Lecture 23: May 19, 2021

Reading: text, §13.5–13.9, 16.1
Due: Homework 4, due May 24; Lab 3, due May 26

1. Password aging
   1. Pick age so when password is guessed, it’s no longer valid
   2. Implementation: track previous passwords vs. upper, lower time bounds

2. Ultimate in aging: One-Time Password
   1. Password is valid for only one use
   2. May work from list, or new password may be generated from old by a function

3. Challenge-response systems
   1. Computer issues challenge, user presents response to verify secret information known/item possessed
   2. Example operations: f(x) = x+1, random, string (for users without computers), time of day, computer sends E(x), you answer E(D(E(x))+1)
   3. Note: password never sent over network

4. Biometrics
   1. Depend on physical characteristics
   2. Examples: pattern of typing (remarkably effective), retinal scans, etc.

5. Location
   1. Bind user to some location detection device (human, GPS)
   2. Authenticate by location of the device

6. Multi-factor authentication

7. Access Control Lists
   1. Full access control lists
   2. Abbreviations (UNIX method)

Matt Bishop Office: 2209 Watershed Sciences Phone: +1 (530) 752-8060 Email: mabishop@ucdavis.edu

ECS 135, Computer Security Version of May 20, 2021 at 11:57PM

You can also obtain a PDF version of this.