, so that the diffe
rent possi biliti es of the
user 's san1o les durin g the actua l auili entic ation can
roug hly map to iliis
avera ge samp le. Usin g this basic philo soph y, WY biom
etric auth entic ation
· sys~ m defin es two conf igura ble para mete rs:__ the
Fals e Acc ept Rati o
(FAR ) and the Fals e Reje ct Rati o (FRR ). The
FAR is a meas urem ent of
the chan ce that a user who shou ld be rejec ted is
·actu ally acce pted l;)y a
syste m as good enou gh. FRR is a meas urem ent of tl1e
·chan ce iliat a user who
shou ld be acce pted as valid is actua lly rejec ted by
a syste m as n ot good
e noHg li-:---T hus, FAR and FRR are exac tly oppo site of e.
,/ - ·- -- . -- . . .
. .
.
a ch oilie r.
. . .. . ....
Perh aps the best secu rity solut ion is to cou1 bine the
passv .rord /PIN , a smar t
card and biom etric s. It cove rs all the three key
aspe cts relat ed to
Q; auth entic ation : who you are, what you have , and wha
t you know . How ev er,
this can turn out to be an extre n1ely comp lex syste m
. to build and/ or use .
.
7. 6. 2 The Work ing of-B iome trics
A typ1c3] auth entic ation proc ess invol ving biom etric
s firstl y invol ves the
creat ion of th e u ser's samp le and its stora ge in the user
d a t abase . Duri ng the
. t10
act ua] auth entica . n, th : req ·red to pro vid e a sam ple ot
· e use r 1s tu . .
nat ure (e.g. a ret ina sca n or a fing erp rint ). Th1s 1s usua11y sen t ~C'.\
enc iyp ted ses sio n (e.g. by using S~L) to
tl1e serve.r. On th e se~ :er, the /·
cur ren t sam ple is dec ryp ted , and con
1pared W1th the one ,)to r e<l_ · n "-
dat aba se. If the two sam ple s ma tch to the
exp~cted d~gree on th e bas1s_.°,f fh\
par ticu lar values of FAR or FRR, the
use r 1s cons1dered as aut hen t1c ate o
successfully. OtherV\rise, the use r is con sid
ere d as invalid.
7.6 . 3 Bio me tric Tec hni que s
Biometric tec hni que s are generally classifi
ed into two sub -ca teg ori es, nam ely
ph ysi olo gic al and beh avi ora l. Let us
discuss the se in brie f.
1. Ph ysi olo gic al Tec hni que s