user authentication for
play

User Authentication for Emerging Interfaces Nasir Memon Tandon - PowerPoint PPT Presentation

May 11, 2023 •114 likes •675 views

User Authentication for Emerging Interfaces Nasir Memon Tandon School of Engineering New York University Identity Identity and Authentication What is identity? A computers representation of an unique entity (principal). What is

  1. User Authentication for Emerging Interfaces Nasir Memon Tandon School of Engineering New York University

  2. Identity

  3. Identity and Authentication • What is identity? – A computer’s representation of an unique entity (principal). • What is authentication? – Binding principal to system ’ s internal representation of identity. • Why do we need identity? – Accountability – Access control

  4. Authenticating Computers and Humans

  6. SOMETHING YOU ARE - Biometrics

  7. Shoulder surfing or Insiders Usability

  8. What You Know

  9. Guessing Passwords

  10. RAINBOW TABLES ??

  11. Recent Leaks

  12. Password policies

  13. Password are hard to replace

  14. Why?? Usability  Memorywise Effortless  Scalable for users  Nothing-to-Carry  Physically-Effortless  Easy-to-Learn  Efficient-to-Use  Infrequent-Errors  Easy-Recovery-from-Loss Bonneau, Herley, Oorschot and Stajano 14

  15. Why?? Security  Resilient-to-Physical-Observation  Resilient-to-Targeted-Impersonation  Resilient-to-Throttled-Guessing  Resilient-to-Unthrottled-Guessing  Resilient-to-Internal-Observation  Resilient-to-Leaks-from-Other-Verifiers  Resilient-to-Phishing  Resilient-to-Theft  No-Trusted-Third-Party  Requiring-Explicit-Consent  Unlinkable 15

  16. Why?? Deployability  Accessible  Negligible-Cost-per-User  Server compatible  Browser compatible  Mature 16

  17. But it is not due to lack of trying …

  18. Google’s attempt …

  19. And academics and startups …

  20. Game Changer? - Emerging Interfaces

  21. Emerging Interfaces

  22. Emerging Interfaces

  23. Emerging Interfaces

  24. Game Changer - Mobility

  25. Continuous Authentication

  26. Different Approaches

  27. Evaluation - Security • Random Guessing • False positives • Shoulder surfing • Insider threat • Replay attack

  28. Evaluation - Usability • Memorability • True positives • Efficiency • Satisfaction • Universality

  29. Touch interface

  30. Android Pattern Lock – Recall Based

  31. Windows 8 Picture Password

  32. Single Finger Touch – Online Signatures

  33. • What is this about? Single Finger Touch – Draw-a-PIN 9/30/2016 33

  34. Touch motion

  35. Multi-touch gestures

  36. Camera interface

  37. Face Recognition

  38. Authentication with body gestures Database Access point 𝑍 𝑊 Similar? 𝑎 Slide courtesy of Konrad and Easwar

  39. Hand Gestures

  40. Eye Gaze SSIP 2009 40

  41. Camera and Private Display

  42. Motion Sensor

  43. Motion Sensors

  44. Leap Motion Gestures

  45. Leap Motion Sensor

  46. Waving a device

  47. Head Banger!

  48. Electroencephalograph - EEG • Brain has continuous electrical activity that can be recorded • Pairs of electrodes attached to scalp form distinct channels • Weak signal ~millivolts is sent thru amplifier • Continuous output recorded via galvanometer.

  49. NeuroSky Mindset

  50. Summary

  51. Summary

  52. Summary

  53. Also - Fingerprint Sensors

  54. Partial Fingerprints

  55. Master Prints

  56. Thank you!! Questions? memon@nyu.edu

Recommend

Django User Authentication OVERVIEW OF USER AUTHENTICATION Anthony Alampi OWNER, X FACTOR

Django User Authentication OVERVIEW OF USER AUTHENTICATION Anthony Alampi OWNER, X FACTOR

Django User Authentication OVERVIEW OF USER AUTHENTICATION Anthony Alampi OWNER, X FACTOR CONSULTANTS www.XFactorConsultants.com User Authentication (Auth) The methods by which a web app verifies the identity of a user and limits their

334 views • 8 slides
Information Security Identification and authentication Advanced User Authentication I 2019-02-01

Information Security Identification and authentication Advanced User Authentication I 2019-02-01

Information Security Identification and authentication Advanced User Authentication I 2019-02-01 Amund Hunstad Guest Lecturer, amund@foi.se Agenda for this part of the course Background Statistics in user authentication Biometric systems

573 views • 32 slides
Information Security Identification and authentication Advanced User Authentication I 2018-02-02

Information Security Identification and authentication Advanced User Authentication I 2018-02-02

Information Security Identification and authentication Advanced User Authentication I 2018-02-02 Amund Hunstad Guest Lecturer, amund@foi.se Agenda for this part of the course Background Statistics in user authentication Biometric systems

568 views • 41 slides
Information Security Identification and authentication Advanced User Authentication I 2016-01-26

Information Security Identification and authentication Advanced User Authentication I 2016-01-26

Information Security Identification and authentication Advanced User Authentication I 2016-01-26 Amund Hunstad Guest Lecturer, amund@foi.se Agenda for this part of the course Background Statistics in user authentication Biometric systems

865 views • 40 slides
User Authentication Passport Jason Situ Passport What is it? Passport is authentication

User Authentication Passport Jason Situ Passport What is it? Passport is authentication

User Authentication Passport Jason Situ Passport What is it? Passport is authentication middleware for Node. It is designed to serve a singular purpose: authenticate requests. Supports a comprehensive set of authentication mechanisms called

808 views • 16 slides
USABLE SECURITY GRAD SEC SEP 28 2017 USER AUTHENTICATION What we know (passwords) What we

USABLE SECURITY GRAD SEC SEP 28 2017 USER AUTHENTICATION What we know (passwords) What we

USABLE SECURITY GRAD SEC SEP 28 2017 USER AUTHENTICATION What we know (passwords) What we have (tokens) What we are (iris, fingerprint) [Accuracy vs. cost trade-off] Other USER AUTHENTICATION INKBLOT AUTHENTICATION Come up with

671 views • 20 slides
Information Security Identification and authentication Advanced User Authentication II

Information Security Identification and authentication Advanced User Authentication II

Information Security Identification and authentication Advanced User Authentication II 2016-01-29 Amund Hunstad Guest Lecturer, amund@foi.se Agenda for lecture I within this part of the course Background Authentication eID

683 views • 44 slides
Information Security Identification and authentication Advanced User Authentication II

Information Security Identification and authentication Advanced User Authentication II

Information Security Identification and authentication Advanced User Authentication II 2019-02-08 Amund Hunstad Guest Lecturer, amund@foi.se Agenda for lecture I within this part of the course Background Authentication eID

1.19k views • 102 slides
Network Security Topic 3: User Authentication Topic 3: User Authentication 1 Reading for this

Network Security Topic 3: User Authentication Topic 3: User Authentication 1 Reading for this

5/25/2019 Network Security Topic 3: User Authentication Topic 3: User Authentication 1 Reading for this Lecture 5/25/2019 Password Topic 3: User Authentication Password strength Salt_(cryptography) Password cracking

1.03k views • 75 slides
Information Security Identification and authentication Advanced User Authentication III

Information Security Identification and authentication Advanced User Authentication III

Information Security Identification and authentication Advanced User Authentication III 2016-02-02 Amund Hunstad Guest Lecturer, amund@foi.se Agenda for lecture II within this part of the course Background Statistics Statistics in user

1.49k views • 70 slides
User authentication on the web Joseph Bonneau

User authentication on the web Joseph Bonneau

User authentication on the web Joseph Bonneau Computer Laboratory Part II Security lecture 2012 J. Bonneau (U. of Cambridge) User authentication on the web February 22, 2012 1 / 41

1.72k views • 132 slides
Information Security Identification and authentication Advanced User Authentication II and III

Information Security Identification and authentication Advanced User Authentication II and III

Information Security Identification and authentication Advanced User Authentication II and III (somewhat abbreviated ) 2018-02-09 Amund Hunstad Guest Lecturer, amund@foi.se Agenda for lecture I within this part of the course Background

1.24k views • 106 slides
User Authentication Storing Passwords Selecting Passwords ITS335: IT Security Tokens

User Authentication Storing Passwords Selecting Passwords ITS335: IT Security Tokens

ITS335 User Authentication Authentication Passwords User Authentication Storing Passwords Selecting Passwords ITS335: IT Security Tokens Biometrics Sirindhorn International Institute of Technology Summary Thammasat University Prepared

663 views • 40 slides
TLS 1.3 Client Authentication Andrei Popov, Microsoft Corp. Issue 1: TLS Client Authentication

TLS 1.3 Client Authentication Andrei Popov, Microsoft Corp. Issue 1: TLS Client Authentication

TLS 1.3 Client Authentication Andrei Popov, Microsoft Corp. Issue 1: TLS Client Authentication After the Handshake The user navigates to the sites landing page, no client authentication required. Eventually, the user requests a

69 views • 6 slides
ISE 331 Fundamentals of Computer Security Authentication and Attacks Agenda User

ISE 331 Fundamentals of Computer Security Authentication and Attacks Agenda User

ISE 331 Fundamentals of Computer Security Authentication and Attacks Agenda User Authentication Authentication process Means of authentication Passwords Vulnerabilities of passwords Password Cracking Dictionary Attacks

472 views • 21 slides
Authentication Authentication Overview Registration User sends username and password

Authentication Authentication Overview Registration User sends username and password

Authentication Authentication Overview Registration User sends username and password Validate password strength Store salted hash of the password Authentication User sends username/password Retrieve the stored salted

359 views • 20 slides
A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization, Sessions Authentication Determining user identity Multiple ways What you know (password) What you have (phone, RSA SecureID, Yubikey)

1.57k views • 28 slides
Challenge/Response Authentication Authentication by what questions you can answer correctly

Challenge/Response Authentication Authentication by what questions you can answer correctly

Challenge/Response Authentication Authentication by what questions you can answer correctly Again, by what you know The system asks the user to provide some information If its provided correctly, the user is authenticated

233 views • 20 slides
Integrating Legacy User Authentication with HIP Jani Hautakorpi (Jani.Hautakorpi@hut.fi) 1 / 11

Integrating Legacy User Authentication with HIP Jani Hautakorpi (Jani.Hautakorpi@hut.fi) 1 / 11

T-110.557 Research Seminar on Telecommunications Software Integrating Legacy User Authentication with HIP Jani Hautakorpi (Jani.Hautakorpi@hut.fi) 1 / 11 Contents HIP base exchange Selected legacy user authentication mechanisms:

241 views • 11 slides
Computer and Information Security Fall 2020 User Authentication and Access Control Tyler Bletsch

Computer and Information Security Fall 2020 User Authentication and Access Control Tyler Bletsch

ECE560 Computer and Information Security Fall 2020 User Authentication and Access Control Tyler Bletsch Duke University User Authentication Determining if a user is who they say they are before giving them access. 2 The four means of

1.15k views • 70 slides
ECE590 Computer and Information Security Fall 2018 User Authentication and Access Control Tyler

ECE590 Computer and Information Security Fall 2018 User Authentication and Access Control Tyler

ECE590 Computer and Information Security Fall 2018 User Authentication and Access Control Tyler Bletsch Duke University User Authentication Determining if a user is who they say they are before giving them access. 2 The four means of

1.24k views • 66 slides
Computer and Information Security Fall 2019 User Authentication and Access Control Tyler Bletsch

Computer and Information Security Fall 2019 User Authentication and Access Control Tyler Bletsch

ECE590 Computer and Information Security Fall 2019 User Authentication and Access Control Tyler Bletsch Duke University User Authentication Determining if a user is who they say they are before giving them access. 2 The four means of

1.02k views • 70 slides
Two factor authentication Open, trustworthy and enterprise ready Two factor authentication

Two factor authentication Open, trustworthy and enterprise ready Two factor authentication

Version 1.0 Cornelius Klbel (corny@cornelinux.de) May 2014 (CC BY-NC-SA 4.0) Everybody knows that a password - be it simple or even complex - is a potential vulnerability. Two factor authentication is the way to authenticate a user not only

400 views • 5 slides
Users and security Authentication Making sure a user is who they say they are ...on

Users and security Authentication Making sure a user is who they say they are ...on

Users and security Authentication Making sure a user is who they say they are ...on every request! Authorization Making sure a user can only get to information they are supposed to see Making sure a user can only perform

801 views • 30 slides

More recommend