02 User Authentication - SAP
02 User Authentication - SAP
(UMN)
Impersonation
IDENTIFIKASI
1 Tindakan menegaskan/ memastikan
siapa seseorang.
Dua Langkah
menentukan siapa
seseorang?
?? 2
AUTENTIKASI
Tindakan membuktikan identitas yang
ditegaskan itu.
IDENTIFICATION VS AUTHENTICATION
Identifikasi dan otentikasi adalah dua istilah yang menggambarkan fase awal dari
proses yang memungkinkan akses ke suatu sistem.
Identifikasi berkaitan dengan penyediaan identitas, sementara otentikasi berkaitan
dengan pemeriksaan yang dilakukan untuk memastikan validitas identitas yang
diklaim. Sederhananya, proses identifikasi melibatkan membuat klaim ke identitas,
sedangkan proses otentikasi melibatkan membuktikan identitas it
Contoh:
2 mekanisme otentikasi yang digunakan dalam protokol email:
• Kata sandi yang melindungi akun email.
• Fungsi sistem untuk mengganti kata sandi yang diduga
terlupa.
LOSS
• What if the user loses the password?
• The operators or system administrators cannot determine
what password a user had chosen previously.
Even though they are
widely used, passwords USE
suffer from some Supplying a password for each access to an object can be
difficulties of use. inconvenient and time consuming.
DISCLOSURE
If a user discloses a password to an unauthorized
individual, the object becomes immediately accessible.
REVOCATION
To revoke one user’s access right to an object, someone
must change the password: The user must inform any
other legitimate users of the new password because their
old password will fail.
ATTACKING AND PROTECTING PASSWORD
Brute Force
The attacker tries all possible passwords,
usually in some automated fashion.
Something the user knows Something the user is Something the user has
• Passwords • Fingerprints Identity badges
• Hand geometry (shape and size of
• PIN numbers fingers) Physical keys
• Passphrases • Retina and iris (parts of the eye) Driver’s license
• Secret handshake • Voice
Uniform
• Handwriting
• Mother’s maiden name
• Blood vessels in the finger or
hand
• Facial features, such as nose
shape
• Keystroke dynamics
KOWLEDGE: SOMETHING YOU KNOW
• Security questions could be improved by choosing something the real user knows but
an imposter would be unlikely to know
• Email account
• From what email address you received frequent messages
• Whether you tended to send 1-10, 10-50, 50-100, or 100+ messages per day
• Whether your account was established before 2006, in 2006, in 2007, or in 2008
• When you last logged in
• When you had a gap of 7 or more days without accessing your account
• Another type of account would have asked different kinds of questions, instead of “mother’s
maiden name” that for a while seemed as if it were going to become the universal
authenticator
KOWLEDGE: SOMETHING YOU KNOW
KOWLEDGE: SOMETHING YOU KNOW
BIOMETRIC: SOMETHING YOU ARE
Biometrics
• Advantages
• Cannot be lost, stolen, forgotten, lent,
and is always available, always at hand
Biological authenticators,
based on some physical characteristic
of the human body • Several problems
• Intrusive
• Costly
• Single point of failure
• Variation reduces accuracy
• Speed limits accuracy
• False readings
• Forgeries are possible
BIOMETRIC: SOMETHING YOU ARE
False Positive or False Accept Often, reducing a false positive rate increases
false negatives, and vice versa
• A reading that is accepted when it
should be rejected The consequences for a false negative are
usually less than for a false positive
False Negative or False Reject An acceptable system may have a false
• A reading that is rejected when it positive rate of 0.001 percent but a false
negative rate of 1 percent
should be accepted
BIOMETRI
C:
SOMETHIN
G YOU ARE
BIOMETRIC: SOMETHING YOU ARE
Skimming
Penggunaan perangkat untuk menyalin data autentikasi secara
diam-diam dan digunakan untuk melakukan kejahatan.
Static tokens are most useful for onsite Dynamic token generators are useful for
authentication remote authentication, especially of a
person to a computer
TOKEN: SOMETHING YOU HAVE
Which value of n
makes n-factor authentication optimal?