常用通讯认证机制课件.ppt

User Authentication Mechanisms用户鉴别机制 Authentication鉴别 Who is who? 解决谁是谁的问题 Identifies a user or a resource 鉴别一个用户或一个资源 Establishes trust before communication can take place 在双方通信前先建立信任 Authentication Mechanisms鉴别机制 Passwords（Clear Text Passwords ） 口令(明文口令) Message digests of passwords 口令的消息摘要 Authentication Tokens 鉴别令牌 Certificate-based Authentication 基于证书的鉴别 Biometrics 生物方法 Passwords（Clear Text Passwords ） 口令(明文口令) Password Authentication – 1口令鉴别—1 Password Authentication – 2口令鉴别—2 Password Authentication – 3口令鉴别—3 Password Authentication – 4口令鉴别—4 Password Authentication – 5口令鉴别—5 Problems with the clear-text Passwords明文口令存在的问题 Database contains passwords in clear text 数据库包含明文口令 Password travels in clear text from user’s computer to the server 口令以明文的形式从用户计算机传到服务器 Message Digests of Passwords口令消息摘要 Original clear text password is never stored/transmitted 绝不存储/传输原始明文口令 Message digest of password is stored in the database, and the same is used for authentication 数据库中存储口令消息摘要，同样用其进行鉴别 Can lead to replay attacks 可能导致重放攻击 Message Digests of Passwords-1口令消息摘要-1Store message digests in the user database Message Digests of Passwords-2口令消息摘要-2User anthentication Message Digests of Passwords-3口令消息摘要-3Server-side validation The Problem of Password 口令安全问题 Authentication Tokens鉴别令牌 Authentication Token is a small device 鉴别令牌是一个小设备 Usually it has processor,LCD, battery,keypad, clock 令牌通常具有处理器、LCD、电池、小键盘、时钟等 It has a random seed which ensure to product unique output 随机种子以确保鉴别令牌产生唯一输出 Authentication Tokens-step1Creation of a token鉴别令牌-步骤1(生成令牌) Token and server are synchronized initially 令牌最初和服务器保持同步 Token generates fresh passwords periodically 令牌定期产生新的口令 Authentication Tokens-step1Creation of a token鉴别令牌-步骤1(生成令牌) Authentication Tokens-step2Use of token鉴别令牌-步骤2(使用令牌) Authentication Tokens-step3Server returns an message鉴别令牌-步骤3(服务器向用户返回消息) Authentication Token Types鉴别令牌类