Lecture 8: Authentication

Key exchange and authentication

• Identification
• Authentication
• Authorization
• Pre-shared key
• Mutual authentication
• Trusted third party
• Session key
• Security protocol notation
• Nonce
• Replay attack
• Needham-Schroeder protocol
• Denning-Sacco modification
• Otway-Rees Protocol
• Kerberos
  • Authentication Service
  • Ticket Granting Service
  • Ticket

User authentication

• Factors of authentication
• Multi-factor authentication
• Password Authentication Protocol (PAP)
• Password hashes
• Dictionary attack
• Precomputed hashes
• Salt
• Password manager
• Reusable vs. one-time passwords
• One-time passwords
  • Forms of one-time passwords
  • Sequence-based passwords
  • Challenge-based passwords
  • Time-based passwords
  • Challenge Handshake authentication protocol
  • TOTP authentication
  • You don’t need to know RSA SecurID, SASL, or Yubikey
  • Main-in-the-middle (MitM) attacks

Biometric authentication

• Pattern recognition
• False Accept Rate (FAR)
• False Reject Rate (FRR)
• Behavioral biometrics
• Minutiae points
• Robustness
• Distinctiveness
• Enrollment
• Feature Extraction
• Compartmentalization

Human verification

• CAPTCHA
• Gestalt Psychology
• Problems with CAPTCHA
• reCAPTCHA
• NoCAPTCHA reCAPTCHA
• Invisible reCAPTCHA
• Risk analysis