Cryptography and authentication
mbadhi
602 views
25 slides
Apr 24, 2019
Slide 1 of 25
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
About This Presentation
This slide has the more about tools and techniques under informantion security and operating systems thus more of cryptography
Slide Content
Cryptography and authentication GROUP 5 NAME handling AMONG TEDDY MBADHI BARNABAS cryptography LOMUDE GODFREY NABAGESERA NULU NABATANZI SHARON authentication
Cryptography Definition of 'Cryptography' -the process of converting ordinary plain text into unintelligible text and vice-versa. -It is a method of storing and transmitting data in a particular form so that only those for whom it is intended can read and process it. Cryptography not only protects data from theft or alteration, but can also be used for user authentication.
Modern cryptography concerns with: Confidentiality - Information cannot be understood by anyone Integrity - Information cannot be altered. Non-repudiation - Sender cannot deny his/her intentions in the transmission of the information at a later stage Authentication - Sender and receiver can confirm each
Three types of cryptographic techniques used in general. 1. Symmetric-key cryptography - classical cryptography - transposition chiper - substitution chiper - modern crytography -stream chiper -block chiper 2. Hash functions. 3. Public-key cryptography
Symmetric-key Cryptography Both the sender and receiver share a single key. The sender uses this key to encrypt plaintext and send the cipher text to the receiver. On the other side the receiver applies the same key to decrypt the message and recover the plain text.
Classfication of symmetric-key cryptography Classical cyptography These inculde;- - transposition chiper - substitution chiper
Modern cryptography modern cyptography These inculde;- - stream chiper -block chiper
Public-Key Cryptography/Asymmetric-key cryptography -This is the most revolutionary concept in the last 300-400 years. In Public-Key Cryptography two related keys (public and private key) are used. -Public key may be freely distributed, while its paired private key, remains a secret. -The public key is used for encryption and for decryption private key is used.
Hash Functions Hash Functions: No key is used in this algorithm. A fixed-length hash value is computed as per the plain text that makes it impossible for the contents of the plain text to be recovered. Hash functions are also used by many operating systems to encrypt passwords. -Hash function is an algorithm that can be run on data such as an individual file or a password to produce a value called a checksum -Some commonly used cryptographic hash functions include MD5 and SHA-1, although many others also exist.
Hash Functions
summary
Definition of 'Authentication' Definition: Authentication is the process of recognizing a user’s identity. It is the mechanism of associating an incoming request with a set of identifying credentials. The credentials provided are compared to those on a file in a database of the authorized user’s information on a local operating system or within an authentication server
Authentication in cybersecurity Authentication is important because it enables organizations to keep their networks secure by permitting only authenticated users (or processes) to access its protected resources, which may include computer systems, networks, databases, websites and other network-based applications or services.
How authentication is used User authentication occurs within most human-to-computer interactions outside of guest accounts, automatically logged-in accounts and kiosk computer systems. Generally, a user has to choose a username or user ID and provide a valid password to begin using a system. User authentication authorizes human-to-machine interactions in operating systems and applications, as well as both wired and wireless networks to enable access to networked and internet-connected systems, applications and resources
How authentication works During authentication, credentials provided by the user are compared to those on file in a database of authorized users' information either on the local operating system or through an authentication server. If the credentials match, and the authenticated entity is authorized to use the resource, the process is completed and the user is granted access. The permissions and folders returned define both the environment the user sees and the way he can interact with it, including hours of access and other rights such as the amount of resource storage space.
Authentication factors Authenticating a user with a user ID and a password is usually considered the most basic type of authentication, and it depends on the user knowing two pieces of information: the user ID or username, and the password. Since this type of authentication relies on just one authentication factor, it is a type of single-factor authentication . Strong authentication is a term that has not been formally defined, but usually is used to mean that the type of authentication being used is more reliable and resistant to attack; achieving that is generally acknowledged to require using at least two different types of authentication factors
Currently used authentication factors include: -Knowledge factor: "Something you know." The knowledge factor may be any authentication credentials that consist of information that the user possesses, including a personal identification number (PIN), a user name, a password or the answer to a secret question. .
Possession factor : "Something you have." The possession factor may be any credential based on items that the user can own and carry with them, including hardware devices like a security token or a mobile phone used to accept a text message or to run an authentication app that can generate a one-time password or PIN.
Inherence factor: "Something you are." The inherence factor is typically based on some form of biometric identification, including finger or thumb prints, facial recognition, retina scan or any other form of biometric data from the three above
Location factor: "Where you are." While it may be less specific, the location factor is sometimes used as an adjunct to the other factors. Location can be determined to reasonable accuracy by devices equipped with GPS, or with less accuracy by checking network routes. The location factor cannot usually stand on its own for authentication, but it can supplement the other factors by providing a means of ruling out some requests. For example, it can prevent an attacker located in a remote geographical area from posing as a user who normally logs in only from home or office in the organization's home country.
Time factor: "When you are authenticating." Like the location factor, the time factor is not sufficient on its own, but it can be a supplemental mechanism for weeding out attackers who attempt to access a resource at a time when that resource is not available to the authorized user. It may also be used together with location as well. For example, if the user was last authenticated at noon in the U.S., an attempt to authenticate from Asia one hour later would be rejected based on the combination of time and location.
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 602
- Slides 25
- Favorites 2
- Age 2413 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views