User Authentication in OS Security

Problem: how does the computer know who you are?

Solution: use authentication to identify

• Something the user knows
• Something the user has
• Something the user is

This must be done before user can use the system

Important: from the computer's point of view...

• Anyone who can duplicate your ID is you
• Fooling a computer isn't all that hard...

There are two types of authentication

• External : verify the user

             Usually username/password combination
       May require two passwords or other identification

• Internal : verify the process

               Don't allow one users process to appear to be that of another user


Dealing with Passwords

Password should be memorable

• Users shouldn't need to write them down!
• Users should be able to recall them easily

Solution: use hashing to hide "real" password

• One-way function converting password to meaningless string of digits (UNIX password hash, MD5, SHA-1)
• Difficult to find another password that hashes to the same random-looking string
• Knowing the hashed value and hash function gives no clue to the original password.

Authentication using bio-metrics

Use basic body properties to prove identity

Examples include

• Fingerprints
• Voice
• Hand size
• Retina patterns
• Iris Patterns
• Facial features

Potential problems

• Duplicating the measurement
• Stealing it from its original owner?