Identification and Authentication

Loading...

Del curso dictado por New York University Tandon School of Engineering

Cyber Attack Countermeasures

176 calificaciones

New York University Tandon School of Engineering

Cyber Attack Countermeasures

176 calificaciones

Curso 2 de 4 en SpecializationIntroduction to Cyber Security

This course introduces the basics of cyber defense starting with foundational models such as Bell-LaPadula and information flow frameworks. These underlying policy enforcements mechanisms help introduce basic functional protections, starting with authentication methods. Learners will be introduced to a series of different authentication solutions and protocols, including RSA SecureID and Kerberos, in the context of a canonical schema. The basics of cryptography are also introduced with attention to conventional block ciphers as well as public key cryptography. Important cryptographic techniques such as cipher block chaining and triple-DES are explained. Modern certification authority-based cryptographic support is also discussed and shown to provide basis for secure e-commerce using Secure Sockets Layer (SSL) schemes.

De la lección

Understanding Authentication Protocols

This module introduces important protocols and techniques associated with advanced authentication processes.

Assignments and Reading2:56

Identification and Authentication6:33

Factors of Authentication including 2FA8:39

Authentication Protocol Schema and Zones6:15

Passwords and Analysis5:47

Hand-Held Authentication Protocol (Part 1: Implementation)5:18

Hand-Held Authentication Protocol (Part 2: Analysis and Cryptanalysis)6:29

Welcome Lior Frenkel9:57

RSA SecureID Protocol (Part 1: Implementation)6:39

RSA SecureID Protocol (Part 2: Analysis)4:49

Conoce a los instructores

Dr. Edward G. Amoroso
Research Professor, NYU and CEO, TAG Cyber LLC
Computer Science

Hi, Adam Row.

So I want to welcome you to a section of our course now,

where we are digging into classical cybersecurity.

And we're going to start with what I think maybe the most important primitive in

cyber it's called authentication.

And let's talk a little bit about this because I think he asked ten cybersecurity

experts, what is the one most important thing you can do,

if you're allowed to have one thing what would you pick?

They'd all say authentication.

The idea that, if Alice and Bob are communicating, this ability for

Alice to identify herself to Bob in such a manner,

that Bob can be pretty confident that it's really Alice.

That's for many people the most important thing that goes on, so

let's start with the idea of identification.

How do we identify ourselves just in regular life?

How do I Identify that I'm Ed?

If I meet you somewhere and I woke up to you and I say, hey, how you doing?

I'm Ed, I hope you enjoy the course and you see me.

You see my face, you see my voice, you see who I am.

Contextually, maybe there's a reason why we would see each other.

You probably pretty confident when I say I'm Ed, that's fine, and

question is my name a secret.

Is your identifier a secret?

Is your email address a secret?

Is your phone number a secret?

These are weird questions, right?

Your phone number, let's say I said, is your mobile number a secret?

You would say, of course not.

It's on my business card, or I tell my friends, or whatever.

But if you're in some creepy bar somewhere and some weirdo comes up to you and

says, hey, can I have your mobile number?

You're probably not going to be sharing it, and

you're glad that at least in some sense it's secret.

So there's this weird kind of concept of what's secret, what's not.

Your user ID.

If I know your user ID for

a particular system you use, we all know that most systems have lockout.

Which means, if I know your user ID,

I can type it in, I can type a bogus password, it'll say no.

I type your user ID, I type a bogus password, it'll say no.

I do it enough times, I lock you out.

Just by knowing your User ID.

So is it secret?

Should it be secret?

Kind of an open question in cybersecurity, but the one thing we do know, is that

after reporting an identity, we want to be able to validate it's authenticity.

So, the definition of authentication is the process of reporting,

rather the process of validating a reported identify.

Alice says, I'm Alice,

Bob takes some authentication steps to validate that reported identify.

Is that make sense?

So, that possibility as you'll see is harder than it sounds.

Now again, human beings we said a minute ago, you see me,

you probably look me over, hear my voice, ask me a couple of questions and

you kind of know that I'm me.

What if I'm behind the wall, and I say, Hamed, and what if my voice is disguised?

So now you can't use my face,

you can't use my voice, how do you figure out that I'm me?

Chances are, you're going to do something called challenge.

Meaning, you're going to say, all right, let's see if you're ED.

What did you say on the last video I watched that blah, blah, blah, blah, blah,

and maybe that's a good test, maybe it's not.

It's probably a lot of people watching the video so

a lot of people could answer that.

Maybe that's a terrible challenge to determine my authenticity, but

you get the idea.

Subsequent video we're going to spend some time on the proof factors, but for now,

let's think about a couple of different possibilities for authentication.

One, is a client reporting an identity to a server.

And the server saying, hey, client prove that you are who you say you are.

That's called client authentication, which you would guess.

Person with a browser trying to get on to a server and it's says,

well, before you can come on, you gotta prove you are who you are.

Second possibility, is a server reports an identity to a client.

And the client says, hey, server, prove who you are.

Now why would you do that?

Again, client with a browser, and

now e-commerce site that would like you to send a credit card.

And you go, hey, I'm www.walmart.com., please send money.

And what would happen is, the client would say, well prove your really Walmart.

And Walmart would, it's all protocol for that.

That's called server authentication.

That makes sense?

You either authenticate client or authenticate a server, and

then all variations on that, peer authentication is to peers authenticating.

Mutual authentication is, I authenticate you, you authenticate them.

Like in mobility 2G, 3G service, 3G,

the second generation, third generation, like UMTS,

didn't have the correct concept of server,

rather tower and handset authentication.

2G a handset will pretty much connect to anything.

By the time we got to 4G and 5G, a lot of that is fixed.

Some in 3G, but with fallback, it still caused some problems.

But you get the idea, that you can do client authentication,

server authentication, mutual authentication, peer authentication.

This is all just around the direction.

So, hopefully, that's going to be useful for you.

Now I want to offer a little quiz here, just to make sure we're together on some

of the basic concepts of identification authentication.

As if you look at the three, you can see that answer c is right,

like that's the essence of user ID, be it privacy and secrecy.

The idea that it's really not that easy to determine whether your mobile number,

your user ID, your email address is truly secret.

It's sort of secret, but sort of not.

That discomfort is normal in cybersecurity, not everything is so

crystal clear.

Other things kind of determine or determined by the context.

So keep that in mind as you continue to think about, and grow and

learn more about cybersecurity.

In our next video, we'll look at some of the proof factors used in authentication.

Explora nuestro catálogo

Inscríbete de manera gratuita y obtén recomendaciones personalizadas, actualizaciones y ofertas.

Coursera brinda acceso universal a la mejor educación del mundo, al asociarse con las mejores universidades y organizaciones, para ofrecer cursos en línea.

© 2019 Coursera Inc. Todos los derechos reservados.

Descargar en la App Store

Consíguelo en Google Play